Title: When to seize FSMO roles in a Disaster
The short answer, in my opinion, is "it depends," and it
depends on a bunch of things. Which FSMO services are down, and what is the
estimated time to restore the DCs holding those roles? Is it impossible to
restore those DCs, for whatever reason? What do you need to do from a
functionality standpoint in the interim, before those FSMO role holders are back
in production? You can probably go for a longer period of time without the
Schema Master, Infrastructure Master, and Domain Naming Master. The RID Master
and PDC emulator will likely need to come back much faster, but your environment
may have unique requirements.
It's a good idea to do disaster recovery drills on a
regular basis, so that you know what you're up against when a DC, particularly a
FSMO role holder, is down. This will give you an idea of how long it takes to
recover a DC, and what issues you may hit (like recovering to dissimilar
hardware, or in a location with severely restricted bandwidth). Microsoft's
Active Directory Disaster Recovery Whitepaper has a good discussion on the
impacts of FSMO role holders being down, and what you can expect from an impact
perspective.
http://www.microsoft.com/technet/treeview/default.asp?url="">
or
http://tinyurl.com/llc4
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 7:38
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
When to seize FSMO roles in a Disaster
Background:
A company we consult for has AD implemented in three
sites. One Domain, AD is in Native Mode. A DNS and Global Catalog
server exist in each site. Site locations are VB, NV and DC. VB is
the hub with a leased line T1 to DC and two T1s, load balanced, to
NV.
VB is home location and domain controllers in VB hold
all FSMO roles. NV is semi-active production, but also established as a
Disaster Recovery site in case VB goes boom! (lots of military targets in
Hampton Roads). DC is a production site.
Question is:
If something happens in VB, when does it become
absolutely necessary to seize FSMO roles in NV? I take it we would have to
follow the same procedure in DC...??? I understand once the roles are seized
the domain controllers that held the roles must not come back up, not an
issue.
Shawn Hayes,
MCSE Sr.
Network Engineer Compass Technology Management Sound Business Sense for
IT www.compass.net
757-226-3328