According to part 1, we know that there are some situations that FSMO moving is necessary.
Specifically, in our virtual lab, the additional DC has better hardware, edge place to operate; so, we move PDC and Infrastructure OMs to this DC.
Before we go ahead, I have some good news for you.
We should feel fortunate to live in the era of virtualization.
As I mentioned, this FSMO model uses the single-master model to achieve specific purposes, and loses advantages of “multi-master.”
[00:08] Active Directory Replication Topology” – itprotoday.com
[00:33] So, I just need to do a Restore through Snapshot Manager, and this machine will act as an ADC as it should be.
However, with the virtual platform like VMware and Hyper-V, you can sleep well:
– Availability, hardware barriers: failure, maintenance, outages were yesterday.
– Scaling, single point overheads can be solved permanently/temporary with some click through the virtual manager.
Furthermore, VMware gives us a bunch of extra features about Snapshot: create a Clone machine, nested snapshots, freely backup snapshots, etc. so that you can have a machine to use with dozens of different scenarios.
And last but not least, I used this Windows Server 2012 to do the decommission demonstration in the previous episodes, so this is currently a standalone machine.
Fortunately, I take advanced of the virtual infrastructure VMware to make a snapshot when this server is still remaining as an ADC of the domain SnoOpy.com
[01:28] Should I still have a physical DC, even post-Server 2012?” – serverfault.com
[00:41] VMware snapshot” – searchvmware.techtarget.com
[01:40] You see, this ADC comes back from a bare machine!
[00:52] 10 things you shouldn’t virtualize” – techrepublic.com
[01:47] There are 3 GUI consoles to invest the whole of FSMO, however, with a single CLI tool: netdom, you can have them all in one shot!
> netdom query fsmo
[01:06] Cloning and Snapshots in VMware Workstation” – packtpub.com
To migrate the Infrastructure operation master, a domain OM, you can open up the Active Directory Users and Computers console from this ADC, so that we can process the Change procedure from Operations Masters dialog.
We can do the same with the PDC role; however, there are some situations that you must you CLI tool ntdsutil (Server Core, for example), that we used in another episode to create an AD DS snapshot.____
[02:42] > ntdsutil
>> connect to server SnoOpy-Server-2
>> transfer PDC
Confirm about “Are you sure you want the domain role of Primary Domain Controller transferred to the server “SnoOpy-Server-2”? of Role Transfer Confirmation Dialog.
And the result is returned from the command will be role ownerships of the domain, they are in a form of the LDAP namespace structure.
[03:03] LDAP Namespace Structure” – informit.com
[03:14] You can verify this transfer through the ADUC console.
Actually, there are 2 ways to move OMs: transfer and seize.
I don’t use the 2nd one, due to having an online master DC (which owns these desired roles).
In the real scenario, maybe this master faced a catastrophic problem and can’t be turned on so that we need to use the seizure procedure.
The point is, it is recommended that admins should do they best to recover that master, then do the transfer.
[03:20] Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller” – support.microsoft.com
[03:24] However, if in case the situation is out of hands.
Admins can continue to execute the seizure, and they must take care of risks: domain destruction, objects conflict, etc.
[03:22] Seizing FSMO roles from dead Windows Domain Controller” – serverfault.com
By implementing the FSMO single-master model, you prepared yourself capacities on dealing with single point failures.
Make sure you are familiar with GUI consoles, ntdsutil, netdom tools to diagnose problems quickly, though the whole of your domain infrastructure depends on these mission-critical factors.
[03:26] How to Seize a FSMO Role with NTDSUtil” – briandesmond.com
Of course, do not forget to backup domain stuff with handful tools like Windows Server Backup, Acronis Backup Advanced for Active Directory
And, as mentioned, the virtual environment’s snapshots are other kinds of convenient.
Azure Active Directory is armed from head-to-toe.
[03:29] Seizing FSMO Roles” – petri.com
Through to parts about FSMO, and in general, the series about Active Directory Domain Services Domain Controllers, you see that you can fortify the domain/forest network by simply, implement an efficient model to eliminate administrative overheads, maximize network profits, etc.
At the beginning of this series, we start with the building, now we end up with divisions, but the results still remain good :)
[03:33] Initial Synchronizations of Domain Controllers” – standalonelabs.wordpress.com
[03:44] And believe me, this stuff is not hard.
Do follow best practices, recommends, etc. and you could see how smooth degrees your network can run with.