Any proper maintenance plan has a backout plan and a recovery plan, so I am preparing for the possibility of an unexpected problem. If I'm pulled into a dark room because something goes wrong then I should feel confident I'll leave that room with my hide mostly intact; it may be slightly singed, but I can live with that. If management isn't the reasonable type then that's a different issue.
If your philosophy is to take every proactive measure ahead of time possible, then that's fine. I just don't see the point with regards to FSMO roles when the recovery action is a relatively trivial process. This is obviously a matter of personal preference so I'm not trying to convince others to change. I just found the concept unusual so I thought I'd share. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, November 30, 2005 10:16 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] FSMO role transfer > > I would rather, as stated earlier, assess the risk and then > act appropriately. The original poster never defined > 'maintenance' in detail. > > The original post did state that the box would be down for ~2 > hours for maintenance. This is clearly more than a patch and > a reboot. We've been over that scenario and concluded that it > carries a lesser risk. > > As joe said, if the maintenance all goes badly wrong, do you > want to be pulled into a dark room and questioned as to why > you did not prepare for that eventuality? > > > neil > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] > Sent: 30 November 2005 15:29 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] FSMO role transfer > > Okay define maintenance please? > > Patching? > Service Pack? > Applying QFEs? > Performance tuning? > What? > > Is there a level of maintenance that would cause you to move > FSMO's and not? > > Like for example, if I'm patching, I've tested the patch, I'm > reasonably expecting a favorable outcome otherwise I wouldn't > be deploying, I have a backup. > > [EMAIL PROTECTED] wrote: > > > I think we've missed the essence of the original post :) > The DCs are > > not just being rebooted, they are being 'maintained' and > will be down > > for ~ 2 hours. That means to me, that either a s/w or h/w change is > > going to occur which could go horribly wrong. Faced with this > > situation, I would definitely transfer the roles. > > If the DC were merely being rebooted and nothing else is > scheduled to > > occur, I would not transfer roles. > > The above 2 scenarios are very different - if one were to perform a > > risk analysis the actions taken to mitigate those risks would be > > suitably different. > > neil > > > ---------------------------------------------------------------------- > > -- > > *From:* [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] *On Behalf Of > *David Adner > > *Sent:* 29 November 2005 23:26 > > *To:* ActiveDir@mail.activedir.org > > *Subject:* RE: [ActiveDir] FSMO role transfer > > > > I would only agree if you told me your DC's regularly fail to come > > back after a reboot. And if you did tell me that I'd have to say > > you're doing something wrong. > > I suppose I don't consider rebooting a DC to be quite the dangerous > > act as others do. To what degree is this taken? If it holds > a standard > > > Primary zone do you transfer that role, too? If it's the > PDCE of the > > forest root domain and you transfer the role, do you also > reconfigure > > the new PDCE to manually synchronize time from an authoritative > > source? I mean, if we're going to work under the assumption that a > > reboot is a regularly catastrophic causing event then it's probably > > time to switch OS's. > > Is it possible something unexpectedly horrible can happen > as part of a > > > reboot? Sure. But it better be the exception. And with > regards to FSMO > > > roles, which, barring some specific technical requirement they be > > readily available, the temporary outage of them is typically a > > transparent event and shouldn't require added > administrative overhead > > in transferring them back and forth. Accepting that a catastrophic > > event is an exception, then you follow your documented and tested > > activities to recover from that exception; ie: you seize the roles, > > restore from backup, etc. > > > > > -------------------------------------------------------------- > ---------- > > *From:* [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] *On Behalf Of *Rich > > Milburn > > *Sent:* Tuesday, November 29, 2005 4:26 PM > > *To:* ActiveDir@mail.activedir.org > > *Subject:* RE: [ActiveDir] FSMO role transfer > > > > Yeah but having "seize the FSMOs instead of moving them" as your > > fallback plan is like making sure you have a current backup in > > case "yanking the power cord instead of Start > Shutdown > > > Restart" causes file system corruption J > > > > > //------------------------------------------------------------ > ---------- > -/// > > ///Rich Milburn/// > > ///MCSE, Microsoft MVP - Directory Services/// > > Sr Network Analyst, Field Platform Development > > Applebee's International, Inc.