FSMO RULES

[rotomme]

Hello,
I am currently building two domain contollers to take the place of the old ones I have. I know I need to tranfer FSMO rules and DHCP is there anything else?

Can I transfer FSMO rules in an active environment during the day? Or does it have to be an off hours project? It doesn't seem that complicated but I just want to be sure I am not missing any steps.

Any remarks or advise is greatly appreciated.

 

[LWComputingMVP]

Don't forget about DNS and the Global Catalog.

-Lee

Those who ask why, learn

http://www.lwcomputing.com

 

[rotomme]

Doesn't DNS replicate and Global Catalog?

 

[LWComputingMVP]

DNS and the global catalog are two different things.

-Lee

Those who ask why, learn

http://www.lwcomputing.com

 

[rotomme]

Doesn't DNS replicate and Global Catalog?

 

[rotomme]

I know that they are separate, but dont they replicate to the knew domain controllers where the FSMO rules you need to move manually?

 

[LWComputingMVP]

Where did you ever hear that? They are two different things. DNS handles name resolution and services lookups. The Global Catalog handles authentication and other related AD services. It's like a quick reference guide to AD.

-Lee

Those who ask why, learn

http://www.lwcomputing.com

 

[LWComputingMVP]

No, the FSMO roles are another set of Active Directory services. They are linked together in that they are all needed to work properly, but changing one does not change the others.

-Lee

Those who ask why, learn

http://www.lwcomputing.com

 

[rotomme]

I am not being clear I apologize. What I meant to say is DNS replicates to the new server and I thought that Global Catalog did too. Where as the FSMO rules you need to change manually right?

 

[LWComputingMVP]

DNS does not replicate to the new server unless it's Active Directory integrated AND you install the DNS service. You must configure a server as a global catalog server in Active Directory Sites and Services - otherwise, it doesn't replicate or move itself. The global catalog, because of what it is, CAN be created off a system without another GC around, but strictly speaking, it is not automatically created except on the very first DC you setup in a domain.

-Lee

Those who ask why, learn

http://www.lwcomputing.com

 

[pagy]

How to transfer FSMO roles;

http://www.petri.co.il/transferring_fsmo_roles.htm

You can do this at any time

Move DHCP database;

http://support.microsoft.com/kb/325473

As has been said above DNS will only replicate between domain controllers if your DNS is active directory integrated and you have installed the DNS server role on your DCs either through manager your server or add/remove windows components. To check if your DNS zones are AD integrated open the DNS console and right click your zone and go to properties - look at the general tab. If its AD integrated then Type will say Active Directory-Integrated.

By default the first domain controller you build for a new domain is a global catalog, after that you have to manually assign servers as global catalogs through sites and services as LWComputingMVP explained. If you have a single domain environment best practice dictates that all domain controllers are global catalogs.

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams