We are just getting ready to upgrade from an NT 4.0 domain to a Windows 2003
domain with DNS and AD. I just want to know what "role" the second (aka
BDC) in an AD domain plays other then backup when there is only two (2) DCs?
Here is what I mean. In my NT 4.0 domain if the BDC was down no one would
be able to log onto the domain or access domain resources.

So..., in a Window 2003 AD domain what services would I lose if my second DC
was down (let's say it was down for a week). I know that they say the DCs
in AD are "Active Active". But let's face it, only the first DC has the
FSMO roles.

So what would happen if my second (and only backup) DC was offline for a
week? Just for kicks lets just say that during that week I also needed to
add/delete users and other resources to my network. Inquiring minds just
want to know.

Thanks for any input.


Lamar

There are a set of Flexible Single Master Operations (FSMO) which can only
be done on a single controller. An administrator determines which operations
must be done on the master controller. These operations are all set up on
the master controller by default and can be transferred later. FSMO
operations types include:

a.. Schema Master - Makes changes to the database schema. Applications may
remotely connect to the schema master.
b.. Domain Naming Master - Adds or removes domains to or from the forest.
c.. PDC Emulator - When Active Directory is in mixed mode, the computer
Active Directory is on acts as a Windows NT PDC. The first server that
becomes a Windows 2000 domain controller takes the role of PDC emulator by
default. Functions pewrformed by the PDC emulator:
a.. User account changes and password changes.
b.. SAM directory replication requests.
c.. Domain master browser requests.
d.. Authentication requests.
The NTLM protocol is used by the PDC emulator to contact non-Windows 2000
clients and servers for exchange of authentication information. When
contacting Windows 2000 servers , the Windows 2000 protocol is used.
d.. Relative ID Master (RID Master) - All objects have a Security
Identifier (SID) and a domain SID. The RID assigns relative IDs to each
domain controller.
e.. Infrastructure Master - Updates group membership information when
users from other domains are moved or renamed. If you transfer this
function, it should not be transferred to the domain controller that is the
global catalog server. If this is done, the Infrastructure Master will not
function.
When operating in mixed mode, the PDC emulator will allow non Windows 2000
clients to use NTLM authentication protocol rather than Kerberos. If a
Windows 2000 client cannot find a Windows 2000 domain controller for logon
purposes, it will attempt to contact a Windows NT PDC using the NTLM
protocol. If the Windows 2000 client successfully logs on using an NT
server, group policy objects cannot be loaded.

The Global Catalog Server (GCS) maintains an Active Directory global catalog
with information about all objects the forest along with universal groups
and group members. It has a copy of all objects in its domain and some
objects in other domains. It has a copy of domain local and global groups,
but not members of those groups. It provides universal group membership
information and allows users to find resources. It is used to search for
objects in the forest.

Normally the first domain controller is a global catalog server. The "Active
Directory Sites and Services tool: in "Administrative Tools" is used to move
the global catalog server or create another one.

A global catalog server must be available or the user cannot logon to the
domain unless the user is in the group "Domain Admins".

A Universal group may contain users and groups from any domain in a forest,
This can how ever be cached with a new feture in Windows Server 2003

Adding more global catalog servers will make searching the forest faster,
but more network bandwidth will be required for replication between global
catalog servers any Domain Controller can become a Global Catalog Server.



--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Lamar Thomas" skrev i meddelandet
news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> We are just getting ready to upgrade from an NT 4.0 domain to a Windows
2003
> domain with DNS and AD. I just want to know what "role" the second (aka
> BDC) in an AD domain plays other then backup when there is only two (2)
DCs?
> Here is what I mean. In my NT 4.0 domain if the BDC was down no one would
> be able to log onto the domain or access domain resources.
>
> So..., in a Window 2003 AD domain what services would I lose if my second
DC
> was down (let's say it was down for a week). I know that they say the DCs
> in AD are "Active Active". But let's face it, only the first DC has the
> FSMO roles.
>
> So what would happen if my second (and only backup) DC was offline for a
> week? Just for kicks lets just say that during that week I also needed to
> add/delete users and other resources to my network. Inquiring minds just
> want to know.
>
> Thanks for any input.
>
>
> Lamar
>
>

So what about my example? What if I took my backup DC offline for a week?
What if I did a "DCPROMO" and demoted the only backup DC. That would
transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
Global Catalog is? What about the "Infrastructure Master" and the "Global
Catalog" being on the same server. You said that would cause
"Infrastructure Master" not to work. But what if I ONLY installed ONE DC
and only ONE DC. They would all be on the same server then wouldn't they?
Help me understanding. Thanks for your input.


Lamar



"Chriss3" wrote in message
news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> There are a set of Flexible Single Master Operations (FSMO) which can only
> be done on a single controller. An administrator determines which
operations
> must be done on the master controller. These operations are all set up on
> the master controller by default and can be transferred later. FSMO
> operations types include:
>
> a.. Schema Master - Makes changes to the database schema. Applications
may
> remotely connect to the schema master.
> b.. Domain Naming Master - Adds or removes domains to or from the
forest.
> c.. PDC Emulator - When Active Directory is in mixed mode, the computer
> Active Directory is on acts as a Windows NT PDC. The first server that
> becomes a Windows 2000 domain controller takes the role of PDC emulator by
> default. Functions pewrformed by the PDC emulator:
> a.. User account changes and password changes.
> b.. SAM directory replication requests.
> c.. Domain master browser requests.
> d.. Authentication requests.
> The NTLM protocol is used by the PDC emulator to contact non-Windows
2000
> clients and servers for exchange of authentication information. When
> contacting Windows 2000 servers , the Windows 2000 protocol is used.
> d.. Relative ID Master (RID Master) - All objects have a Security
> Identifier (SID) and a domain SID. The RID assigns relative IDs to each
> domain controller.
> e.. Infrastructure Master - Updates group membership information when
> users from other domains are moved or renamed. If you transfer this
> function, it should not be transferred to the domain controller that is
the
> global catalog server. If this is done, the Infrastructure Master will not
> function.
> When operating in mixed mode, the PDC emulator will allow non Windows 2000
> clients to use NTLM authentication protocol rather than Kerberos. If a
> Windows 2000 client cannot find a Windows 2000 domain controller for logon
> purposes, it will attempt to contact a Windows NT PDC using the NTLM
> protocol. If the Windows 2000 client successfully logs on using an NT
> server, group policy objects cannot be loaded.
>
> The Global Catalog Server (GCS) maintains an Active Directory global
catalog
> with information about all objects the forest along with universal groups
> and group members. It has a copy of all objects in its domain and some
> objects in other domains. It has a copy of domain local and global groups,
> but not members of those groups. It provides universal group membership
> information and allows users to find resources. It is used to search for
> objects in the forest.
>
> Normally the first domain controller is a global catalog server. The
"Active
> Directory Sites and Services tool: in "Administrative Tools" is used to
move
> the global catalog server or create another one.
>
> A global catalog server must be available or the user cannot logon to the
> domain unless the user is in the group "Domain Admins".
>
> A Universal group may contain users and groups from any domain in a
forest,
> This can how ever be cached with a new feture in Windows Server 2003
>
> Adding more global catalog servers will make searching the forest faster,
> but more network bandwidth will be required for replication between global
> catalog servers any Domain Controller can become a Global Catalog Server.
>
>
>
> --
> Regards
> Christoffer Andersson
>
> No email replies please - reply in the newsgroup
>
> "Lamar Thomas" skrev i meddelandet
> news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > We are just getting ready to upgrade from an NT 4.0 domain to a Windows
> 2003
> > domain with DNS and AD. I just want to know what "role" the second (aka
> > BDC) in an AD domain plays other then backup when there is only two (2)
> DCs?
> > Here is what I mean. In my NT 4.0 domain if the BDC was down no one
would
> > be able to log onto the domain or access domain resources.
> >
> > So..., in a Window 2003 AD domain what services would I lose if my
second
> DC
> > was down (let's say it was down for a week). I know that they say the
DCs
> > in AD are "Active Active". But let's face it, only the first DC has the
> > FSMO roles.
> >
> > So what would happen if my second (and only backup) DC was offline for a
> > week? Just for kicks lets just say that during that week I also needed
to
> > add/delete users and other resources to my network. Inquiring minds
just
> > want to know.
> >
> > Thanks for any input.
> >
> >
> > Lamar
> >
> >
>
>

Lamar I'm self in the middle of promote of new Domain Controllers right now
and have less of time so it was answers from a page. How ever what they
recommend is true for the enterprise. Running DCPROMO in order to demote a
Domain Controller will transfer any current FSMO roles off to another Domain
Controller yes. There roles can also be transferred manually. In your case
you can also make both Domain Controllers as Global Catalogs because it
doesn't make much traffic in your environment I suppose. RID and PDC
Emulator are recommended to have at same Domain Controller also deploy
Exchange in same site since there is much traffic between them. Post another
post if there is some thing more you wounder about.

