Create your WindowsTechno Community account. It’s free and only takes a minute.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
retiring DC that holds all FSMO – what roles to transfer first
I’m going to demote our 2012r2 DC which currently holds all FSMO roles. no rush on this project, so which roles are least impactful/risky to transfer to another DC (2019) ? I think PDC is the most risky, as the DC to be retired is the main source of time for our entire network. can I transfer all other roles with little to no risk?
thanks
No real risk. Just verify where you want your roles to be. Although it is **perfectly fine** to have all the roles on one DC, I tend to not to, because I work in environments that have a lot of crap on them such as:
1. LDAP integration with applications, like Cisco firewalls with their identity piece.
2. Azure AD Connect
3. SSO type activities
4. Domain/forest trusts.
Depending on the DC’s that I have, I try not to put roles on a DC that is handling a lot of non user authentication traffic. I try to leave the best provisioned one (if they are all different) to just handle that stuff with no roles. Schema master and Infrastructure master can go pretty much anywhere, they don’t get smashed very hard for their role. I put the PDC emulator on which ever DC has the best network connectivity (again, if there is a lot of variance there), since it’s the authoritative one.