// > > //4551 W. 107th St// > > //Overland Park//, KS 66207// > > //913-967-2819// > > > //------------------------------------------------------------ > ---------- > // > > ///"I love the smell of red herrings in the morning" - > anonymous// > > > > > > > ---------------------------------------------------------------------- > > -- > > > > *From:* [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] *On Behalf Of > > [EMAIL PROTECTED] > > *Sent:* Tuesday, November 29, 2005 11:56 AM > > *To:* ActiveDir@mail.activedir.org > > *Subject:* Re: [ActiveDir] FSMO role transfer > > > > If something went wrong you could still seize the FSMO > roles as an > > option rather than doing a transfer. Of course the > procedures for > > all of these for the 5 FSMOs should be documented just in case > > needed.. > > > > Chuck > > > > / > > > -------------------------------------------------------------- > ---------- > > *-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY > NOTICE-------* > > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this > > message or any attachments. This information is strictly > > confidential and may be subject to attorney-client > privilege. This > > message is intended only for the use of the named addressee. If > > you are not the intended recipient of this message, unauthorized > > forwarding, printing, copying, distribution, or using such > > information is strictly prohibited and may be unlawful. If you > > have received this in error, you should kindly notify the sender > > by reply e-mail and immediately destroy this message. > Unauthorized > > interception of this e-mail is a violation of federal criminal > > law. Applebee's International, Inc. reserves the right > to monitor > > and review the content of all messages sent to and from this > > e-mail address. Messages sent to or from this e-mail address may > > be stored on the Applebee's International, Inc. e-mail system./ > > > > > > > ---------------------------------------------------------------------- > > -- > > > > PLEASE READ: The information contained in this email is > confidential > > and intended for the named recipient(s) only. If you are not an > > intended recipient of this email please notify the sender > immediately > > and delete your copy from your system. You must not copy, > distribute > > or take any further action in reliance on it. Email is not a secure > > method of communication and Nomura International plc ('NIplc') will > > not, to the extent permitted by law, accept responsibility or > > liability for (a) the accuracy or completeness of, or (b) > the presence > > > of any virus, worm or similar malicious or disabling code in, this > > message or any attachment(s) to it. If verification of this > email is > > sought then please request a hard copy. Unless otherwise stated this > > email: (1) is not, and should not be treated or relied upon as, > > investment research; (2) contains views or opinions that are solely > > those of the author and do not necessarily represent those of NIplc; > > (3) is intended for informational purposes only and is not a > > recommendation, solicitation or offer to buy or sell securities or > > related financial instruments. NIplc does not provide investment > > services to private customers. Authorised and regulated by the > > Financial Services Authority. Registered in England no. 1550505 VAT > > No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, > > EC1A 4NP. A member of the Nomura group of companies. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > PLEASE READ: The information contained in this email is > confidential and intended for the named recipient(s) only. If > you are not an intended recipient of this email please notify > the sender immediately and delete your copy from your system. > You must not copy, distribute or take any further action in > reliance on it. Email is not a secure method of communication > and Nomura International plc ('NIplc') will not, to the > extent permitted by law, accept responsibility or liability > for (a) the accuracy or completeness of, or (b) the presence > of any virus, worm or similar malicious or disabling code in, > this message or any attachment(s) to it. If verification of > this email is sought then please request a hard copy. Unless > otherwise stated this email: (1) is not, and should not be > treated or relied upon as, investment research; (2) contains > views or opinions that are solely those of the author and do > not necessarily represent those of NIplc; (3) is intended for > informational purposes only and is not a recommendation, > solicitation or offer to buy or sell securities or related > financial instruments. NIplc does not provide investment > services to private customers. Authorised and regulated by > the Financial Services Authority. Registered in England no. > 1550505 VAT No. 447 2492 35. Registered Office: 1 St > Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura > group of companies. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