(Sorry for the quick answers I'm give you, have a lot of thing to do here)

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Lamar Thomas" skrev i meddelandet
news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> So what about my example? What if I took my backup DC offline for a week?
> What if I did a "DCPROMO" and demoted the only backup DC. That would
> transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
> Global Catalog is? What about the "Infrastructure Master" and the "Global
> Catalog" being on the same server. You said that would cause
> "Infrastructure Master" not to work. But what if I ONLY installed ONE DC
> and only ONE DC. They would all be on the same server then wouldn't they?
> Help me understanding. Thanks for your input.
>
>
> Lamar
>
>
>
> "Chriss3" wrote in message
> news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > There are a set of Flexible Single Master Operations (FSMO) which can
only
> > be done on a single controller. An administrator determines which
> operations
> > must be done on the master controller. These operations are all set up
on
> > the master controller by default and can be transferred later. FSMO
> > operations types include:
> >
> > a.. Schema Master - Makes changes to the database schema. Applications
> may
> > remotely connect to the schema master.
> > b.. Domain Naming Master - Adds or removes domains to or from the
> forest.
> > c.. PDC Emulator - When Active Directory is in mixed mode, the
computer
> > Active Directory is on acts as a Windows NT PDC. The first server that
> > becomes a Windows 2000 domain controller takes the role of PDC emulator
by
> > default. Functions pewrformed by the PDC emulator:
> > a.. User account changes and password changes.
> > b.. SAM directory replication requests.
> > c.. Domain master browser requests.
> > d.. Authentication requests.
> > The NTLM protocol is used by the PDC emulator to contact non-Windows
> 2000
> > clients and servers for exchange of authentication information. When
> > contacting Windows 2000 servers , the Windows 2000 protocol is used.
> > d.. Relative ID Master (RID Master) - All objects have a Security
> > Identifier (SID) and a domain SID. The RID assigns relative IDs to each
> > domain controller.
> > e.. Infrastructure Master - Updates group membership information when
> > users from other domains are moved or renamed. If you transfer this
> > function, it should not be transferred to the domain controller that is
> the
> > global catalog server. If this is done, the Infrastructure Master will
not
> > function.
> > When operating in mixed mode, the PDC emulator will allow non Windows
2000
> > clients to use NTLM authentication protocol rather than Kerberos. If a
> > Windows 2000 client cannot find a Windows 2000 domain controller for
logon
> > purposes, it will attempt to contact a Windows NT PDC using the NTLM
> > protocol. If the Windows 2000 client successfully logs on using an NT
> > server, group policy objects cannot be loaded.
> >
> > The Global Catalog Server (GCS) maintains an Active Directory global
> catalog
> > with information about all objects the forest along with universal
groups
> > and group members. It has a copy of all objects in its domain and some
> > objects in other domains. It has a copy of domain local and global
groups,
> > but not members of those groups. It provides universal group membership
> > information and allows users to find resources. It is used to search for
> > objects in the forest.
> >
> > Normally the first domain controller is a global catalog server. The
> "Active
> > Directory Sites and Services tool: in "Administrative Tools" is used to
> move
> > the global catalog server or create another one.
> >
> > A global catalog server must be available or the user cannot logon to
the
> > domain unless the user is in the group "Domain Admins".
> >
> > A Universal group may contain users and groups from any domain in a
> forest,
> > This can how ever be cached with a new feture in Windows Server 2003
> >
> > Adding more global catalog servers will make searching the forest
faster,
> > but more network bandwidth will be required for replication between
global
> > catalog servers any Domain Controller can become a Global Catalog
Server.
> >
> >
> >
> > --
> > Regards
> > Christoffer Andersson
> >
> > No email replies please - reply in the newsgroup
> >
> > "Lamar Thomas" skrev i meddelandet
> > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > We are just getting ready to upgrade from an NT 4.0 domain to a
Windows
> > 2003
> > > domain with DNS and AD. I just want to know what "role" the second
(aka
> > > BDC) in an AD domain plays other then backup when there is only two
(2)
> > DCs?
> > > Here is what I mean. In my NT 4.0 domain if the BDC was down no one
> would
> > > be able to log onto the domain or access domain resources.
> > >
> > > So..., in a Window 2003 AD domain what services would I lose if my
> second
> > DC
> > > was down (let's say it was down for a week). I know that they say the
> DCs
> > > in AD are "Active Active". But let's face it, only the first DC has
the
> > > FSMO roles.
> > >
> > > So what would happen if my second (and only backup) DC was offline for
a
> > > week? Just for kicks lets just say that during that week I also
needed
> to
> > > add/delete users and other resources to my network. Inquiring minds
> just
> > > want to know.
> > >
> > > Thanks for any input.
> > >
> > >
> > > Lamar
> > >
> > >
> >
> >
>
>

On Wed, 17 Mar 2004 20:11:28 -0800, "Lamar Thomas"
wrote:

>We are just getting ready to upgrade from an NT 4.0 domain to a Windows 2003
>domain with DNS and AD. I just want to know what "role" the second (aka
>BDC) in an AD domain plays other then backup when there is only two (2) DCs?
>Here is what I mean. In my NT 4.0 domain if the BDC was down no one would
>be able to log onto the domain or access domain resources.
>
In an NT Domain, if the BDC is down it should be possible to logon!
>
>So..., in a Window 2003 AD domain what services would I lose if my second DC
>was down (let's say it was down for a week). I know that they say the DCs
>in AD are "Active Active". But let's face it, only the first DC has the
>FSMO roles.
>
It depends on whether or not the Domain is in native mode or mixed
mode. In mixed mode the Domain acts a bit like a WinNT Domain with the
PDC Emulator processing logons. In a native mode, all Win2000 clients
are able to authenticate with any DC.
>
>So what would happen if my second (and only backup) DC was offline for a
>week? Just for kicks lets just say that during that week I also needed to
>add/delete users and other resources to my network. Inquiring minds just
>want to know.
>
When it comes back replication would update it. For a little while it
wouldn't know about the changes

Cheers,

Cliff

"Lamar Thomas" wrote in message
news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> We are just getting ready to upgrade from an NT 4.0 domain to a Windows
2003
> domain with DNS and AD. I just want to know what "role" the second (aka
> BDC) in an AD domain plays other then backup when there is only two (2)
DCs?
> Here is what I mean. In my NT 4.0 domain if the BDC was down no one would
> be able to log onto the domain or access domain resources.
>
> So..., in a Window 2003 AD domain what services would I lose if my second
DC[color=blue]
> was down (let's say it was down for a week). I know that they say the DCs
> in AD are "Active Active". But let's face it, only the first DC has the
> FSMO roles.
>
> So what would happen if my second (and only backup) DC was offline for a
> week? Just for kicks lets just say that during that week I also needed to
> add/delete users and other resources to my network. Inquiring minds just
> want to know.
>
> Thanks for any input.[/color]

If your second DC was off line for a week, the only impact would be that
clients would not be able to use it for authentication. So if that DC was
in one office and the other (first installed) DC was in another office then
all users would be forced to use the first DC instead of one 'close' to
them.
You would also loose any other services you were running on that server.
If you ignore the Operation Master roles (FSMOs) the other person have
talked about then all DCs are equal peers in the sense of read write
capabilities to the directory.
Remember the Operation Master roles play very little use in an extremely
simple environment (such as a forest of one domain).

E.G. if you only have one domain the Infrastructure Master can be on any
server a DC or a GC, it doesn't matter.

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Lamar Thomas" wrote in message
news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> We are just getting ready to upgrade from an NT 4.0 domain to a Windows
2003
> domain with DNS and AD. I just want to know what "role" the second (aka
> BDC) in an AD domain plays other then backup when there is only two (2)
DCs?
> Here is what I mean. In my NT 4.0 domain if the BDC was down no one would
> be able to log onto the domain or access domain resources.
>
> So..., in a Window 2003 AD domain what services would I lose if my second
DC
> was down (let's say it was down for a week). I know that they say the DCs
> in AD are "Active Active". But let's face it, only the first DC has the
> FSMO roles.
>
> So what would happen if my second (and only backup) DC was offline for a
> week? Just for kicks lets just say that during that week I also needed to
> add/delete users and other resources to my network. Inquiring minds just
> want to know.
>
> Thanks for any input.
>
>
> Lamar
>
>

"Lamar Thomas" wrote in message
news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...[color=blue]
> So what about my example? What if I took my backup DC offline for a week?
> What if I did a "DCPROMO" and demoted the only backup DC. That would
> transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
> Global Catalog is? What about the "Infrastructure Master" and the "Global
> Catalog" being on the same server. You said that would cause
> "Infrastructure Master" not to work. But what if I ONLY installed ONE DC
> and only ONE DC. They would all be on the same server then wouldn't they?
> Help me understanding. Thanks for your input.[/color]

If you only have one and only one DC

Firstly you are running with an accute single point of failure and this
should never be used ini a production environment.
If you only have one DC then you have a forest of one Domain - so the
placement of the Infrastructriie Master on a GC (which this only server will
be) is not an issue.

