FISMO Roles within a Domain

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,

In a windows 2000 server environment, i am planning a disaster recovery site.
The disaster recovery site is in another office and its main purpose is to
provide users with an alternate office to work in the event that our main
office network is offline...

As this alternate site is going to be configured to replicate with our main
office (exchange servers, citrix, sql etc), what happens in the event that
our Primary Domain Controller (in our main office) goes offline?

As the disaster recovery site will have secondary domain controllers which
will be replication partners, but what will happen to the 5 FISMO roles? can
you promote a server to a certain role?


kind regards;
1 answer Last reply
More about fismo roles domain
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Richard" <Richard@discussions.microsoft.com> wrote in message
    news:D032A276-7879-4D08-BDDB-3216AF6AA269@microsoft.com...
    > Hello,
    >
    > In a windows 2000 server environment, i am planning a disaster recovery
    site.
    > The disaster recovery site is in another office and its main purpose is to
    > provide users with an alternate office to work in the event that our main
    > office network is offline...
    >
    > As this alternate site is going to be configured to replicate with our
    main
    > office (exchange servers, citrix, sql etc), what happens in the event that
    > our Primary Domain Controller (in our main office) goes offline?
    >
    > As the disaster recovery site will have secondary domain controllers which
    > will be replication partners, but what will happen to the 5 FISMO roles?
    can
    > you promote a server to a certain role?

    Yes, but it is called "transferring" (which should always
    be preferred) if the old role holder is online, and "seize"
    (try to avoid) if the old role holder is OFFLINE.

    (Rather than "promote".)

    You must NEVER "seize" a role unless the 'old role holder'
    will NEVER be brought back online.

    So during a disaster plan execution, you will seize roles only
    if you must (e.g., don't expect a fairly rapid repair of the problems).

    Once you seize the role(s) you are committing to DCPromo the
    old holder (to non-DC), after which you may DCPromo it again
    to DC.

    Do NOT have any Enterprise Certificate Servers holding such
    roles since they cannot afford to be DCPromo 'cycled'.

    Only the PDC Emulator (there is no true PDC in AD domains)
    is likely to become a problem rapidly.

    Then the RID master (but only if you must add large number
    of users.)

    Missing the PDC emulator will cause "cross subnet browsing"
    and "cross domain browsing" will stop working during the
    next hour.

    Time will eventually drift and Kerberos authentication may
    suffer -- but that is not likely to happen rapidly.

    Replication to BDCs will stop but you probably don't have
    any of those unless you are still in mixed mode.

    A few minor problems may occur but you won't likely
    notice.
Ask a new question

Read More

Data Recovery Office Windows