Perhaps 'six of one or half a dozen of the other' would apply to this
thread.
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mark Parris
> Sent: Wednesday, November 30, 2005 12:52 PM
> To: ActiveDir.org
> Subject: Re: [ActiveDir] FSMO role transfer
>
> Mr pedantic here,
>
> That's a stitch in time saves nine.....
>
> -----Original Message-----
> From: Bahta Nathaniel V Contractor NASIC/SCNA
> <Nathaniel.Bahta@xxxxxxxxxxxx>
> Date: Wed, 30 Nov 2005 13:32:13
> To:ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] FSMO role transfer
>
> That process is trivial in itself. It does not take much to
> transfer the roles before you conduct maintenance on a
> server. Why not do it? It will save you cleaning up
> metadata after you seize a role of a failed operations
> master. Sounds like a stitch in nine saves time concept to
> me. I do not intend on taking every proactive measure
> either, but when it comes to the small and quickly
> implemented measures that could save plenty of time, I try to
> utilize all of them available.
>
> Is that agreeable?
>
> Nathaniel Vincent Bahta
>
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of David Adner
> Sent: Wednesday, November 30, 2005 1:24 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] FSMO role transfer
>
> Any proper maintenance plan has a backout plan and a recovery
> plan, so I am preparing for the possibility of an unexpected
> problem. If I'm pulled into a dark room because something
> goes wrong then I should feel confident I'll leave that room
> with my hide mostly intact; it may be slightly singed, but I
> can live with that. If management isn't the reasonable type
> then that's a different issue.
>
> If your philosophy is to take every proactive measure ahead
> of time possible, then that's fine. I just don't see the
> point with regards to FSMO roles when the recovery action is
> a relatively trivial process. This is obviously a matter of
> personal preference so I'm not trying to convince others to
> change. I just found the concept unusual so I thought I'd share.
>
> > -----Original Message-----
> > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
> > neil.ruston@xxxxxxxxxxxxx
> > Sent: Wednesday, November 30, 2005 10:16 AM
> > To: ActiveDir@xxxxxxxxxxxxxxxxxx
> > Subject: RE: [ActiveDir] FSMO role transfer
> >
> > I would rather, as stated earlier, assess the risk and then act
> > appropriately. The original poster never defined 'maintenance' in
> > detail.
> >
> > The original post did state that the box would be down for ~2 hours
> > for maintenance. This is clearly more than a patch and a
> reboot. We've
> > been over that scenario and concluded that it carries a lesser risk.
> >
> > As joe said, if the maintenance all goes badly wrong, do
> you want to
> > be pulled into a dark room and questioned as to why you did not
> > prepare for that eventuality?
> >
> >
> > neil
> >
> >
> > -----Original Message-----
> > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan
> > Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> > Sent: 30 November 2005 15:29
> > To: ActiveDir@xxxxxxxxxxxxxxxxxx
> > Subject: Re: [ActiveDir] FSMO role transfer
> >
> > Okay define maintenance please?
> >
> > Patching?
> > Service Pack?
> > Applying QFEs?
> > Performance tuning?
> > What?
> >
> > Is there a level of maintenance that would cause you to move FSMO's
> > and not?
> >
> > Like for example, if I'm patching, I've tested the patch, I'm
> > reasonably expecting a favorable outcome otherwise I wouldn't be
> > deploying, I have a backup.
> >
> > neil.ruston@xxxxxxxxxxxxx wrote:
> >
> > > I think we've missed the essence of the original post :)
> > The DCs are
> > > not just being rebooted, they are being 'maintained' and
> > will be down
> > > for ~ 2 hours. That means to me, that either a s/w or h/w
> change is
> > > going to occur which could go horribly wrong. Faced with this
> > > situation, I would definitely transfer the roles.
> > > If the DC were merely being rebooted and nothing else is
> > scheduled to
> > > occur, I would not transfer roles.
> > > The above 2 scenarios are very different - if one were to
> perform a
> > > risk analysis the actions taken to mitigate those risks would be
> > > suitably different.