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Lamar Thomas" wrote in message
news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> So what about my example? What if I took my backup DC offline for a week?
> What if I did a "DCPROMO" and demoted the only backup DC. That would
> transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
> Global Catalog is? What about the "Infrastructure Master" and the "Global
> Catalog" being on the same server. You said that would cause
> "Infrastructure Master" not to work. But what if I ONLY installed ONE DC
> and only ONE DC. They would all be on the same server then wouldn't they?
> Help me understanding. Thanks for your input.
>
>
> Lamar
>
>
>
> "Chriss3" wrote in message
> news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > There are a set of Flexible Single Master Operations (FSMO) which can
only
> > be done on a single controller. An administrator determines which
> operations
> > must be done on the master controller. These operations are all set up
on
> > the master controller by default and can be transferred later. FSMO
> > operations types include:
> >
> > a.. Schema Master - Makes changes to the database schema. Applications
> may
> > remotely connect to the schema master.
> > b.. Domain Naming Master - Adds or removes domains to or from the
> forest.
> > c.. PDC Emulator - When Active Directory is in mixed mode, the
computer
> > Active Directory is on acts as a Windows NT PDC. The first server that
> > becomes a Windows 2000 domain controller takes the role of PDC emulator
by
> > default. Functions pewrformed by the PDC emulator:
> > a.. User account changes and password changes.
> > b.. SAM directory replication requests.
> > c.. Domain master browser requests.
> > d.. Authentication requests.
> > The NTLM protocol is used by the PDC emulator to contact non-Windows
> 2000
> > clients and servers for exchange of authentication information. When
> > contacting Windows 2000 servers , the Windows 2000 protocol is used.
> > d.. Relative ID Master (RID Master) - All objects have a Security
> > Identifier (SID) and a domain SID. The RID assigns relative IDs to each
> > domain controller.
> > e.. Infrastructure Master - Updates group membership information when
> > users from other domains are moved or renamed. If you transfer this
> > function, it should not be transferred to the domain controller that is
> the
> > global catalog server. If this is done, the Infrastructure Master will
not
> > function.
> > When operating in mixed mode, the PDC emulator will allow non Windows
2000
> > clients to use NTLM authentication protocol rather than Kerberos. If a
> > Windows 2000 client cannot find a Windows 2000 domain controller for
logon
> > purposes, it will attempt to contact a Windows NT PDC using the NTLM
> > protocol. If the Windows 2000 client successfully logs on using an NT
> > server, group policy objects cannot be loaded.
> >
> > The Global Catalog Server (GCS) maintains an Active Directory global
> catalog
> > with information about all objects the forest along with universal
groups
> > and group members. It has a copy of all objects in its domain and some
> > objects in other domains. It has a copy of domain local and global
groups,
> > but not members of those groups. It provides universal group membership
> > information and allows users to find resources. It is used to search for
> > objects in the forest.
> >
> > Normally the first domain controller is a global catalog server. The
> "Active
> > Directory Sites and Services tool: in "Administrative Tools" is used to
> move
> > the global catalog server or create another one.
> >
> > A global catalog server must be available or the user cannot logon to
the
> > domain unless the user is in the group "Domain Admins".
> >
> > A Universal group may contain users and groups from any domain in a
> forest,
> > This can how ever be cached with a new feture in Windows Server 2003
> >
> > Adding more global catalog servers will make searching the forest
faster,
> > but more network bandwidth will be required for replication between
global
> > catalog servers any Domain Controller can become a Global Catalog
Server.
> >
> >
> >
> > --
> > Regards
> > Christoffer Andersson
> >
> > No email replies please - reply in the newsgroup
> >
> > "Lamar Thomas" skrev i meddelandet
> > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > We are just getting ready to upgrade from an NT 4.0 domain to a
Windows
> > 2003
> > > domain with DNS and AD. I just want to know what "role" the second
(aka
> > > BDC) in an AD domain plays other then backup when there is only two
(2)
> > DCs?
> > > Here is what I mean. In my NT 4.0 domain if the BDC was down no one
> would
> > > be able to log onto the domain or access domain resources.
> > >
> > > So..., in a Window 2003 AD domain what services would I lose if my
> second
> > DC
> > > was down (let's say it was down for a week). I know that they say the
> DCs
> > > in AD are "Active Active". But let's face it, only the first DC has
the
> > > FSMO roles.
> > >
> > > So what would happen if my second (and only backup) DC was offline for
a
> > > week? Just for kicks lets just say that during that week I also
needed
> to
> > > add/delete users and other resources to my network. Inquiring minds
> just
> > > want to know.
> > >
> > > Thanks for any input.
> > >
> > >
> > > Lamar
> > >
> > >
> >
> >
>
>

Hey Mike,

Thanks for the reply. I was just using the example as a worst case. My
boss wanted to know. We will be running two (2) DCs. My boss wanted me to
get the answer to what does "Active Active" REALLY mean? Right now in our
NT 4.0 domain if the BDC goes down then users can't log onto the domain. My
boss wanted to know if moving to Win 2003 and AD would remove THAT single
point of logon failure. That's why I asked - If the secound DC was down for
a week what would be the impact? Any feedback?

Thanks,

Lamar




"Mike Brannigan [MSFT]" wrote in message
news:efHVGwMDEHA.3392@TK2MSFTNGP11.phx.gbl...[color=blue]
> "Lamar Thomas" wrote in message
> news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...[color=green]
> > So what about my example? What if I took my backup DC offline for a[/color][/color]
week?[color=blue][color=green]
> > What if I did a "DCPROMO" and demoted the only backup DC. That would
> > transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
> > Global Catalog is? What about the "Infrastructure Master" and the[/color][/color]
"Global[color=blue][color=green]
> > Catalog" being on the same server. You said that would cause
> > "Infrastructure Master" not to work. But what if I ONLY installed ONE[/color][/color]
DC[color=blue][color=green]
> > and only ONE DC. They would all be on the same server then wouldn't[/color][/color]
they?[color=blue][color=green]
> > Help me understanding. Thanks for your input.[/color]
>
> If you only have one and only one DC
>
> Firstly you are running with an accute single point of failure and this
> should never be used ini a production environment.
> If you only have one DC then you have a forest of one Domain - so the
> placement of the Infrastructriie Master on a GC (which this only server[/color]
will[color=blue]
> be) is not an issue.
>
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Lamar Thomas" wrote in message
> news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...[color=green]
> > So what about my example? What if I took my backup DC offline for a[/color][/color]
week?[color=blue][color=green]
> > What if I did a "DCPROMO" and demoted the only backup DC. That would
> > transfer ALL of the FSMO roles to the "first" DC. Isn't that where the
> > Global Catalog is? What about the "Infrastructure Master" and the[/color][/color]
"Global[color=blue][color=green]
> > Catalog" being on the same server. You said that would cause
> > "Infrastructure Master" not to work. But what if I ONLY installed ONE[/color][/color]
DC[color=blue][color=green]
> > and only ONE DC. They would all be on the same server then wouldn't[/color][/color]
they?[color=blue][color=green]
> > Help me understanding. Thanks for your input.
> >
> >
> > Lamar
> >
> >
> >
> > "Chriss3" wrote in message
> > news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > There are a set of Flexible Single Master Operations (FSMO) which can[/color][/color]
> only[color=green][color=darkred]
> > > be done on a single controller. An administrator determines which[/color]
> > operations[color=darkred]
> > > must be done on the master controller. These operations are all set up[/color][/color]
> on[color=green][color=darkred]
> > > the master controller by default and can be transferred later. FSMO
> > > operations types include:
> > >
> > > a.. Schema Master - Makes changes to the database schema.[/color][/color][/color]
Applications[color=blue][color=green]
> > may[color=darkred]
> > > remotely connect to the schema master.
> > > b.. Domain Naming Master - Adds or removes domains to or from the[/color]
> > forest.[color=darkred]
> > > c.. PDC Emulator - When Active Directory is in mixed mode, the[/color][/color]
> computer[color=green][color=darkred]
> > > Active Directory is on acts as a Windows NT PDC. The first server that
> > > becomes a Windows 2000 domain controller takes the role of PDC[/color][/color][/color]
emulator[color=blue]
> by[color=green][color=darkred]
> > > default. Functions pewrformed by the PDC emulator:
> > > a.. User account changes and password changes.
> > > b.. SAM directory replication requests.
> > > c.. Domain master browser requests.
> > > d.. Authentication requests.
> > > The NTLM protocol is used by the PDC emulator to contact non-Windows[/color]
> > 2000[color=darkred]
> > > clients and servers for exchange of authentication information. When
> > > contacting Windows 2000 servers , the Windows 2000 protocol is used.
> > > d.. Relative ID Master (RID Master) - All objects have a Security
> > > Identifier (SID) and a domain SID. The RID assigns relative IDs to[/color][/color][/color]
each[color=blue][color=green][color=darkred]
> > > domain controller.
> > > e.. Infrastructure Master - Updates group membership information[/color][/color][/color]
when[color=blue][color=green][color=darkred]
> > > users from other domains are moved or renamed. If you transfer this
> > > function, it should not be transferred to the domain controller that[/color][/color][/color]
is[color=blue][color=green]
> > the[color=darkred]
> > > global catalog server. If this is done, the Infrastructure Master will[/color][/color]
> not[color=green][color=darkred]
> > > function.
> > > When operating in mixed mode, the PDC emulator will allow non Windows[/color][/color]
> 2000[color=green][color=darkred]
> > > clients to use NTLM authentication protocol rather than Kerberos. If a
> > > Windows 2000 client cannot find a Windows 2000 domain controller for[/color][/color]
> logon[color=green][color=darkred]
> > > purposes, it will attempt to contact a Windows NT PDC using the NTLM
> > > protocol. If the Windows 2000 client successfully logs on using an NT
> > > server, group policy objects cannot be loaded.
> > >
> > > The Global Catalog Server (GCS) maintains an Active Directory global[/color]
> > catalog[color=darkred]
> > > with information about all objects the forest along with universal[/color][/color]
> groups[color=green][color=darkred]
> > > and group members. It has a copy of all objects in its domain and some
> > > objects in other domains. It has a copy of domain local and global[/color][/color]
> groups,[color=green][color=darkred]
> > > but not members of those groups. It provides universal group[/color][/color][/color]
membership[color=blue][color=green][color=darkred]
> > > information and allows users to find resources. It is used to search[/color][/color][/color]
for[color=blue][color=green][color=darkred]
> > > objects in the forest.
> > >
> > > Normally the first domain controller is a global catalog server. The[/color]
> > "Active[color=darkred]
> > > Directory Sites and Services tool: in "Administrative Tools" is used[/color][/color][/color]
to[color=blue][color=green]
> > move[color=darkred]
> > > the global catalog server or create another one.
> > >
> > > A global catalog server must be available or the user cannot logon to[/color][/color]
> the[color=green][color=darkred]
> > > domain unless the user is in the group "Domain Admins".
> > >
> > > A Universal group may contain users and groups from any domain in a[/color]
> > forest,[color=darkred]
> > > This can how ever be cached with a new feture in Windows Server 2003
> > >
> > > Adding more global catalog servers will make searching the forest[/color][/color]
> faster,[color=green][color=darkred]
> > > but more network bandwidth will be required for replication between[/color][/color]
> global[color=green][color=darkred]
> > > catalog servers any Domain Controller can become a Global Catalog[/color][/color]
> Server.[color=green][color=darkred]
> > >
> > >
> > >
> > > --
> > > Regards
> > > Christoffer Andersson
> > >
> > > No email replies please - reply in the newsgroup
> > >
> > > "Lamar Thomas" skrev i meddelandet
> > > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > > We are just getting ready to upgrade from an NT 4.0 domain to a[/color][/color]
> Windows[color=green][color=darkred]
> > > 2003
> > > > domain with DNS and AD. I just want to know what "role" the second[/color][/color]
> (aka[color=green][color=darkred]
> > > > BDC) in an AD domain plays other then backup when there is only two[/color][/color]
> (2)[color=green][color=darkred]
> > > DCs?
> > > > Here is what I mean. In my NT 4.0 domain if the BDC was down no one[/color]
> > would[color=darkred]
> > > > be able to log onto the domain or access domain resources.
> > > >
> > > > So..., in a Window 2003 AD domain what services would I lose if my[/color]
> > second[color=darkred]
> > > DC
> > > > was down (let's say it was down for a week). I know that they say[/color][/color][/color]
the[color=blue][color=green]
> > DCs[color=darkred]
> > > > in AD are "Active Active". But let's face it, only the first DC has[/color][/color]
> the[color=green][color=darkred]
> > > > FSMO roles.
> > > >
> > > > So what would happen if my second (and only backup) DC was offline[/color][/color][/color]
for[color=blue]
> a[color=green][color=darkred]
> > > > week? Just for kicks lets just say that during that week I also[/color][/color]
> needed[color=green]
> > to[color=darkred]
> > > > add/delete users and other resources to my network. Inquiring minds[/color]
> > just[color=darkred]
> > > > want to know.
> > > >
> > > > Thanks for any input.
> > > >
> > > >
> > > > Lamar
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

OK.

