RE: [ActiveDir] When to seize FSMO roles in a Disaster

2003-08-29 Thread Coleman, Hunter 
Title: When to seize FSMO roles in a Disaster



The short answer, in my opinion, is "it depends," and it 
depends on a bunch of things. Which FSMO services are down, and what is the 
estimated time to restore the DCs holding those roles? Is it impossible to 
restore those DCs, for whatever reason? What do you need to do from a 
functionality standpoint in the interim, before those FSMO role holders are back 
in production? You can probably go for a longer period of time without the 
Schema Master, Infrastructure Master, and Domain Naming Master. The RID Master 
and PDC emulator will likely need to come back much faster, but your environment 
may have unique requirements.
 
It's a good idea to do disaster recovery drills on a 
regular basis, so that you know what you're up against when a DC, particularly a 
FSMO role holder, is down. This will give you an idea of how long it takes to 
recover a DC, and what issues you may hit (like recovering to dissimilar 
hardware, or in a location with severely restricted bandwidth). Microsoft's 
Active Directory Disaster Recovery Whitepaper has a good discussion on the 
impacts of FSMO role holders being down, and what you can expect from an impact 
perspective.
 
http://www.microsoft.com/technet/treeview/default.asp?url="">
or
http://tinyurl.com/llc4
 
Hunter


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 7:38 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
When to seize FSMO roles in a Disaster

Background: 
A company we consult for has AD implemented in three 
sites.  One Domain, AD is in Native Mode.  A DNS and Global Catalog 
server exist in each site.  Site locations are VB, NV and DC.  VB is 
the hub with a leased line T1 to DC and two T1s, load balanced, to 
NV.
VB is home location and domain controllers in VB hold 
all FSMO roles.  NV is semi-active production, but also established as a 
Disaster Recovery site in case VB goes boom! (lots of military targets in 
Hampton Roads).  DC is a production site.
Question is: 
If something happens in VB, when does it become 
absolutely necessary to seize FSMO roles in NV?  I take it we would have to 
follow the same procedure in DC...???  I understand once the roles are seized 
the domain controllers that held the roles must not come back up, not an 
issue.
Shawn Hayes, 
MCSE Sr. 
Network Engineer Compass Technology Management Sound Business Sense for 
IT www.compass.net 
757-226-3328

[ActiveDir] When to seize FSMO roles in a Disaster

2003-08-29 Thread Shawn.Hayes 
Title: When to seize FSMO roles in a Disaster






Background:


A company we consult for has AD implemented in three sites.  One Domain, AD is in Native Mode.  A DNS and Global Catalog server exist in each site.  Site locations are VB, NV and DC.  VB is the hub with a leased line T1 to DC and two T1s, load balanced, to NV.

VB is home location and domain controllers in VB hold all FSMO roles.  NV is semi-active production, but also established as a Disaster Recovery site in case VB goes boom! (lots of military targets in Hampton Roads).  DC is a production site.

Question is:


If something happens in VB, when does it become absolutely necessary to seize FSMO roles in NV?  I take it we would have to follow the same procedure in DC…???  I understand once the roles are seized the domain controllers that held the roles must not come back up, not an issue.

Shawn Hayes, MCSE

Sr. Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757-226-3328