Transfer IM to a GC server

[Guest]

What's the consequences of transferring an infrastructure master role to a server that is already a GC? This GC is also the RID Master as well as a PDC Emulator. We are transferring the role because the server needs to be retired. Thank

Ed

 

[Herb Martin]

What's the consequences of transferring an infrastructure master role to a

server that is already a GC? This GC is also the RID Master as well as a
PDC Emulator. We are transferring the role because the server needs to be
retired. Thanks

In a multi-domain forest they should be separated.

If not, when you rename objects on one domain the
references held by the IM's (on a GC) domain will
not get the update.

It will work but show the OLD NAME.

GC, RID, PDC Em are fine together.

IM with GC is ok if there is only ONE domain in the
forest.

 

[Chriss3]

Herb Martin if all Domain Controllers are GCS in your infrastructure there
is no updates to do and then the roles also are compatible. That's not a
common scenario but can be in a small domain tree.

 

[Guest]

Thanks for the reply! We have 1 forest with 4 child domains. Each child domain has 2 DCs each, one DC is placed at our central colocation in San Jose, and one DC at the geographic location, for a total of 10 DCs. I'm basically doing cleanup for a previous employee that set this up
What is the best practice for placing the FSMO roles in this configuration
Can each child domain have more than 1 GC
Should I place the IM at the local DC and the rest of the roles at the colocation DCs

Thanks for any help

E

----- Herb Martin wrote: ----

What's the consequences of transferring an infrastructure master role to

server that is already a GC? This GC is also the RID Master as well as
PDC Emulator. We are transferring the role because the server needs to b
retired. Thank

In a multi-domain forest they should be separated

If not, when you rename objects on one domain th
references held by the IM's (on a GC) domain wil
not get the update

It will work but show the OLD NAME

GC, RID, PDC Em are fine together

IM with GC is ok if there is only ONE domain in th
forest

 

[Herb Martin]

Herb Martin if all Domain Controllers are GCS in your infrastructure there
is no updates to do and then the roles also are compatible. That's not a
common scenario but can be in a small domain tree.

Most DCs can be GCs in all but 'huge' forests.

All DCs can be GCs in single domain forests.

At least one DC per domain must NOT be a GC in
a multi-domain forest

IM wont' work if it's on a GC, and the IM is mildly
important when you have multiple domains in the forest.

 

[Herb Martin]

Thanks for the reply! We have 1 forest with 4 child domains. Each child

domain has 2 DCs each, one DC is placed at our central colocation in San
Jose, and one DC at the geographic location, for a total of 10 DCs. I'm
basically doing cleanup for a previous employee that set this up.

What is the best practice for placing the FSMO roles in this configuration?


Can each child domain have more than 1 GC?

From a 'design perspective' domains dont have GCs,
the FOREST has them.

Technically a GC must run on SOME DC (from some
domain) but think of it as a forest job -- it is.

You need one or two GCs per site (more in some large
system performance situations like Exchange Server.)

IM must not be a GC if you have multiple domains.

Keep the Schema Master, Domain Naming Master and
a GC together (root forest domain.)

Should I place the IM at the local DC and the rest of the roles at the

colocation DCs?

The IM can technically be anywhere, usually kept with the
PDC Emulator/RID master unless that is a GC.

 

[Guest]

Herb, thanks for the reply - excellent information by the way. Your response brings up more questions. I DO have exchange servers but only in the root forest domain, not in any child domains. Does that mean i only need 2 GCs placed on the top level DCs and no GCs in the child domains? The child domains only need to have IM, RID, and PDC roles and NO GC role? Thanks

E

----- Herb Martin wrote: ----

Thanks for the reply! We have 1 forest with 4 child domains. Each chil

domain has 2 DCs each, one DC is placed at our central colocation in Sa
Jose, and one DC at the geographic location, for a total of 10 DCs. I'
basically doing cleanup for a previous employee that set this up

What is the best practice for placing the FSMO roles in thi configuration


Can each child domain have more than 1 GC

From a 'design perspective' domains dont have GCs
the FOREST has them

Technically a GC must run on SOME DC (from som
domain) but think of it as a forest job -- it is

You need one or two GCs per site (more in some larg
system performance situations like Exchange Server.