Active Active - both DCs are fully capable of authenticating users but more
importantly - unlike NT 4.0 with the PDC BDC - with Windows Server 2003 (or
2000) BOTH DCs are fully read an write. In that you can create objects ,
user can change their passwords etc etc against either DC and they will
replicate until the directory converges to a common view across all DCs in
the Domain.

We still have the 5 Operation Master roles (FSMOs) that can only exists on a
single server at any one time because what they do cannot be allowed to work
in a multi master environment. E.g the Schema Master - so you would never
want the ability to change the Schema on 2 DCs at the same time - you must
only have a single master for this.

So the 5 roles may exist on any DC at any one time and the roles may be
spread across multiple machines (all 5 do not need to be on one server).

For discussion of placement of the Operations Master roles and the impact of
the loss of each one see
[url]http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/part1/dsgch07.mspx[/url]

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Lamar Thomas" wrote in message
news:uup3WiQDEHA.580@TK2MSFTNGP11.phx.gbl...[color=blue]
> Hey Mike,
>
> Thanks for the reply. I was just using the example as a worst case. My
> boss wanted to know. We will be running two (2) DCs. My boss wanted me[/color]
to[color=blue]
> get the answer to what does "Active Active" REALLY mean? Right now in our
> NT 4.0 domain if the BDC goes down then users can't log onto the domain.[/color]
My[color=blue]
> boss wanted to know if moving to Win 2003 and AD would remove THAT single
> point of logon failure. That's why I asked - If the secound DC was down[/color]
for[color=blue]
> a week what would be the impact? Any feedback?
>
> Thanks,
>
> Lamar
>
>
>
>
> "Mike Brannigan [MSFT]" wrote in message
> news:efHVGwMDEHA.3392@TK2MSFTNGP11.phx.gbl...[color=green]
> > "Lamar Thomas" wrote in message
> > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...[color=darkred]
> > > So what about my example? What if I took my backup DC offline for a[/color][/color]
> week?[color=green][color=darkred]
> > > What if I did a "DCPROMO" and demoted the only backup DC. That would
> > > transfer ALL of the FSMO roles to the "first" DC. Isn't that where[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > Global Catalog is? What about the "Infrastructure Master" and the[/color][/color]
> "Global[color=green][color=darkred]
> > > Catalog" being on the same server. You said that would cause
> > > "Infrastructure Master" not to work. But what if I ONLY installed ONE[/color][/color]
> DC[color=green][color=darkred]
> > > and only ONE DC. They would all be on the same server then wouldn't[/color][/color]
> they?[color=green][color=darkred]
> > > Help me understanding. Thanks for your input.[/color]
> >
> > If you only have one and only one DC
> >
> > Firstly you are running with an accute single point of failure and this
> > should never be used ini a production environment.
> > If you only have one DC then you have a forest of one Domain - so the
> > placement of the Infrastructriie Master on a GC (which this only server[/color]
> will[color=green]
> > be) is not an issue.
> >
> > --
> > Regards,
> >
> > Mike
> > --
> > Mike Brannigan [Microsoft]
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights
> >
> > Please note I cannot respond to e-mailed questions, please use these
> > newsgroups
> >
> > "Lamar Thomas" wrote in message
> > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...[color=darkred]
> > > So what about my example? What if I took my backup DC offline for a[/color][/color]
> week?[color=green][color=darkred]
> > > What if I did a "DCPROMO" and demoted the only backup DC. That would
> > > transfer ALL of the FSMO roles to the "first" DC. Isn't that where[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > Global Catalog is? What about the "Infrastructure Master" and the[/color][/color]
> "Global[color=green][color=darkred]
> > > Catalog" being on the same server. You said that would cause
> > > "Infrastructure Master" not to work. But what if I ONLY installed ONE[/color][/color]
> DC[color=green][color=darkred]
> > > and only ONE DC. They would all be on the same server then wouldn't[/color][/color]
> they?[color=green][color=darkred]
> > > Help me understanding. Thanks for your input.
> > >
> > >
> > > Lamar
> > >
> > >
> > >
> > > "Chriss3" wrote in message
> > > news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > > > There are a set of Flexible Single Master Operations (FSMO) which[/color][/color][/color]
can[color=blue][color=green]
> > only[color=darkred]
> > > > be done on a single controller. An administrator determines which
> > > operations
> > > > must be done on the master controller. These operations are all set[/color][/color][/color]
up[color=blue][color=green]
> > on[color=darkred]
> > > > the master controller by default and can be transferred later. FSMO
> > > > operations types include:
> > > >
> > > > a.. Schema Master - Makes changes to the database schema.[/color][/color]
> Applications[color=green][color=darkred]
> > > may
> > > > remotely connect to the schema master.
> > > > b.. Domain Naming Master - Adds or removes domains to or from the
> > > forest.
> > > > c.. PDC Emulator - When Active Directory is in mixed mode, the[/color]
> > computer[color=darkred]
> > > > Active Directory is on acts as a Windows NT PDC. The first server[/color][/color][/color]
that[color=blue][color=green][color=darkred]
> > > > becomes a Windows 2000 domain controller takes the role of PDC[/color][/color]
> emulator[color=green]
> > by[color=darkred]
> > > > default. Functions pewrformed by the PDC emulator:
> > > > a.. User account changes and password changes.
> > > > b.. SAM directory replication requests.
> > > > c.. Domain master browser requests.
> > > > d.. Authentication requests.
> > > > The NTLM protocol is used by the PDC emulator to contact[/color][/color][/color]
non-Windows[color=blue][color=green][color=darkred]
> > > 2000
> > > > clients and servers for exchange of authentication information. When
> > > > contacting Windows 2000 servers , the Windows 2000 protocol is used.
> > > > d.. Relative ID Master (RID Master) - All objects have a Security
> > > > Identifier (SID) and a domain SID. The RID assigns relative IDs to[/color][/color]
> each[color=green][color=darkred]
> > > > domain controller.
> > > > e.. Infrastructure Master - Updates group membership information[/color][/color]
> when[color=green][color=darkred]
> > > > users from other domains are moved or renamed. If you transfer this
> > > > function, it should not be transferred to the domain controller that[/color][/color]
> is[color=green][color=darkred]
> > > the
> > > > global catalog server. If this is done, the Infrastructure Master[/color][/color][/color]
will[color=blue][color=green]
> > not[color=darkred]
> > > > function.
> > > > When operating in mixed mode, the PDC emulator will allow non[/color][/color][/color]
Windows[color=blue][color=green]
> > 2000[color=darkred]
> > > > clients to use NTLM authentication protocol rather than Kerberos. If[/color][/color][/color]
a[color=blue][color=green][color=darkred]
> > > > Windows 2000 client cannot find a Windows 2000 domain controller for[/color]
> > logon[color=darkred]
> > > > purposes, it will attempt to contact a Windows NT PDC using the NTLM
> > > > protocol. If the Windows 2000 client successfully logs on using an[/color][/color][/color]
NT[color=blue][color=green][color=darkred]
> > > > server, group policy objects cannot be loaded.
> > > >
> > > > The Global Catalog Server (GCS) maintains an Active Directory global
> > > catalog
> > > > with information about all objects the forest along with universal[/color]
> > groups[color=darkred]
> > > > and group members. It has a copy of all objects in its domain and[/color][/color][/color]
some[color=blue][color=green][color=darkred]
> > > > objects in other domains. It has a copy of domain local and global[/color]
> > groups,[color=darkred]
> > > > but not members of those groups. It provides universal group[/color][/color]
> membership[color=green][color=darkred]
> > > > information and allows users to find resources. It is used to search[/color][/color]
> for[color=green][color=darkred]
> > > > objects in the forest.
> > > >
> > > > Normally the first domain controller is a global catalog server. The
> > > "Active
> > > > Directory Sites and Services tool: in "Administrative Tools" is used[/color][/color]
> to[color=green][color=darkred]
> > > move
> > > > the global catalog server or create another one.
> > > >
> > > > A global catalog server must be available or the user cannot logon[/color][/color][/color]
to[color=blue][color=green]
> > the[color=darkred]
> > > > domain unless the user is in the group "Domain Admins".
> > > >
> > > > A Universal group may contain users and groups from any domain in a
> > > forest,
> > > > This can how ever be cached with a new feture in Windows Server 2003
> > > >
> > > > Adding more global catalog servers will make searching the forest[/color]
> > faster,[color=darkred]
> > > > but more network bandwidth will be required for replication between[/color]
> > global[color=darkred]
> > > > catalog servers any Domain Controller can become a Global Catalog[/color]
> > Server.[color=darkred]
> > > >
> > > >
> > > >
> > > > --
> > > > Regards
> > > > Christoffer Andersson
> > > >
> > > > No email replies please - reply in the newsgroup
> > > >
> > > > "Lamar Thomas" skrev i meddelandet
> > > > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > > > We are just getting ready to upgrade from an NT 4.0 domain to a[/color]
> > Windows[color=darkred]
> > > > 2003
> > > > > domain with DNS and AD. I just want to know what "role" the[/color][/color][/color]
second[color=blue][color=green]
> > (aka[color=darkred]
> > > > > BDC) in an AD domain plays other then backup when there is only[/color][/color][/color]
two[color=blue][color=green]
> > (2)[color=darkred]
> > > > DCs?
> > > > > Here is what I mean. In my NT 4.0 domain if the BDC was down no[/color][/color][/color]
one[color=blue][color=green][color=darkred]
> > > would
> > > > > be able to log onto the domain or access domain resources.
> > > > >
> > > > > So..., in a Window 2003 AD domain what services would I lose if my
> > > second
> > > > DC
> > > > > was down (let's say it was down for a week). I know that they say[/color][/color]
> the[color=green][color=darkred]
> > > DCs
> > > > > in AD are "Active Active". But let's face it, only the first DC[/color][/color][/color]
has[color=blue][color=green]
> > the[color=darkred]
> > > > > FSMO roles.
> > > > >
> > > > > So what would happen if my second (and only backup) DC was offline[/color][/color]
> for[color=green]
> > a[color=darkred]
> > > > > week? Just for kicks lets just say that during that week I also[/color]
> > needed[color=darkred]
> > > to
> > > > > add/delete users and other resources to my network. Inquiring[/color][/color][/color]
minds[color=blue][color=green][color=darkred]
> > > just
> > > > > want to know.
> > > > >
> > > > > Thanks for any input.
> > > > >
> > > > >
> > > > > Lamar
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Cool, now we're getting down to the nut and bolts! In a single domain
forest with two 2003 DCs the first one as the FSMO roles AND the GC right?
What we want to do is remove the first DC and install an NEW DCs to replace
it. We will upgrade our NT 4.0 PDC to Win 2003 AD. Then we will install a
NEW second Win 2003 DC. I will then take my old NT 4.0 BDC offline for safe
keeping in case I have to recover. Then I will make the second Win 2003 DC
a GC server. Then last I will run "DCPROMO" on the first (upgraded) DC to
move the FSMO roles to the second DC. I will then install another NEW Win.
2003 server with more horse power and also make it a GC server. I will then
change the "Funtional level" to "Windows Server 2003 domain functional
level" and "Windows Server 2003 forest functional level". We do have some
workstations running Windows 98 and our Exchange 5.5 server is running on NT
4.0 (but it is on the list to move to Exchange 2003 on a Windows 2003 box).
What do you think about my plan? Thanks for any feedback.


