Poll: FSMO roles? Do you seperate yours?

Be advised that this is a public poll: other users can see the choice(s) you selected.

+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29
Windows Thread, FSMO roles should be separated across DCs in the domain? in Technical; Originally Posted by sidewinder Hmm...I always make every DC a GC, purely for the reason if theres only one and ...
  1. #16
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    606
    Thank Post
    52
    Thanked 12 Times in 12 Posts
    Rep Power
    22

    Re: FSMO roles should be separated across DCs in the domain?

    Quote Originally Posted by sidewinder
    Hmm...I always make every DC a GC, purely for the reason if theres only one and it goes belly up you will then not be able to create new objects and apparantly (this is not something ive tested) no-one can log in apart from the domain admin .
    Which isnt exactly fault tolerant, which is part of the point of having multiple DC's
    I know that that definitely isn't right as our GC was down for a few days last year and none of the end users really noticed any problems on the network.

    Multiple GCs on one physical local network will cause large amounts of unnescessary traffic as the GCs keep synchronizing. You may need more GCs in a large org with many exchange servers. One GC for every 4 Exchange servers.

  2. #17

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: FSMO roles should be separated across DCs in the domain?

    Logins still work with the GC down. You just can't add or delete objects in AD. For a small network, one GC is fine. Unless you have a split site.

  3. #18
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: FSMO roles should be separated across DCs in the domain?

    Quote Originally Posted by Geoff
    You just can't add or delete objects in AD.
    Im not sure that is neccesarily true as the GC holds a copy of all objects in the domain and a subset of other objects in a multi domain environment.
    The behaviour you describe is probably as an indirect result of other mischief elswhere.

  4. #19

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: FSMO roles should be separated across DCs in the domain?

    I was describing what happens when the GC is down.

  5. #20
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54

    Re: FSMO roles should be separated across DCs in the domain?

    Redmond says:

    General recommendations for FSMO placement
    • Place the RID and PDC emulator roles on the same domain controller. Good communication from the PDC to the RID master is desirable as downlevel clients and applications target the PDC, making it a large consumer of RIDs. It is also easier to keep track of FSMO roles if you cluster them on fewer machines.

    If the load on the primary FSMO load justifies a move, place the RID and primary domain controller emulator roles on separate domain controllers in the same domain and active directory site that are direct replication partners of each other.
    • As a general rule, the infrastructure master should be located on a nonglobal catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold. Two exceptions to the "do not place the infrastructure master on a global catalog server" rule are: • Single domain forest:

    In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
    • Multidomain forest where every domain controller in a domain holds the global catalog:

    If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.

    • At the forest level, the schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled. Additionally, the domain naming master FSMO should also be a global catalog server. Certain operations that use the domain naming master, such as creating grand-child domains, will fail if this is not the case.

    Most importantly, confirm that all FSMO roles are available using one of the management consoles (such as Dsa.msc or Ntdsutil.exe).

    More info here... http://support.microsoft.com/default...b;en-us;223346

    In short.... if you only have one domain then don't worry about it too much... as long as you know what needs to be done if (when) your PDC goes walkies!!

  6. #21

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: FSMO roles should be separated across DCs in the domain?

    OK, about the GC's
    So it wouldnt be such a huge problem is everyone could still log in
    But not being able to create objects is still a pretty big problem

    How easy would it be if your GC went down, to promote another DC to it?
    Would it be as easy as going into sites and services and making another one a GC?

  7. #22
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: FSMO roles should be separated across DCs in the domain?

    Quote Originally Posted by sidewinder
    Would it be as easy as going into sites and services and making another one a GC?
    Yes It *should* be as easy as that.

  8. #23

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: FSMO roles should be separated across DCs in the domain?

    Excellent
    Ill do some testing and then maybe go back to one GC if all goes well
    Anything to cut down on replication traffic is welcome

  9. #24

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: FSMO roles should be separated across DCs in the domain?

    If i have installed an additional DC into a single forest and single domain environment when i dcpromo the main dc will this then transfer the fsmo's or would i need to sieze the roles first. I ask this as i need to do this soon, and i have no room for downtime.

    Will downing the first DC cause a problem of no one able to log in as i will need to re-install server 2003?

    Sorry for jumping on this post but it came up just at the time i started thinking about this.

  10. #25
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: FSMO roles should be separated across DCs in the domain?

    You should always try and do everything gracefully and transfer the roles nicely first.

  11. #26

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: FSMO roles should be separated across DCs in the domain?

    Seconded.. and don't forget DHCP or any boxes with static DNS server entries that might be pointing to the original DC.

  12. #27

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: FSMO roles should be separated across DCs in the domain?

    Ok great thanks. I have backed up the dhcp db and will restore it onto the second server just before it goes down. This will be the first time i have moved a dhcp from one machine to the other.

    The DNS entries on the main server as far as i know are all dynamic. How can i tell if they are manually entered ones?

    The entries are also a bit messed up since there are entries on there from the previous domain structure (before i got here) which is one of the reasons why i am rebuilding it. Plus there are a lot of things that have been implemented and i'm not sure whether we need these.
    A fresh start is what i feel is needed.

  13. #28

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: FSMO roles should be separated across DCs in the domain?

    Hello all,

    I have been looking at restoring active directory through a non-authoratitive point and have run into a problem. I am testing this through 2 VMs in parallels on a MBP. I have backed up the system state and then down the primary DC after i have transferred the roles (i have not made the second DC a GC though) and re-installed Server 2003.

    Now i did not re-add the server to the domain as i read that it can be done on a stand-alone server on the technet site.

    So i continued to enter the directory restore mode and restored the system state, but when it asked to restart the machine all that happens is when the server should get to the server loading screen it just restarts.

    I have caught a glimpse of a blue screen once but it was so fast that i never got to read it.

    What could be the problem?

  14. #29

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: FSMO roles should be separated across DCs in the domain?

    Quote Originally Posted by eejit
    Multiple GCs on one physical local network will cause large amounts of unnescessary traffic as the GCs keep synchronizing. You may need more GCs in a large org with many exchange servers. One GC for every 4 Exchange servers.
    I know this was an old discussion but Ive just been reading on Technet about GC's and came across this link

    http://technet2.microsoft.com/Window....mspx?mfr=true

    The first paragraph says:
    "Global catalog placement requires planning except if you have a single-domain forest. In a single-domain forest, configure all domain controllers as global catalog servers. Because every domain controller stores the only domain directory partition in the forest, configuring each domain controller as a global catalog server does not require any additional disk space usage, CPU usage, or replication traffic. In a single-domain forest, all domain controllers act as "virtual global catalog servers" in that they can all respond to any authentication or service request. This special condition for single-domain forests is by design"

    So it seems multiple GC's shouldnt create any additional traffic
    Anyone else heard this advice before?

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 3
    Last Post: 4th January 2008, 08:40 AM
  2. Replies: 2
    Last Post: 31st October 2007, 02:25 PM
  3. ICT Support Dept Roles and Responsibilities
    By User3204 in forum General Chat
    Replies: 4
    Last Post: 10th October 2007, 06:46 PM
  4. 4 SIMS software support roles - various locations
    By SpecialAgent in forum Educational IT Jobs
    Replies: 0
    Last Post: 19th September 2007, 03:08 PM
  5. Transferring DHCP roles (2000)
    By mudcow007 in forum Windows
    Replies: 8
    Last Post: 13th June 2007, 09:44 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •