With the proviso that it's "easier to keep track of FSMO roles if you host them on fewer machines."
2010/4/21 Damien Solodow <[email protected]> > It depends on your environment. If you have a single domain forest, and all > of your DCs are GCs, it doesn’t matter where the FSMO roles are. > > > > *From:* Christopher Bodnar [mailto:[email protected]] > *Sent:* Wednesday, April 21, 2010 10:13 AM > > *To:* NT System Admin Issues > *Cc:* NT System Admin Issues > > *Subject:* Re: Domain controllers, what is supposed to happen. > > > > Sorry but I have to disagree with you. I believe the recommendation of the > article is to divide the FSMO roles, giving guidance on how to do that. > > > Chris Bodnar, MCSE > Systems Engineer > Distributed Systems Service Delivery - Intel Services > Guardian Life Insurance Company of America > Email: [email protected] > Phone: 610-807-6459 > Fax: 610-807-6003 > > > > From: Andrew Levicki <[email protected]> > To: "NT System Admin Issues" <[email protected] > > > Date: 04/21/2010 10:06 AM > Subject: Re: Domain controllers, what is supposed to happen. > ------------------------------ > > > > > Hi Mark, > > Have a read of this and see what you think: > http://support.microsoft.com/kb/223346 > > You're not the first person I've encountered who thinks that about FSMO > roles but I think Microsoft are pretty clear on this one. > > I'd probably rip WINS out if it's not needed, by the way. > > Cheers, > > Andrew > > 2010/4/21 Reimer, Mark <[email protected]> > I thought I read somewhere (this is years ago), that FSMO roles should be > split, with some qualifications (some FSMO roles had to be connected > together on the same machine). > > > > DHCP is from server2 (yes, one of the DC’s). > > > > WINS. Not sure if there is a real requirement. > > > > Not sure if a reboot was done. I’ll check with the user today. > > > > Thanks for the advice/comments. > > > > Mark > > > > *From:* Andrew Levicki [mailto:[email protected]] * > Sent:* Wednesday, April 21, 2010 7:40 AM > > * > To:* NT System Admin Issues* > Subject:* Re: Domain controllers, what is supposed to happen. > > > > Hi Mark, > > > > I have a couple of questions if you don't mind. Firstly why have you split > the FSMO roles out on to two different domain controllers? It's not that > it's wrong or anything, it's just simpler (and Microsoft's recommendation) > to keep them all on one domain controller unless there is a specific need to > do otherwise. > > > > Secondly, which server(s) is/are your DHCP server? Another server right? > Not one of the domain controllers? > > > > Thirdly, what is your requirement for WINS, out of interest? > > > > To answer your questions, yes the DNS/WINS services on the remaining domain > controller should have fulfilled client requests, so I would certainly look > into why that didn't happen. Did anyone try rebooting their PCs, as that may > have helped? > > > > If you had been unable to get Server1 running again then yes you would have > had to seize the domain-wide FSMO roles (RIP) from Server1 on to Server2 and > modify your DNS/WINS. But don't try and bring Server1 back up at this point > ("Then work on getting Server1 running again, or replacing it."), you must > rebuild or replace it. > > > > Regards, > > > > Andrew > > > > > > On 21 April 2010 22:14, Reimer, Mark <[email protected]> wrote: > > Sorry, long email. > > > > Windows 2003 Native Domain, two domain controllers, server1 and server2. > Workstations are primarily XP, some Windows 7. Other servers (file server, > email etc) are all Windows 2003. We have about 150 workstations. > > > > We have AD DNS, and WINS. Server1 has FSMO roles Infrastructure Master, PDC > Emulator, RID Master. Server2 has FSMO roles Domain Naming Master, Schema > Master. Both are GC’s. > > > > In the DHCP settings workstations get both server’s IP’s as DNS. Server2 is > listed first, then server1. Primary WINS server is server1, secondary is > Server2. > > > > Last night Server1 went down. It was off hours, but I got a call from some > late night worker (using XP), saying they couldn’t do anything. Couldn’t > reach any of the servers, or internet. I was able to get the server going > again (bad memory chip, so I just took it out). > > > > I thought that if one server went down, the DNS/WINS look up would go to > the other server. But it might be slower (note, I didn’t try any of this, > just going on what the user said). Comments? > > > > If I didn’t get Server1 running again, what should I have done? I assume I > should do the following. > > > > 1. Seize the FSMO roles from server1, and put them on server2. > > 2. Change DHCP so Primary WINS server is server2. Maybe even take > out Server1 as DNS/WINS possibilities. > > > > Then work on getting Server1 running again, or replacing it. > > > > Did I miss anything? > > > > Thanks for any help and insight you can give. > > > > Mark > > > > > > > > > > > > > -- > > Kind regards, > > Andrew Levicki > ルビッキー アンドルュー > Microsoft Certified Technology Specialist on Windows 7 > MCITP Enterprise Administrator on Windows Server 2008 > MCITP Enterprise Messaging Administrator on Exchange Server 2007 > Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 > Cisco Certified Network Associate (CCNA) > ITILv3 > > > > > > > > > > > > > -- > Kind regards, > > Andrew Levicki > ルビッキー アンドルュー > Microsoft Certified Technology Specialist on Windows 7 > MCITP Enterprise Administrator on Windows Server 2008 > MCITP Enterprise Messaging Administrator on Exchange Server 2007 > Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 > Cisco Certified Network Associate (CCNA) > ITILv3 > > > > > > ----------------------------------------- This message, and any attachments > to it, may contain information that is privileged, confidential, and exempt > from disclosure under applicable law. If the reader of this message is not > the intended recipient, you are notified that any use, dissemination, > distribution, copying, or communication of this message is strictly > prohibited. If you have received this message in error, please notify the > sender immediately by return e-mail and delete the message and any > attachments. Thank you. > > > > > > > > > > -- -- Kind regards, Andrew Levicki ルビッキー アンドルュー Microsoft Certified Technology Specialist on Windows 7 MCITP Enterprise Administrator on Windows Server 2008 MCITP Enterprise Messaging Administrator on Exchange Server 2007 Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 Cisco Certified Network Associate (CCNA) ITILv3 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