Lamar



"Mike Brannigan [MSFT]" wrote in message
news:eU5lV5QDEHA.2800@tk2msftngp13.phx.gbl...[color=blue]
> OK.
>
> Active Active - both DCs are fully capable of authenticating users but[/color]
more[color=blue]
> importantly - unlike NT 4.0 with the PDC BDC - with Windows Server 2003[/color]
(or[color=blue]
> 2000) BOTH DCs are fully read an write. In that you can create objects ,
> user can change their passwords etc etc against either DC and they will
> replicate until the directory converges to a common view across all DCs in
> the Domain.
>
> We still have the 5 Operation Master roles (FSMOs) that can only exists on[/color]
a[color=blue]
> single server at any one time because what they do cannot be allowed to[/color]
work[color=blue]
> in a multi master environment. E.g the Schema Master - so you would never
> want the ability to change the Schema on 2 DCs at the same time - you must
> only have a single master for this.
>
> So the 5 roles may exist on any DC at any one time and the roles may be
> spread across multiple machines (all 5 do not need to be on one server).
>
> For discussion of placement of the Operations Master roles and the impact[/color]
of[color=blue]
> the loss of each one see
>[/color]
[url]http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/part1/dsgch07.mspx[/url][color=blue]
>
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Lamar Thomas" wrote in message
> news:uup3WiQDEHA.580@TK2MSFTNGP11.phx.gbl...[color=green]
> > Hey Mike,
> >
> > Thanks for the reply. I was just using the example as a worst case. My
> > boss wanted to know. We will be running two (2) DCs. My boss wanted me[/color]
> to[color=green]
> > get the answer to what does "Active Active" REALLY mean? Right now in[/color][/color]
our[color=blue][color=green]
> > NT 4.0 domain if the BDC goes down then users can't log onto the domain.[/color]
> My[color=green]
> > boss wanted to know if moving to Win 2003 and AD would remove THAT[/color][/color]
single[color=blue][color=green]
> > point of logon failure. That's why I asked - If the secound DC was down[/color]
> for[color=green]
> > a week what would be the impact? Any feedback?
> >
> > Thanks,
> >
> > Lamar
> >
> >
> >
> >
> > "Mike Brannigan [MSFT]" wrote in message
> > news:efHVGwMDEHA.3392@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > "Lamar Thomas" wrote in message
> > > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> > > > So what about my example? What if I took my backup DC offline for a[/color]
> > week?[color=darkred]
> > > > What if I did a "DCPROMO" and demoted the only backup DC. That[/color][/color][/color]
would[color=blue][color=green][color=darkred]
> > > > transfer ALL of the FSMO roles to the "first" DC. Isn't that where[/color][/color]
> the[color=green][color=darkred]
> > > > Global Catalog is? What about the "Infrastructure Master" and the[/color]
> > "Global[color=darkred]
> > > > Catalog" being on the same server. You said that would cause
> > > > "Infrastructure Master" not to work. But what if I ONLY installed[/color][/color][/color]
ONE[color=blue][color=green]
> > DC[color=darkred]
> > > > and only ONE DC. They would all be on the same server then wouldn't[/color]
> > they?[color=darkred]
> > > > Help me understanding. Thanks for your input.
> > >
> > > If you only have one and only one DC
> > >
> > > Firstly you are running with an accute single point of failure and[/color][/color][/color]
this[color=blue][color=green][color=darkred]
> > > should never be used ini a production environment.
> > > If you only have one DC then you have a forest of one Domain - so the
> > > placement of the Infrastructriie Master on a GC (which this only[/color][/color][/color]
server[color=blue][color=green]
> > will[color=darkred]
> > > be) is not an issue.
> > >
> > > --
> > > Regards,
> > >
> > > Mike
> > > --
> > > Mike Brannigan [Microsoft]
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights
> > >
> > > Please note I cannot respond to e-mailed questions, please use these
> > > newsgroups
> > >
> > > "Lamar Thomas" wrote in message
> > > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> > > > So what about my example? What if I took my backup DC offline for a[/color]
> > week?[color=darkred]
> > > > What if I did a "DCPROMO" and demoted the only backup DC. That[/color][/color][/color]
would[color=blue][color=green][color=darkred]
> > > > transfer ALL of the FSMO roles to the "first" DC. Isn't that where[/color][/color]
> the[color=green][color=darkred]
> > > > Global Catalog is? What about the "Infrastructure Master" and the[/color]
> > "Global[color=darkred]
> > > > Catalog" being on the same server. You said that would cause
> > > > "Infrastructure Master" not to work. But what if I ONLY installed[/color][/color][/color]
ONE[color=blue][color=green]
> > DC[color=darkred]
> > > > and only ONE DC. They would all be on the same server then wouldn't[/color]
> > they?[color=darkred]
> > > > Help me understanding. Thanks for your input.
> > > >
> > > >
> > > > Lamar
> > > >
> > > >
> > > >
> > > > "Chriss3" wrote in message
> > > > news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > > > > There are a set of Flexible Single Master Operations (FSMO) which[/color][/color]
> can[color=green][color=darkred]
> > > only
> > > > > be done on a single controller. An administrator determines which
> > > > operations
> > > > > must be done on the master controller. These operations are all[/color][/color][/color]
set[color=blue]
> up[color=green][color=darkred]
> > > on
> > > > > the master controller by default and can be transferred later.[/color][/color][/color]
FSMO[color=blue][color=green][color=darkred]
> > > > > operations types include:
> > > > >
> > > > > a.. Schema Master - Makes changes to the database schema.[/color]
> > Applications[color=darkred]
> > > > may
> > > > > remotely connect to the schema master.
> > > > > b.. Domain Naming Master - Adds or removes domains to or from[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > > forest.
> > > > > c.. PDC Emulator - When Active Directory is in mixed mode, the
> > > computer
> > > > > Active Directory is on acts as a Windows NT PDC. The first server[/color][/color]
> that[color=green][color=darkred]
> > > > > becomes a Windows 2000 domain controller takes the role of PDC[/color]
> > emulator[color=darkred]
> > > by
> > > > > default. Functions pewrformed by the PDC emulator:
> > > > > a.. User account changes and password changes.
> > > > > b.. SAM directory replication requests.
> > > > > c.. Domain master browser requests.
> > > > > d.. Authentication requests.
> > > > > The NTLM protocol is used by the PDC emulator to contact[/color][/color]
> non-Windows[color=green][color=darkred]
> > > > 2000
> > > > > clients and servers for exchange of authentication information.[/color][/color][/color]
When[color=blue][color=green][color=darkred]
> > > > > contacting Windows 2000 servers , the Windows 2000 protocol is[/color][/color][/color]
used.[color=blue][color=green][color=darkred]
> > > > > d.. Relative ID Master (RID Master) - All objects have a[/color][/color][/color]
Security[color=blue][color=green][color=darkred]
> > > > > Identifier (SID) and a domain SID. The RID assigns relative IDs to[/color]
> > each[color=darkred]
> > > > > domain controller.
> > > > > e.. Infrastructure Master - Updates group membership information[/color]
> > when[color=darkred]
> > > > > users from other domains are moved or renamed. If you transfer[/color][/color][/color]
this[color=blue][color=green][color=darkred]
> > > > > function, it should not be transferred to the domain controller[/color][/color][/color]
that[color=blue][color=green]
> > is[color=darkred]
> > > > the
> > > > > global catalog server. If this is done, the Infrastructure Master[/color][/color]
> will[color=green][color=darkred]
> > > not
> > > > > function.
> > > > > When operating in mixed mode, the PDC emulator will allow non[/color][/color]
> Windows[color=green][color=darkred]
> > > 2000
> > > > > clients to use NTLM authentication protocol rather than Kerberos.[/color][/color][/color]
If[color=blue]
> a[color=green][color=darkred]
> > > > > Windows 2000 client cannot find a Windows 2000 domain controller[/color][/color][/color]
for[color=blue][color=green][color=darkred]
> > > logon
> > > > > purposes, it will attempt to contact a Windows NT PDC using the[/color][/color][/color]
NTLM[color=blue][color=green][color=darkred]
> > > > > protocol. If the Windows 2000 client successfully logs on using an[/color][/color]
> NT[color=green][color=darkred]
> > > > > server, group policy objects cannot be loaded.
> > > > >
> > > > > The Global Catalog Server (GCS) maintains an Active Directory[/color][/color][/color]
global[color=blue][color=green][color=darkred]
> > > > catalog
> > > > > with information about all objects the forest along with universal
> > > groups
> > > > > and group members. It has a copy of all objects in its domain and[/color][/color]
> some[color=green][color=darkred]
> > > > > objects in other domains. It has a copy of domain local and global
> > > groups,
> > > > > but not members of those groups. It provides universal group[/color]
> > membership[color=darkred]
> > > > > information and allows users to find resources. It is used to[/color][/color][/color]
search[color=blue][color=green]
> > for[color=darkred]
> > > > > objects in the forest.
> > > > >
> > > > > Normally the first domain controller is a global catalog server.[/color][/color][/color]
The[color=blue][color=green][color=darkred]
> > > > "Active
> > > > > Directory Sites and Services tool: in "Administrative Tools" is[/color][/color][/color]
used[color=blue][color=green]
> > to[color=darkred]
> > > > move
> > > > > the global catalog server or create another one.
> > > > >
> > > > > A global catalog server must be available or the user cannot logon[/color][/color]
> to[color=green][color=darkred]
> > > the
> > > > > domain unless the user is in the group "Domain Admins".
> > > > >
> > > > > A Universal group may contain users and groups from any domain in[/color][/color][/color]
a[color=blue][color=green][color=darkred]
> > > > forest,
> > > > > This can how ever be cached with a new feture in Windows Server[/color][/color][/color]
2003[color=blue][color=green][color=darkred]
> > > > >
> > > > > Adding more global catalog servers will make searching the forest
> > > faster,
> > > > > but more network bandwidth will be required for replication[/color][/color][/color]
between[color=blue][color=green][color=darkred]
> > > global
> > > > > catalog servers any Domain Controller can become a Global Catalog
> > > Server.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards
> > > > > Christoffer Andersson
> > > > >
> > > > > No email replies please - reply in the newsgroup
> > > > >
> > > > > "Lamar Thomas" skrev i meddelandet
> > > > > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > > > > We are just getting ready to upgrade from an NT 4.0 domain to a
> > > Windows
> > > > > 2003
> > > > > > domain with DNS and AD. I just want to know what "role" the[/color][/color]
> second[color=green][color=darkred]
> > > (aka
> > > > > > BDC) in an AD domain plays other then backup when there is only[/color][/color]
> two[color=green][color=darkred]
> > > (2)
> > > > > DCs?
> > > > > > Here is what I mean. In my NT 4.0 domain if the BDC was down no[/color][/color]
> one[color=green][color=darkred]
> > > > would
> > > > > > be able to log onto the domain or access domain resources.
> > > > > >
> > > > > > So..., in a Window 2003 AD domain what services would I lose if[/color][/color][/color]
my[color=blue][color=green][color=darkred]
> > > > second
> > > > > DC
> > > > > > was down (let's say it was down for a week). I know that they[/color][/color][/color]
say[color=blue][color=green]
> > the[color=darkred]
> > > > DCs
> > > > > > in AD are "Active Active". But let's face it, only the first DC[/color][/color]
> has[color=green][color=darkred]
> > > the
> > > > > > FSMO roles.
> > > > > >
> > > > > > So what would happen if my second (and only backup) DC was[/color][/color][/color]
offline[color=blue][color=green]
> > for[color=darkred]
> > > a
> > > > > > week? Just for kicks lets just say that during that week I also
> > > needed
> > > > to
> > > > > > add/delete users and other resources to my network. Inquiring[/color][/color]
> minds[color=green][color=darkred]
> > > > just
> > > > > > want to know.
> > > > > >
> > > > > > Thanks for any input.
> > > > > >
> > > > > >
> > > > > > Lamar
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

