Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 08/04/04
- Next message: Jerold Schulman: "Re: exporting information from active directory"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Next in thread: Ryan: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Reply: Ryan: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 4 Aug 2004 13:49:28 -0400
Forgot about the trusts...
What type of trust relationship is it? Is it between another WIN2000
forest? or between a WINNT 4.0 domain?
In a WIN2000 Interforest or WINNT 4/WIN2000 trusts you are usually using
NetBIOS communication. Since you did not mention anything about any WINS
Servers I will assume that you are using LMHOSTS files. You normally would
put this on the WINNT 4.0 PDC and the WIN2000 Domain Controller that holds
the FSMO Role of PDC Emulator. Since this will be changing ( possibly ) you
would need to update the LMHOSTS file on the WINNT 4.0 PDC....as well as
make sure that you either copy over the existing LHMOSTS to the PDC Emulator
or create a new one ( but why do that )...
HTH,
Cary
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%23NSi$okeEHA.3916@TK2MSFTNGP11.phx.gbl...
> Ryan,
>
> I would cut to the chase and make DC2 and DC3 a Global Catalog Server. I
> would transfer roles to either DC2 or DC3. If you were to transfer roles
to
> multiple DCs then I would transfer the Schema Master and Domain Naming
> Master to the same DC and the PDC Emulator, RID Master and Infrastructure
> Master to the other one ( you always want to keep the PDC Emulator and RID
> Master on the same DC ). You can run 'netdom query fsmo' on each DC to
make
> sure that it knows of the changes. BTW - replmon will also do this for
you.
>
> I would then stop all of the Exchange related services on DC1 and dcpromo
it
> so that you do not have Exchange 2000 running on a Domain Controller ( it
> would now be a Member Server ). This just complicates things as far as
> Disaster Recovery is concerned. Since you have multiple DCs I would
> consider this...
>
> dcdiag and netdiag would be good utilities to run. I would also look at
> repadmin and replmon. All four will provide you with a clear picture.
Not
> sure how you would use ntdsutil in this situation. I am probably
forgetting
> one of the utilities that it does...I would do all of this before you
start
> this undertaking so that you are able to clean up anything that might be
> awry. You do not want to start all of this if there are errors.
>
> To check on DNS ( good thinking ) I might go with the ole standby:
nslookup.
> You could also use dnslint, but I think that nslookup will be your biggest
> help. BTW - you did not specify where your internal DNS Servers are? Are
> you running DDNS on the Domain Controllers?
>
> You do not always need to restart a Domain Controller once you have made
it
> a Global Catalog server. However, it might not be a bad idea to do it
> anyway. Naturally, this is horrible advice if you are doing it at 10:30
AM
> and probably not so bad if you are doing it at 10:30 PM. Or whenever a
> server reboot is not going to disrupt your user base.
>
> dsaccess would be a good utility to run to make sure that you should not
> have any problems with your Outlook clients.
>
> Please do not forget to make any appropriate changes on your DHCP Server
so
> that your clients have the correct infor...
>
> Going to take our son to the park with the Mrs...children are such a
> wonderful part of life!
>
> Cary
>
>
> "Ryan" <ryanrhyme@excite.com> wrote in message
> news:e$ALnogeEHA.3792@TK2MSFTNGP09.phx.gbl...
> > Hi guys,
> >
> > I'm planning to transfer all the 5 FSMO roles to another DC. My
current
> > scenario: single domain with 3 DCs. Note: There is another domain that
> > tusted with our domain.
> >
> > Currently, we have 1 GC that holds the FSMO Roles (DC1). DC1 is also
> the
> > exchange server, we decided to change the roles to another DC (DC2) to
> > reduce the workload of DC1.
> >
> > Expected outcome:
> >
> > 3 DC in the domain, 2 GC (DC1 and DC2) and change FSMO roles from DC1 to
> > DC2.
> >
> > My plan is (please correct me if I'm wrong):
> >
> > 1) Run DCDIAG, NETDIAG, NTDSUTIL and AD Replication Monitor and clear
any
> > error found (Is there other tools I can use to check the AD consistency?
> Bad
> > DNS always relate to AD problem, how to make sure my DNS is running
well?)
> >
> > 2) Enable DC2 as GC, restart the DC2 and wait for some time for DC2 to
> > publish itself as GC (how long should this be?)
> >
> > 3) Check for event 1119, run repadmin /showrep, repdamin /showconn, use
> > DSDIAG to view cached server list by DSACCESS. Test Exchange & Network
> > client connections.
> >
> > 4) Do the 5 role transfer (because this step is quite straightforward
and
> > has no progress stated, do I need to restart the new Operation Master
> server
> > (D2) after changing the role, will this cause any problem? I think the
> > server should be kept alive for proper synchronization, how long should
I
> > wait until I start diagnosing the AD condition? Any tool recommended? Do
I
> > need to "push" replication at this stage?).
> >
> > ** Since there's another trusted domain available, any things I need to
be
> > aware in order not to temper the trust relationship? **
> >
> >
> >
> > Best regards,
> >
> > Ryan
> >
> >
>
>
- Next message: Jerold Schulman: "Re: exporting information from active directory"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Next in thread: Ryan: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Reply: Ryan: "Re: Standard Procedure for transferring FSMO roles (PLEASE COMMENT)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
