Domain Controller(s) Situation

-

i started new job there native windows 2003 domain environment.  there 3 domain controllers here, different versions of windows os: 

server 1 = windows server 2003 standard w/sp2 (the w2k3 dc)

server 2 = windows server 2008 standard w/sp2

server 3 = windows server 2008 r2 standard w/no sp

all fsmo roles reside on server 2, , each of 3 servers global catalog server.  admin no longer works here tried spread fsmo roles among other servers , caused evening of headaches in doing so.  roles put onto server 2 result.  don't have specifics on what roles tried move or server(s) targets.    things seem running ok in current state, i'm concerned having fsmo roles on 1 box and, of course, don't want replicate former admin's mistake if try move roles around.  of lesser concern read indicating infrastructure master should not gcs.

so best approach me take in trying spread fsmo roles around?  possibilities i've thought of include:

1.  spin windows 2008 dc, demote windows 2003 server dc status, raise domain functional level 2008 , spread roles around;

2.  leave alone , hope current fsmo server doesn't crash;

3. spin more windows 2003 dcs , rid of w2k8 dcs;

4. ????

 

 

 

you can see current fsmo role details using netdom query fsmo command.

regarding fsmo optimization, review following article “carefully”

http://support.microsoft.com/kb/223346

legacy guidance suggests placing the infrastructure master on non-global catalog server. there 2 rules consider:

o   single domain forest:

in forest contains single active directory domain, there no phantoms. therefore, infrastructure master has no work do. infrastructure master may placed on domain controller in domain, regardless of whether domain controller hosts global catalog or not.

o   multidomain forest:

if every domain controller in domain part of multidomain forest hosts global catalog, there no phantoms or work infrastructure master do. infrastructure master may put on domain controller in domain. in practical terms, administrators host global catalog on every domain controller in forest.

o   if every domain controller in given domain located in multidomain forest not host global catalog, infrastructure master must placed on domain controller not host global catalog.

 

santhosh sivarajan | mcts, mcse (w2k3/w2k/nt4), mcsa (w2k3/w2k/msg), ccna, network+| houston, tx
blogs - http://blogs.sivarajan.com/

facebook twitter linkedin ss tech forum

posting provided no warranties,and confers no rights.


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more