"Lamar Thomas" wrote in message
news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[color=blue]
> Cool, now we're getting down to the nut and bolts! In a single domain
> forest with two 2003 DCs the first one as the FSMO roles AND the GC right?[/color]

Yes - the first Windows Server 2003 DC installed in a forest holds all 5
Operations Masters and is a Global Catalog server.
[color=blue]
> What we want to do is remove the first DC and install an NEW DCs to[/color]
replace[color=blue]
> it.[/color]

I do not understand this statement, are you taking about an NT 4.0 domain or
a 2003 domain??
[color=blue]
> We will upgrade our NT 4.0 PDC to Win 2003 AD. Then we will install a
> NEW second Win 2003 DC. I will then take my old NT 4.0 BDC offline for[/color]
safe[color=blue]
> keeping in case I have to recover.[/color]

OK so far
[color=blue]
> Then I will make the second Win 2003 DC
> a GC server. Then last I will run "DCPROMO" on the first (upgraded) DC to
> move the FSMO roles to the second DC.[/color]

No you do not use DCPROMO to move the Operations Master roles to another
sever.
You use the appropriate admin tool , such as the Schema Manager MMC snap in
etc.
[color=blue]
> I will then install another NEW Win.
> 2003 server with more horse power and also make it a GC server. I will[/color]
then[color=blue]
> change the "Funtional level" to "Windows Server 2003 domain functional
> level" and "Windows Server 2003 forest functional level".[/color]

OK
[color=blue]
> We do have some
> workstations running Windows 98[/color]

Then you must look into working around the newer tighter security in Server
2003, by looking at the Help and Support for information on how to deal
with old clients
[color=blue]
> and our Exchange 5.5 server is running on NT
> 4.0 (but it is on the list to move to Exchange 2003 on a Windows 2003[/color]
box).[color=blue]
> What do you think about my plan? Thanks for any feedback.[/color]

Seems OK. But ideally you should thoroughly test it in a lab environment
prior to implementation.

