RE: [ActiveDir] When to seize FSMO roles in a Disaster

Fri, 29 Aug 2003 14:07:34 +0000

Title: When to seize FSMO roles in a Disaster
The short answer, in my opinion, is "it depends," and it depends on a bunch of things. Which FSMO services are down, and what is the estimated time to restore the DCs holding those roles? Is it impossible to restore those DCs, for whatever reason? What do you need to do from a functionality standpoint in the interim, before those FSMO role holders are back in production? You can probably go for a longer period of time without the Schema Master, Infrastructure Master, and Domain Naming Master. The RID Master and PDC emulator will likely need to come back much faster, but your environment may have unique requirements.
 
It's a good idea to do disaster recovery drills on a regular basis, so that you know what you're up against when a DC, particularly a FSMO role holder, is down. This will give you an idea of how long it takes to recover a DC, and what issues you may hit (like recovering to dissimilar hardware, or in a location with severely restricted bandwidth). Microsoft's Active Directory Disaster Recovery Whitepaper has a good discussion on the impacts of FSMO role holders being down, and what you can expect from an impact perspective.
 
http://www.microsoft.com/technet/treeview/default.asp?url="">
or
http://tinyurl.com/llc4
 
Hunter

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 7:38 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] When to seize FSMO roles in a Disaster

Background:

A company we consult for has AD implemented in three sites.  One Domain, AD is in Native Mode.  A DNS and Global Catalog server exist in each site.  Site locations are VB, NV and DC.  VB is the hub with a leased line T1 to DC and two T1s, load balanced, to NV.

VB is home location and domain controllers in VB hold all FSMO roles.  NV is semi-active production, but also established as a Disaster Recovery site in case VB goes boom! (lots of military targets in Hampton Roads).  DC is a production site.

Question is:

If something happens in VB, when does it become absolutely necessary to seize FSMO roles in NV?  I take it we would have to follow the same procedure in DC...???  I understand once the roles are seized the domain controllers that held the roles must not come back up, not an issue.

Shawn Hayes, MCSE
Sr. Network Engineer
Compass Technology Management
Sound Business Sense for IT
www.compass.net
757-226-3328

Reply via email to