Quoting the article:
General recommendations for FSMO placement ・ Place the RID and PDC emulator roles on the same domain controller. It is also easier to keep track of FSMO roles if you host them on fewer machines. If the load on the primary FSMO load justifies a move, place the RID and primary domain controller emulator roles on separate domain controllers in the same domain and active directory site that are direct replication partners of each other. ・ As a general rule, the infrastructure master should be located on a nonglobal catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold. Two exceptions to the "do not place the infrastructure master on a global catalog server" rule are: o Single domain forest: In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not. o Multidomain forest where every domain controller in a domain holds the global catalog: If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain. ・ At the forest level, the schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled. Additionally, the domain naming master FSMO should also be a global catalog server. Certain operations that use the domain naming master, such as creating grand-child domains, will fail if this is not the case. In a forest at the Forest Functional Level Windows Server 2003, you do not have to place the domain naming master on a global catalog. Most importantly, confirm that all FSMO roles are available using one of the management consoles (such as Dsa.msc or Ntdsutil.exe). Sean Rector, MCSE From: Andrew Levicki [mailto:[email protected]] Sent: Wednesday, April 21, 2010 10:26 AM To: NT System Admin Issues Subject: Re: Domain controllers, what is supposed to happen. OK, well you go right ahead and split them out if you think that's what the article recommends. 2010/4/21 Sherry Abercrombie <[email protected]> I dunno, that whole section about placement of FSMO roles..... 2010/4/21 Andrew Levicki <[email protected]> Where does it say that? 2010/4/21 Christopher Bodnar <[email protected]> Sorry but I have to disagree with you. I believe the recommendation of the article is to divide the FSMO roles, giving guidance on how to do that. Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 From: Andrew Levicki <[email protected]> To: "NT System Admin Issues" <[email protected]> Date: 04/21/2010 10:06 AM Subject: Re: Domain controllers, what is supposed to happen. ________________________________ Hi Mark, Have a read of this and see what you think: http://support.microsoft.com/kb/223346 <http://support.microsoft.com/kb/223346> You're not the first person I've encountered who thinks that about FSMO roles but I think Microsoft are pretty clear on this one. I'd probably rip WINS out if it's not needed, by the way. Cheers, Andrew 2010/4/21 Reimer, Mark <[email protected] <mailto:[email protected]> > I thought I read somewhere (this is years ago), that FSMO roles should be split, with some qualifications (some FSMO roles had to be connected together on the same machine). DHCP is from server2 (yes, one of the DC’s). WINS. Not sure if there is a real requirement. Not sure if a reboot was done. I’ll check with the user today. Thanks for the advice/comments. Mark From: Andrew Levicki [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, April 21, 2010 7:40 AM To: NT System Admin Issues Subject: Re: Domain controllers, what is supposed to happen. Hi Mark, I have a couple of questions if you don't mind. Firstly why have you split the FSMO roles out on to two different domain controllers? It's not that it's wrong or anything, it's just simpler (and Microsoft's recommendation) to keep them all on one domain controller unless there is a specific need to do otherwise. Secondly, which server(s) is/are your DHCP server? Another server right? Not one of the domain controllers? Thirdly, what is your requirement for WINS, out of interest? To answer your questions, yes the DNS/WINS services on the remaining domain controller should have fulfilled client requests, so I would certainly look into why that didn't happen. Did anyone try rebooting their PCs, as that may have helped? If you had been unable to get Server1 running again then yes you would have had to seize the domain-wide FSMO roles (RIP) from Server1 on to Server2 and modify your DNS/WINS. But don't try and bring Server1 back up at this point ("Then work on getting Server1 running again, or replacing it."), you must rebuild or replace it. Regards, Andrew On 21 April 2010 22:14, Reimer, Mark <[email protected] <mailto:[email protected]> > wrote: Sorry, long email. Windows 2003 Native Domain, two domain controllers, server1 and server2. Workstations are primarily XP, some Windows 7. Other servers (file server, email etc) are all Windows 2003. We have about 150 workstations. We have AD DNS, and WINS. Server1 has FSMO roles Infrastructure Master, PDC Emulator, RID Master. Server2 has FSMO roles Domain Naming Master, Schema Master. Both are GC’s. In the DHCP settings workstations get both server’s IP’s as DNS. Server2 is listed first, then server1. Primary WINS server is server1, secondary is Server2. Last night Server1 went down. It was off hours, but I got a call from some late night worker (using XP), saying they couldn’t do anything. Couldn’t reach any of the servers, or internet. I was able to get the server going again (bad memory chip, so I just took it out). I thought that if one server went down, the DNS/WINS look up would go to the other server. But it might be slower (note, I didn’t try any of this, just going on what the user said). Comments? If I didn’t get Server1 running again, what should I have done? I assume I should do the following. 1. Seize the FSMO roles from server1, and put them on server2. 2. Change DHCP so Primary WINS server is server2. Maybe even take out Server1 as DNS/WINS possibilities. Then work on getting Server1 running again, or replacing it. Did I miss anything? Thanks for any help and insight you can give. Mark -- Kind regards, Andrew Levicki ルビッキー アンドルュー Microsoft Certified Technology Specialist on Windows 7 MCITP Enterprise Administrator on Windows Server 2008 MCITP Enterprise Messaging Administrator on Exchange Server 2007 Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 Cisco Certified Network Associate (CCNA) ITILv3 -- Kind regards, Andrew Levicki ルビッキー アンドルュー Microsoft Certified Technology Specialist on Windows 7 MCITP Enterprise Administrator on Windows Server 2008 MCITP Enterprise Messaging Administrator on Exchange Server 2007 Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 Cisco Certified Network Associate (CCNA) ITILv3 ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. -- Kind regards, Andrew Levicki ルビッキー アンドルュー Microsoft Certified Technology Specialist on Windows 7 MCITP Enterprise Administrator on Windows Server 2008 MCITP Enterprise Messaging Administrator on Exchange Server 2007 Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 Cisco Certified Network Associate (CCNA) ITILv3 -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke -- Kind regards, Andrew Levicki ルビッキー アンドルュー Microsoft Certified Technology Specialist on Windows 7 MCITP Enterprise Administrator on Windows Server 2008 MCITP Enterprise Messaging Administrator on Exchange Server 2007 Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 Cisco Certified Network Associate (CCNA) ITILv3 Virginia Opera's 35th Anniversary Season ends with America's favorite, The Gershwins' Porgy and BessSM 2010-2011 subscriptions are on sale now! Featuring: Rigoletto | Cosi Fan Tutte | The Valkyrie | Madama Butterfly Visit us online at www.VaOpera.org or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama. -------------------------------------------------------------------------------- This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