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Lamar Thomas" wrote in message
news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[color=blue]
> Cool, now we're getting down to the nut and bolts! In a single domain
> forest with two 2003 DCs the first one as the FSMO roles AND the GC right?
> What we want to do is remove the first DC and install an NEW DCs to[/color]
replace[color=blue]
> it. We will upgrade our NT 4.0 PDC to Win 2003 AD. Then we will install[/color]
a[color=blue]
> NEW second Win 2003 DC. I will then take my old NT 4.0 BDC offline for[/color]
safe[color=blue]
> keeping in case I have to recover. Then I will make the second Win 2003[/color]
DC[color=blue]
> a GC server. Then last I will run "DCPROMO" on the first (upgraded) DC to
> move the FSMO roles to the second DC. I will then install another NEW[/color]
Win.[color=blue]
> 2003 server with more horse power and also make it a GC server. I will[/color]
then[color=blue]
> change the "Funtional level" to "Windows Server 2003 domain functional
> level" and "Windows Server 2003 forest functional level". We do have some
> workstations running Windows 98 and our Exchange 5.5 server is running on[/color]
NT[color=blue]
> 4.0 (but it is on the list to move to Exchange 2003 on a Windows 2003[/color]
box).[color=blue]
> What do you think about my plan? Thanks for any feedback.
>
>
> Lamar
>
>
>
> "Mike Brannigan [MSFT]" wrote in message
> news:eU5lV5QDEHA.2800@tk2msftngp13.phx.gbl...[color=green]
> > OK.
> >
> > Active Active - both DCs are fully capable of authenticating users but[/color]
> more[color=green]
> > importantly - unlike NT 4.0 with the PDC BDC - with Windows Server 2003[/color]
> (or[color=green]
> > 2000) BOTH DCs are fully read an write. In that you can create objects[/color][/color]
,[color=blue][color=green]
> > user can change their passwords etc etc against either DC and they will
> > replicate until the directory converges to a common view across all DCs[/color][/color]
in[color=blue][color=green]
> > the Domain.
> >
> > We still have the 5 Operation Master roles (FSMOs) that can only exists[/color][/color]
on[color=blue]
> a[color=green]
> > single server at any one time because what they do cannot be allowed to[/color]
> work[color=green]
> > in a multi master environment. E.g the Schema Master - so you would[/color][/color]
never[color=blue][color=green]
> > want the ability to change the Schema on 2 DCs at the same time - you[/color][/color]
must[color=blue][color=green]
> > only have a single master for this.
> >
> > So the 5 roles may exist on any DC at any one time and the roles may be
> > spread across multiple machines (all 5 do not need to be on one server).
> >
> > For discussion of placement of the Operations Master roles and the[/color][/color]
impact[color=blue]
> of[color=green]
> > the loss of each one see
> >[/color]
>[/color]
[url]http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/part1/dsgch07.mspx[/url][color=blue][color=green]
> >
> > --
> > Regards,
> >
> > Mike
> > --
> > Mike Brannigan [Microsoft]
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights
> >
> > Please note I cannot respond to e-mailed questions, please use these
> > newsgroups
> >
> > "Lamar Thomas" wrote in message
> > news:uup3WiQDEHA.580@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > Hey Mike,
> > >
> > > Thanks for the reply. I was just using the example as a worst case.[/color][/color][/color]
My[color=blue][color=green][color=darkred]
> > > boss wanted to know. We will be running two (2) DCs. My boss wanted[/color][/color][/color]
me[color=blue][color=green]
> > to[color=darkred]
> > > get the answer to what does "Active Active" REALLY mean? Right now in[/color][/color]
> our[color=green][color=darkred]
> > > NT 4.0 domain if the BDC goes down then users can't log onto the[/color][/color][/color]
domain.[color=blue][color=green]
> > My[color=darkred]
> > > boss wanted to know if moving to Win 2003 and AD would remove THAT[/color][/color]
> single[color=green][color=darkred]
> > > point of logon failure. That's why I asked - If the secound DC was[/color][/color][/color]
down[color=blue][color=green]
> > for[color=darkred]
> > > a week what would be the impact? Any feedback?
> > >
> > > Thanks,
> > >
> > > Lamar
> > >
> > >
> > >
> > >
> > > "Mike Brannigan [MSFT]" wrote in[/color][/color][/color]
message[color=blue][color=green][color=darkred]
> > > news:efHVGwMDEHA.3392@TK2MSFTNGP11.phx.gbl...
> > > > "Lamar Thomas" wrote in message
> > > > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> > > > > So what about my example? What if I took my backup DC offline for[/color][/color][/color]
a[color=blue][color=green][color=darkred]
> > > week?
> > > > > What if I did a "DCPROMO" and demoted the only backup DC. That[/color][/color]
> would[color=green][color=darkred]
> > > > > transfer ALL of the FSMO roles to the "first" DC. Isn't that[/color][/color][/color]
where[color=blue][color=green]
> > the[color=darkred]
> > > > > Global Catalog is? What about the "Infrastructure Master" and the
> > > "Global
> > > > > Catalog" being on the same server. You said that would cause
> > > > > "Infrastructure Master" not to work. But what if I ONLY installed[/color][/color]
> ONE[color=green][color=darkred]
> > > DC
> > > > > and only ONE DC. They would all be on the same server then[/color][/color][/color]
wouldn't[color=blue][color=green][color=darkred]
> > > they?
> > > > > Help me understanding. Thanks for your input.
> > > >
> > > > If you only have one and only one DC
> > > >
> > > > Firstly you are running with an accute single point of failure and[/color][/color]
> this[color=green][color=darkred]
> > > > should never be used ini a production environment.
> > > > If you only have one DC then you have a forest of one Domain - so[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > > placement of the Infrastructriie Master on a GC (which this only[/color][/color]
> server[color=green][color=darkred]
> > > will
> > > > be) is not an issue.
> > > >
> > > > --
> > > > Regards,
> > > >
> > > > Mike
> > > > --
> > > > Mike Brannigan [Microsoft]
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > > rights
> > > >
> > > > Please note I cannot respond to e-mailed questions, please use these
> > > > newsgroups
> > > >
> > > > "Lamar Thomas" wrote in message
> > > > news:uPCmfkKDEHA.3024@tk2msftngp13.phx.gbl...
> > > > > So what about my example? What if I took my backup DC offline for[/color][/color][/color]
a[color=blue][color=green][color=darkred]
> > > week?
> > > > > What if I did a "DCPROMO" and demoted the only backup DC. That[/color][/color]
> would[color=green][color=darkred]
> > > > > transfer ALL of the FSMO roles to the "first" DC. Isn't that[/color][/color][/color]
where[color=blue][color=green]
> > the[color=darkred]
> > > > > Global Catalog is? What about the "Infrastructure Master" and the
> > > "Global
> > > > > Catalog" being on the same server. You said that would cause
> > > > > "Infrastructure Master" not to work. But what if I ONLY installed[/color][/color]
> ONE[color=green][color=darkred]
> > > DC
> > > > > and only ONE DC. They would all be on the same server then[/color][/color][/color]
wouldn't[color=blue][color=green][color=darkred]
> > > they?
> > > > > Help me understanding. Thanks for your input.
> > > > >
> > > > >
> > > > > Lamar
> > > > >
> > > > >
> > > > >
> > > > > "Chriss3" wrote in message
> > > > > news:%23TuYlMKDEHA.2576@TK2MSFTNGP11.phx.gbl...
> > > > > > There are a set of Flexible Single Master Operations (FSMO)[/color][/color][/color]
which[color=blue][color=green]
> > can[color=darkred]
> > > > only
> > > > > > be done on a single controller. An administrator determines[/color][/color][/color]
which[color=blue][color=green][color=darkred]
> > > > > operations
> > > > > > must be done on the master controller. These operations are all[/color][/color]
> set[color=green]
> > up[color=darkred]
> > > > on
> > > > > > the master controller by default and can be transferred later.[/color][/color]
> FSMO[color=green][color=darkred]
> > > > > > operations types include:
> > > > > >
> > > > > > a.. Schema Master - Makes changes to the database schema.
> > > Applications
> > > > > may
> > > > > > remotely connect to the schema master.
> > > > > > b.. Domain Naming Master - Adds or removes domains to or from[/color][/color]
> the[color=green][color=darkred]
> > > > > forest.
> > > > > > c.. PDC Emulator - When Active Directory is in mixed mode, the
> > > > computer
> > > > > > Active Directory is on acts as a Windows NT PDC. The first[/color][/color][/color]
server[color=blue][color=green]
> > that[color=darkred]
> > > > > > becomes a Windows 2000 domain controller takes the role of PDC
> > > emulator
> > > > by
> > > > > > default. Functions pewrformed by the PDC emulator:
> > > > > > a.. User account changes and password changes.
> > > > > > b.. SAM directory replication requests.
> > > > > > c.. Domain master browser requests.
> > > > > > d.. Authentication requests.
> > > > > > The NTLM protocol is used by the PDC emulator to contact[/color]
> > non-Windows[color=darkred]
> > > > > 2000
> > > > > > clients and servers for exchange of authentication information.[/color][/color]
> When[color=green][color=darkred]
> > > > > > contacting Windows 2000 servers , the Windows 2000 protocol is[/color][/color]
> used.[color=green][color=darkred]
> > > > > > d.. Relative ID Master (RID Master) - All objects have a[/color][/color]
> Security[color=green][color=darkred]
> > > > > > Identifier (SID) and a domain SID. The RID assigns relative IDs[/color][/color][/color]
to[color=blue][color=green][color=darkred]
> > > each
> > > > > > domain controller.
> > > > > > e.. Infrastructure Master - Updates group membership[/color][/color][/color]
information[color=blue][color=green][color=darkred]
> > > when
> > > > > > users from other domains are moved or renamed. If you transfer[/color][/color]
> this[color=green][color=darkred]
> > > > > > function, it should not be transferred to the domain controller[/color][/color]
> that[color=green][color=darkred]
> > > is
> > > > > the
> > > > > > global catalog server. If this is done, the Infrastructure[/color][/color][/color]
Master[color=blue][color=green]
> > will[color=darkred]
> > > > not
> > > > > > function.
> > > > > > When operating in mixed mode, the PDC emulator will allow non[/color]
> > Windows[color=darkred]
> > > > 2000
> > > > > > clients to use NTLM authentication protocol rather than[/color][/color][/color]
Kerberos.[color=blue]
> If[color=green]
> > a[color=darkred]
> > > > > > Windows 2000 client cannot find a Windows 2000 domain controller[/color][/color]
> for[color=green][color=darkred]
> > > > logon
> > > > > > purposes, it will attempt to contact a Windows NT PDC using the[/color][/color]
> NTLM[color=green][color=darkred]
> > > > > > protocol. If the Windows 2000 client successfully logs on using[/color][/color][/color]
an[color=blue][color=green]
> > NT[color=darkred]
> > > > > > server, group policy objects cannot be loaded.
> > > > > >
> > > > > > The Global Catalog Server (GCS) maintains an Active Directory[/color][/color]
> global[color=green][color=darkred]
> > > > > catalog
> > > > > > with information about all objects the forest along with[/color][/color][/color]
universal[color=blue][color=green][color=darkred]
> > > > groups
> > > > > > and group members. It has a copy of all objects in its domain[/color][/color][/color]
and[color=blue][color=green]
> > some[color=darkred]
> > > > > > objects in other domains. It has a copy of domain local and[/color][/color][/color]
global[color=blue][color=green][color=darkred]
> > > > groups,
> > > > > > but not members of those groups. It provides universal group
> > > membership
> > > > > > information and allows users to find resources. It is used to[/color][/color]
> search[color=green][color=darkred]
> > > for
> > > > > > objects in the forest.
> > > > > >
> > > > > > Normally the first domain controller is a global catalog server.[/color][/color]
> The[color=green][color=darkred]
> > > > > "Active
> > > > > > Directory Sites and Services tool: in "Administrative Tools" is[/color][/color]
> used[color=green][color=darkred]
> > > to
> > > > > move
> > > > > > the global catalog server or create another one.
> > > > > >
> > > > > > A global catalog server must be available or the user cannot[/color][/color][/color]
logon[color=blue][color=green]
> > to[color=darkred]
> > > > the
> > > > > > domain unless the user is in the group "Domain Admins".
> > > > > >
> > > > > > A Universal group may contain users and groups from any domain[/color][/color][/color]
in[color=blue]
> a[color=green][color=darkred]
> > > > > forest,
> > > > > > This can how ever be cached with a new feture in Windows Server[/color][/color]
> 2003[color=green][color=darkred]
> > > > > >
> > > > > > Adding more global catalog servers will make searching the[/color][/color][/color]
forest[color=blue][color=green][color=darkred]
> > > > faster,
> > > > > > but more network bandwidth will be required for replication[/color][/color]
> between[color=green][color=darkred]
> > > > global
> > > > > > catalog servers any Domain Controller can become a Global[/color][/color][/color]
Catalog[color=blue][color=green][color=darkred]
> > > > Server.
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Regards
> > > > > > Christoffer Andersson
> > > > > >
> > > > > > No email replies please - reply in the newsgroup
> > > > > >
> > > > > > "Lamar Thomas" skrev i meddelandet
> > > > > > news:%23QTdS6JDEHA.1072@TK2MSFTNGP09.phx.gbl...
> > > > > > > We are just getting ready to upgrade from an NT 4.0 domain to[/color][/color][/color]
a[color=blue][color=green][color=darkred]
> > > > Windows
> > > > > > 2003
> > > > > > > domain with DNS and AD. I just want to know what "role" the[/color]
> > second[color=darkred]
> > > > (aka
> > > > > > > BDC) in an AD domain plays other then backup when there is[/color][/color][/color]
only[color=blue][color=green]
> > two[color=darkred]
> > > > (2)
> > > > > > DCs?
> > > > > > > Here is what I mean. In my NT 4.0 domain if the BDC was down[/color][/color][/color]
no[color=blue][color=green]
> > one[color=darkred]
> > > > > would
> > > > > > > be able to log onto the domain or access domain resources.
> > > > > > >
> > > > > > > So..., in a Window 2003 AD domain what services would I lose[/color][/color][/color]
if[color=blue]
> my[color=green][color=darkred]
> > > > > second
> > > > > > DC
> > > > > > > was down (let's say it was down for a week). I know that they[/color][/color]
> say[color=green][color=darkred]
> > > the
> > > > > DCs
> > > > > > > in AD are "Active Active". But let's face it, only the first[/color][/color][/color]
DC[color=blue][color=green]
> > has[color=darkred]
> > > > the
> > > > > > > FSMO roles.
> > > > > > >
> > > > > > > So what would happen if my second (and only backup) DC was[/color][/color]
> offline[color=green][color=darkred]
> > > for
> > > > a
> > > > > > > week? Just for kicks lets just say that during that week I[/color][/color][/color]
also[color=blue][color=green][color=darkred]
> > > > needed
> > > > > to
> > > > > > > add/delete users and other resources to my network. Inquiring[/color]
> > minds[color=darkred]
> > > > > just
> > > > > > > want to know.
> > > > > > >
> > > > > > > Thanks for any input.
> > > > > > >
> > > > > > >
> > > > > > > Lamar
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