IM must not be a GC if you have multiple domains

Keep the Schema Master, Domain Naming Master an
a GC together (root forest domain.

Should I place the IM at the local DC and the rest of the roles at th

colocation DCs

The IM can technically be anywhere, usually kept with th
PDC Emulator/RID master unless that is a GC

 

[Jimmy Andersson [MVP]]

If every DC in all the domains hosts the GC there are no phantoms or work
for the IM which makes it ok to host the IM any DC even if it's a GC.

Regards,
/Jimmy

 

[Jimmy Andersson [MVP]]

You will need GCs in the child domains to enumerate UGs.
Another thing is that many applications will try to connect to port 3268
which is the GC port. So in other words I would have at least on GC in each
domain.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------

Herb, thanks for the reply - excellent information by the way. Your

response brings up more questions. I DO have exchange servers but only in
the root forest domain, not in any child domains. Does that mean i only
need 2 GCs placed on the top level DCs and no GCs in the child domains?
The child domains only need to have IM, RID, and PDC roles and NO GC role?
Thanks.

 

[Jimmy Andersson [MVP]]

Totally agree on that!

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------

If every DC in all the domains hosts the GC there are no phantoms or work
for the IM which makes it ok to host the IM any DC even if it's a GC.

Sounds right. It seems to be essentially the
same situation as is found in a "single domain
forest" (all DCs know the whole truth.)


But the moment you have one
DC that is not a GC, you must keep up with
that manually.


--
Herb Martin

Regards,
/Jimmy

not

 

[Herb Martin]

If every DC in all the domains hosts the GC there are no phantoms or work
for the IM which makes it ok to host the IM any DC even if it's a GC.

Sounds right. It seems to be essentially the
same situation as is found in a "single domain
forest" (all DCs know the whole truth.)


But the moment you have one
DC that is not a GC, you must keep up with
that manually.


--
Herb Martin

Regards,
/Jimmy

 

[Herb Martin]

Herb, thanks for the reply - excellent information by the way. Your

response brings up more questions. I DO have exchange servers but only in
the root forest domain, not in any child domains. Does that mean i only
need 2 GCs placed on the top level DCs and no GCs in the child domains?
The child domains only need to have IM, RID, and PDC roles and NO GC role?
Thanks.

GCs have (practically) NOTHING to do with domains,
so let me repeat from the previous message:

From a 'design perspective' domains dont have GCs,
the FOREST has them.

Technically a GC must run on SOME DC (from some
domain) but think of it as a forest job -- it is.

You need one or two GCs per site (more in some large
system performance situations like Exchange Server.)

Re-read this until it makes sense, or ask me to clarify...<grin>

The FOREST needs one or more GCs per site.

 

[Guest]

Ok, i've re-read... please clarify... Thanks

E
----- Herb Martin wrote: ----

Herb, thanks for the reply - excellent information by the way. You

response brings up more questions. I DO have exchange servers but only i
the root forest domain, not in any child domains. Does that mean i onl
need 2 GCs placed on the top level DCs and no GCs in the child domains
The child domains only need to have IM, RID, and PDC roles and NO GC role
Thanks

GCs have (practically) NOTHING to do with domains
so let me repeat from the previous message

From a 'design perspective' domains dont have GCs
the FOREST has them
domain) but think of it as a forest job -- it is
system performance situations like Exchange Server.

Re-read this until it makes sense, or ask me to clarify...<grin

The FOREST needs one or more GCs per site

 

[Herb Martin]

Ok, i've re-read... please clarify... Thanks.

Which part? Ask a specific question or re-state your
understanding.