Comprehensive data protection for all workloads
Post Reply
dirkdigs
Enthusiast
Posts: 65
Liked: 4 times
Joined: Mar 10, 2014 8:21 pm
Full Name: Mike

active directory best practices for FSMO roles

Post by dirkdigs »

we have primary dc in the production site and backup dc in the secondary site.

if we simulate complete failure of primary site, we have no fsmo roles. (not 100% sure what these are needed for but I KNOW they ARE required for active directory to work)

What are most people doing?

are you seizing fsmo roles as part of your Disaster recovery operations? Would it be better to simply move my fsmo roles to my DR location?

Please advise.
HannesK
Product Manager
Posts: 14809
Liked: 3068 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: active directory best practices for FSMO roles

Post by HannesK »

Hello,
as the question is independent from Veeam, I would ask an internet search engine, a Microsoft forum or ChatGPT about Microsoft best practices instead of a Veeam forum :-)

As you never know, which location will fail, I cannot imagine a general "right" or "wrong". If you have all FSMO roles in the DR location, and the DR location fails, then you need to seize them to production.

Best regards,
Hannes
dirkdigs
Enthusiast
Posts: 65
Liked: 4 times
Joined: Mar 10, 2014 8:21 pm
Full Name: Mike

Re: active directory best practices for FSMO roles

Post by dirkdigs »

i disagree. this is relevant to veeam because Veeam is a disaster recovery product. and my question is directed to similar minded folk who use this product/. not sure what your issue is?>
Regnor
VeeaMVP
Posts: 1006
Liked: 314 times
Joined: Jan 31, 2011 11:17 am
Full Name: Max
Contact:

Re: active directory best practices for FSMO roles

Post by Regnor » 1 person likes this post

The domain won't stop working if the DC with the FSMO roles is offline.

During a disaster recovery test I wouldn't move or seize the FSMO roles as this would be a too big impact for just a test. Besides, I wouldn't do a disaster recovery test with my production systems. If you do this in a lab, with SureBackup, Orchestrator or something else, then you could go through the complete process without any risks.

During a real disaster it would make the decision dependent on the situation. Will the primary site come back online in short time then I would wait. If the primary site is gone or recovery will take time, the seize the roles and create a new primary DC.
HannesK
Product Manager
Posts: 14809
Liked: 3068 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: active directory best practices for FSMO roles

Post by HannesK » 2 people like this post

Hello,
not sure what your issue is?
no issue for me. I would just ask "at the source" instead of "3rd party".

In these forums, there are people who think that replication of domain controllers is a good idea. I disagree with that, because of superior built-in AD replication. Nobody in a Microsoft forum would recommend to replicate domain controllers. That's why I recommended to ask in Microsoft savvy forums where people are focused on AD.

Agree with Max and I still cannot image any "right" or "wrong" because one never knows, which site goes down (speaking as someone who did the AD course / certification some years ago and thinks that the question is independent from any backup vendor).

Best regards,
Hannes
dirkdigs
Enthusiast
Posts: 65
Liked: 4 times
Joined: Mar 10, 2014 8:21 pm
Full Name: Mike

Re: active directory best practices for FSMO roles

Post by dirkdigs »

thanks, appreciate the open discussion.
Post Reply

Who is online

Users browsing this forum: Google [Bot], nathanrsafti, RickWilkins and 78 guests