"Mike Brannigan [MSFT]" wrote in message
news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=blue]
> "Lamar Thomas" wrote in message
> news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]

Hey Mike,

Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD or
in "Administrative Tools"? What are the names of them? I take it that the
"Schema Manager MMC" snap in will only move the "Schema" right? Again
thanks for you help. I am just about ready to do this upgrade and you have
been a BIG help. I feel that I have a MUCH better understanding on this
whole prossess now.


Lamar


[color=blue][color=green]
> > Then I will make the second Win 2003 DC
> > a GC server. Then last I will run "DCPROMO" on the first (upgraded) DC[/color][/color]
to[color=blue][color=green]
> > move the FSMO roles to the second DC.[/color]
>
> No you do not use DCPROMO to move the Operations Master roles to another
> sever.
> You use the appropriate admin tool , such as the Schema Manager MMC snap[/color]
in[color=blue]
> etc.[/color]

"Lamar Thomas" wrote in message
news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=blue]
>
> "Mike Brannigan [MSFT]" wrote in message
> news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=green]
> > "Lamar Thomas" wrote in message
> > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
>
> Hey Mike,
>
> Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD or
> in "Administrative Tools"? What are the names of them? I take it that[/color]
the[color=blue]
> "Schema Manager MMC" snap in will only move the "Schema" right? Again
> thanks for you help. I am just about ready to do this upgrade and you[/color]
have[color=blue]
> been a BIG help. I feel that I have a MUCH better understanding on this
> whole prossess now.[/color]

see
[url]http://support.microsoft.com/?id=255690[/url]

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Lamar Thomas" wrote in message
news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=blue]
>
> "Mike Brannigan [MSFT]" wrote in message
> news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=green]
> > "Lamar Thomas" wrote in message
> > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
>
> Hey Mike,
>
> Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD or
> in "Administrative Tools"? What are the names of them? I take it that[/color]
the[color=blue]
> "Schema Manager MMC" snap in will only move the "Schema" right? Again
> thanks for you help. I am just about ready to do this upgrade and you[/color]
have[color=blue]
> been a BIG help. I feel that I have a MUCH better understanding on this
> whole prossess now.
>
>
> Lamar
>
>
>[color=green][color=darkred]
> > > Then I will make the second Win 2003 DC
> > > a GC server. Then last I will run "DCPROMO" on the first (upgraded)[/color][/color][/color]
DC[color=blue]
> to[color=green][color=darkred]
> > > move the FSMO roles to the second DC.[/color]
> >
> > No you do not use DCPROMO to move the Operations Master roles to another
> > sever.
> > You use the appropriate admin tool , such as the Schema Manager MMC snap[/color]
> in[color=green]
> > etc.[/color]
>
>[/color]

Thanks Mike,

I will take a look at the link in a little bit and get back to you. Thanks
again for all your help.


Lamar



"Mike Brannigan [MSFT]" wrote in message
news:uxGeNOmDEHA.1604@TK2MSFTNGP11.phx.gbl...[color=blue]
> "Lamar Thomas" wrote in message
> news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=green]
> >
> > "Mike Brannigan [MSFT]" wrote in message
> > news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=darkred]
> > > "Lamar Thomas" wrote in message
> > > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
> >
> > Hey Mike,
> >
> > Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD[/color][/color]
or[color=blue][color=green]
> > in "Administrative Tools"? What are the names of them? I take it that[/color]
> the[color=green]
> > "Schema Manager MMC" snap in will only move the "Schema" right? Again
> > thanks for you help. I am just about ready to do this upgrade and you[/color]
> have[color=green]
> > been a BIG help. I feel that I have a MUCH better understanding on this
> > whole prossess now.[/color]
>
> see
> [url]http://support.microsoft.com/?id=255690[/url]
>
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Lamar Thomas" wrote in message
> news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=green]
> >
> > "Mike Brannigan [MSFT]" wrote in message
> > news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=darkred]
> > > "Lamar Thomas" wrote in message
> > > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
> >
> > Hey Mike,
> >
> > Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD[/color][/color]
or[color=blue][color=green]
> > in "Administrative Tools"? What are the names of them? I take it that[/color]
> the[color=green]
> > "Schema Manager MMC" snap in will only move the "Schema" right? Again
> > thanks for you help. I am just about ready to do this upgrade and you[/color]
> have[color=green]
> > been a BIG help. I feel that I have a MUCH better understanding on this
> > whole prossess now.
> >
> >
> > Lamar
> >
> >
> >[color=darkred]
> > > > Then I will make the second Win 2003 DC
> > > > a GC server. Then last I will run "DCPROMO" on the first (upgraded)[/color][/color]
> DC[color=green]
> > to[color=darkred]
> > > > move the FSMO roles to the second DC.
> > >
> > > No you do not use DCPROMO to move the Operations Master roles to[/color][/color][/color]
another[color=blue][color=green][color=darkred]
> > > sever.
> > > You use the appropriate admin tool , such as the Schema Manager MMC[/color][/color][/color]
snap[color=blue][color=green]
> > in[color=darkred]
> > > etc.[/color]
> >
> >[/color]
>
>[/color]

Mike, you da MAN!!!!!

Thanks for all of your help! My upgrade went off without a hitch! We are
up and running just fine. I even moved the FSMO roles to a new server in
the domain. I only have to do one more thing in the upgrade and that is to
upgrade my Exchange 5.5 server to Win. 2003 and Exch. 2003. Thanks again
for all of your help and guidance. You gave me the confidence to pull this
off! Thanks again man! :)

Lamar
P.S: For info. for other readers, I used the following books for reference:
(I found both of them of great help.
ISBN: 0735619409
ISBN: 0782141307



"Mike Brannigan [MSFT]" wrote in message
news:uxGeNOmDEHA.1604@TK2MSFTNGP11.phx.gbl...[color=blue]
> "Lamar Thomas" wrote in message
> news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=green]
> >
> > "Mike Brannigan [MSFT]" wrote in message
> > news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=darkred]
> > > "Lamar Thomas" wrote in message
> > > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
> >
> > Hey Mike,
> >
> > Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD[/color][/color]
or[color=blue][color=green]
> > in "Administrative Tools"? What are the names of them? I take it that[/color]
> the[color=green]
> > "Schema Manager MMC" snap in will only move the "Schema" right? Again
> > thanks for you help. I am just about ready to do this upgrade and you[/color]
> have[color=green]
> > been a BIG help. I feel that I have a MUCH better understanding on this
> > whole prossess now.[/color]
>
> see
> [url]http://support.microsoft.com/?id=255690[/url]
>
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Lamar Thomas" wrote in message
> news:%23xJfYZeDEHA.2424@TK2MSFTNGP09.phx.gbl...[color=green]
> >
> > "Mike Brannigan [MSFT]" wrote in message
> > news:OamRq4ZDEHA.3472@TK2MSFTNGP09.phx.gbl...[color=darkred]
> > > "Lamar Thomas" wrote in message
> > > news:%23bPggWRDEHA.2804@tk2msftngp13.phx.gbl...[/color]
> >
> > Hey Mike,
> >
> > Thanks for you reply. Are the "appropriate admin tools" on the 2003 CD[/color][/color]
or[color=blue][color=green]
> > in "Administrative Tools"? What are the names of them? I take it that[/color]
> the[color=green]
> > "Schema Manager MMC" snap in will only move the "Schema" right? Again
> > thanks for you help. I am just about ready to do this upgrade and you[/color]
> have[color=green]
> > been a BIG help. I feel that I have a MUCH better understanding on this
> > whole prossess now.
> >
> >
> > Lamar
> >
> >
> >[color=darkred]
> > > > Then I will make the second Win 2003 DC
> > > > a GC server. Then last I will run "DCPROMO" on the first (upgraded)[/color][/color]
> DC[color=green]
> > to[color=darkred]
> > > > move the FSMO roles to the second DC.
> > >
> > > No you do not use DCPROMO to move the Operations Master roles to[/color][/color][/color]
another[color=blue][color=green][color=darkred]
> > > sever.
> > > You use the appropriate admin tool , such as the Schema Manager MMC[/color][/color][/color]
snap[color=blue][color=green]
> > in[color=darkred]
> > > etc.[/color]
> >
> >[/color]
>
>[/color]