Support Portal

Move of Active Directory FSMO Roles

In a brownfield domain join scenario, where the Zynstra server is joining an existing AD domain, the 5 FSMO roles will be gracefully moved to the virtual DC on the Zynstra server after the Zynstra DC has been promoted as another DC. (In a greenfield, or newly created domain scenario, the 5 FSMO roles are automatically on the Zynstra DC when the domain is first created).

The FSMO transfer operation to the Zynstra Windows Server 2012R2 DC creates certain AD structures that are otherwise missing if the most recent extant DC version is 2003. Most customers generally want the FSMO roles on the managed and monitored Zynstra DC.

The following points are also worth bearing in mind in relation to FSMO:

  • The 5 FSMO roles do quite different things (and some essentially do nothing in single domain forests) and so splitting across DCs, especially in smaller ADs, does not give resilience and is not generally MS best practice.
  • For standard setups, the MS best practice is to have all on your most reliable DC (most resilient, monitored etc).
  • Success or failure of the FSMO transfer should not be service affecting, even if it fails, since the move is a graceful transfer (if possible) not a seize operation.
  • The Zynstra DC does not need to hold them permanently (though it is probably recommended, as per the above) and they can be transferred straight back - the act of transfer creates the necessary AD structures in a one-time operation.
Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request