Announcement

Collapse
No announcement yet.

Transfer Domain Roles Service Disruption

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Transfer Domain Roles Service Disruption

    I've been trying to search around for the length of downtime for transferring roles to another domain controller. I'm currently looking only to transfer roles for PDC, RID and Infrastructure to another DC during the time that the current holder is being converted to a VM.

    Will I have issues if I transfer roles during business hours?

    Any help would be appreciated.
    GoogleFu is strong with this one ^

  • #2
    Re: Transfer Domain Roles, any disruption to service?

    I have never found any problems with a transfer (rather than a seizure) of FSMOs but, given choice, I would do it out of hours and reboot both DCs involved once finished
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Transfer Domain Roles, any disruption to service?

      Originally posted by stamandster View Post
      I've been trying to search around for the length of downtime for transferring roles to another domain controller. I'm currently looking only to transfer roles for PDC, RID and Infrastructure to another DC during the time that the current holder is being converted to a VM.

      Will I have issues if I transfer roles during business hours?

      Any help would be appreciated.
      How big is your forest/domain?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Transfer Domain Roles Service Disruption

        2 Parent DC's and 16 Child DC's

        Thanks!
        Last edited by stamandster; 22nd May 2009, 20:20.
        GoogleFu is strong with this one ^

        Comment


        • #5
          Re: Transfer Domain Roles Service Disruption

          Are you sure about "parent" and "child" DCs, or do you mean DCs and Member Servers?
          (or do you have multiple domains in a tree or forest?)

          In Active Directory, all Domain Controllers are equal (but some are more equal than others)
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Transfer Domain Roles Service Disruption

            Originally posted by stamandster View Post
            2 Parent DC's and 16 Child DC's

            Thanks!
            Is this a pure 2003 environment? Or a mixed mode with a combination of NT4/2000/2003 DC's?

            Comment


            • #7
              Re: Transfer Domain Roles Service Disruption

              It's a pure 2003 environment. I'm only doing the child domain roles at the moment. I'll have to do the parent domain roles too. We're in the process of moving to a virtual environment so I'd rather not virtualize the role holders.
              GoogleFu is strong with this one ^

              Comment


              • #8
                Re: Transfer Domain Roles Service Disruption

                Can you give us a diagram of your AD forest -- do you really have 16+ domains?
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Transfer Domain Roles Service Disruption

                  Originally posted by stamandster View Post
                  It's a pure 2003 environment. I'm only doing the child domain roles at the moment. I'll have to do the parent domain roles too. We're in the process of moving to a virtual environment so I'd rather not virtualize the role holders.
                  What do you mean by "parent DC's" then? As all DC's are authoritative in a Windows 2003 domain.

                  Comment


                  • #10
                    Re: Transfer Domain Roles Service Disruption

                    Ok here it goes because I think the communication is getting lost somewhere...

                    The parent domain, for sake of argument is parent.int, has two domain controllers (DC's not domains Ossian, lol). The first domain controller in the forest, for its domain, has all five roles, schema, domain naming, pdc, rid and infrastructure.

                    The child domain (and it is a child domain, not an OU), for the sake of argument is child.parent.int, and has 16 domain controllers (not member servers). One domain controller in the child domain holds three of the roles, pdc, rid and infrastructure.

                    But, alas, we're getting very OT. The only question I needed answered was if there was any disruption of service during the time that the transfer of roles takes place. I've basically come to understand it as just a pointer within the AD LDAP and then that get's replicated.

                    Scurlaruntings, I understand what you are saying but if I have to cold convert a role holding server we're going to have issues with certain things. Yes it'll allow authentication, but, that's about it.

                    There's a white paper or two out therre that talks about why it's not a good idea to shut off the roles holders but if you need to to transfer roles first before you do. I can't find it but here's a wiki on it http://en.wikipedia.org/wiki/Flexibl...ster_operation
                    Last edited by stamandster; 27th May 2009, 14:15.
                    GoogleFu is strong with this one ^

                    Comment


                    • #11
                      Re: Transfer Domain Roles Service Disruption

                      Thank you, Stamandster -- all is much clearer
                      I take it the child domain has numerous sites to warrant that many DCs?

                      I think you are correct -- no disruption of service while you transfer the FSMOs and that knowledge replicates
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Transfer Domain Roles Service Disruption

                        Yeah we have 16 sites, two that host both domains.

                        Thanks for the insight fella's!
                        Last edited by stamandster; 27th May 2009, 15:12.
                        GoogleFu is strong with this one ^

                        Comment


                        • #13
                          Re: Transfer Domain Roles Service Disruption

                          Originally posted by stamandster View Post

                          Scurlaruntings, I understand what you are saying but if I have to cold convert a role holding server we're going to have issues with certain things. Yes it'll allow authentication, but, that's about it.



                          You can do a "hot" conversion process if your using VMware converter. Iv converted DC's straight into Datastores with no issues other than having to bring to the hardware down or ensuring there on there own virtual switch so there is no interruption with your production enviroment..

                          Comment


                          • #14
                            Re: Transfer Domain Roles Service Disruption

                            Have the DC's held any of the roles?
                            GoogleFu is strong with this one ^

                            Comment


                            • #15
                              Re: Transfer Domain Roles Service Disruption

                              Originally posted by stamandster View Post
                              Have the DC's held any of the roles?
                              Yes. But cannot remember off the top of my head which of the 5. That being said if you're migrating straight into a data store with your ESX server "bridged" to your LAN and decommisioning the other server the change over should be seamless. If you keep the previous server on then of course you will have problems.

                              Comment

                              Working...
                              X