RE: [ActiveDir] FSMO role transfer

[AD]

Sorry I had to express myself here. Love the analogy. Well said. From: joe Sent: Tue 29/11/2005 9:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer Actually I make all DCs that have a possibility of being the forest root PDC synchronize from an external source. I haven't ever run DNS on DCs so I can't say anything to that, however if I did, I might consider it.   There really is nothing to moving FSMO roles. Have you had a FSMO role move failure that makes you giddy about them? I was serious when I said that moving the roles was a 5 second operation.   It doesn't take regular failures (hardware, software, or other) to have one just occur at any random time. It is just like house insurance, you don't buy it because you want to use it or even expect to use it, you buy it to cover you in the event something does happen. Everyone has to make a judgement call as to whether the insurance costs outweigh the impact of whatever it is the insurance protects against. Moving FSMO roles would be insurance, the thing it is protecting against is the possibility of some dorked up issue coming up when the server is going down or coming up or if it doesn't come up at all. If you use the manual steps, the overhead is minutes, if you use scripts the overhead is seconds. That is better than the pennies a day used to sell people on other insurance.   I would be afraid if my customers were so weak on procedure that moving a FSMO role was considered hard or dangerous.   Obviously this is something that everyone is going to have different feelings on. I certainly don't care what people do on their owns, my process and what I recommend is to move the roles. I much rather move roles than seize them. Seizing is when I get concerns such as RID pools and now you are locked into what you are doing with the offline DC.   Overall I would say that a vast majority of the reboots and maintanence work I have done didn't appear after the fact to need the FSMO move. But I figure the few minutes spent over the years wasn't an excessive administrative cost to do the FSMO moves.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Tuesday, November 29, 2005 6:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer I would only agree if you told me your DC's regularly fail to come back after a reboot.  And if you did tell me that I'd have to say you're doing something wrong.   I suppose I don't consider rebooting a DC to be quite the dangerous act as others do.  To what degree is this taken?  If it holds a standard Primary zone do you transfer that role, too?  If it's the PDCE of the forest root domain and you transfer the role, do you also reconfigure the new PDCE to manually synchronize time from an authoritative source?  I mean, if we're going to work under the assumption that a reboot is a regularly catastrophic causing event then it's probably time to switch OS's.   Is it possible something unexpectedly horrible can happen as part of a reboot?  Sure.  But it better be the exception.  And with regards to FSMO roles, which, barring some specific technical requirement they be readily available, the temporary outage of them is typically a transparent event and shouldn't require added administrative overhead in transferring them back and forth.  Accepting that a catastrophic event is an exception, then you follow your documented and tested activities to recover from that exception; ie: you seize the roles, restore from backup, etc. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Tuesday, November 29, 2005 4:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer Yeah but having “seize the FSMOs instead of moving them” as your fallback plan is like making sure you have a current backup in case “yanking the power cord instead of Start > Shutdown > Restart” causes file system corruption J   ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- ”I love the smell of red herrings in the morning” - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 11:56 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] FSMO role transfer   If something went wrong you could still seize the FSMO roles as an option rather than doing a transfer.  Of course the procedures for all of these for the 5 FSMOs should be documented just in case needed..    Chuck   -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.