> > > neil
> > >
> >
> ----------------------------------------------------------------------
> > > --
> > > *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of
> > *David Adner
> > > *Sent:* 29 November 2005 23:26
> > > *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> > > *Subject:* RE: [ActiveDir] FSMO role transfer
> > >
> > > I would only agree if you told me your DC's regularly
> fail to come
> > > back after a reboot. And if you did tell me that I'd have to say
> > > you're doing something wrong.
> > > I suppose I don't consider rebooting a DC to be quite the
> dangerous
> > > act as others do. To what degree is this taken? If it holds
> > a standard
> >
> > > Primary zone do you transfer that role, too? If it's the
> > PDCE of the
> > > forest root domain and you transfer the role, do you also
> > reconfigure
> > > the new PDCE to manually synchronize time from an authoritative
> > > source? I mean, if we're going to work under the
> assumption that a
> > > reboot is a regularly catastrophic causing event then
> it's probably
> > > time to switch OS's.
> > > Is it possible something unexpectedly horrible can happen
> > as part of a
> >
> > > reboot? Sure. But it better be the exception. And with
> > regards to FSMO
> >
> > > roles, which, barring some specific technical requirement they be
> > > readily available, the temporary outage of them is typically a
> > > transparent event and shouldn't require added
> > administrative overhead
> > > in transferring them back and forth. Accepting that a
> catastrophic
> > > event is an exception, then you follow your documented and tested
> > > activities to recover from that exception; ie: you seize
> the roles,
> > > restore from backup, etc.
> > >
> > >
> > --------------------------------------------------------------
> > ----------
> > > *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On
> Behalf Of *Rich
> > > Milburn
> > > *Sent:* Tuesday, November 29, 2005 4:26 PM
> > > *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> > > *Subject:* RE: [ActiveDir] FSMO role transfer
> > >
> > > Yeah but having "seize the FSMOs instead of moving
> them" as your
> > > fallback plan is like making sure you have a current backup in
> > > case "yanking the power cord instead of Start > Shutdown >
> > > Restart" causes file system corruption J
> > >
> > >
> > //------------------------------------------------------------
> > ----------
> > -///
> > > ///Rich Milburn///
> > > ///MCSE, Microsoft MVP - Directory Services///
> > > Sr Network Analyst, Field Platform Development
> > > Applebee's International, Inc.//
> > > //4551 W. 107th St//
> > > //Overland Park//, KS 66207//
> > > //913-967-2819//
> > >
> > //------------------------------------------------------------
> > ----------
> > //
> > > ///"I love the smell of red herrings in the morning" -
> > anonymous//
> > >
> > >
> > >
> >
> ----------------------------------------------------------------------
> > > --
> > >
> > > *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of
> > > *ChuckGaff@xxxxxxx
> > > *Sent:* Tuesday, November 29, 2005 11:56 AM
> > > *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> > > *Subject:* Re: [ActiveDir] FSMO role transfer
> > >
> > > If something went wrong you could still seize the FSMO
> > roles as an
> > > option rather than doing a transfer. Of course the
> > procedures for
> > > all of these for the 5 FSMOs should be documented just in case
> > > needed..
> > >
> > > Chuck
> > >
> > > /
> > >
> > --------------------------------------------------------------
> > ----------
> > > *-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY
> > NOTICE-------*
> > > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this
> > > message or any attachments. This information is strictly
> > > confidential and may be subject to attorney-client
> > privilege. This
> > > message is intended only for the use of the named
> addressee. If
> > > you are not the intended recipient of this message,
> unauthorized
> > > forwarding, printing, copying, distribution, or using such
> > > information is strictly prohibited and may be unlawful. If you
> > > have received this in error, you should kindly notify
> the sender
> > > by reply e-mail and immediately destroy this message.
> > Unauthorized
> > > interception of this e-mail is a violation of federal criminal
> > > law. Applebee's International, Inc. reserves the right
> > to monitor
> > > and review the content of all messages sent to and from this
> > > e-mail address. Messages sent to or from this e-mail
> address may
> > > be stored on the Applebee's International, Inc.
> e-mail system./
> > >
> > >
> > >
> >
> ----------------------------------------------------------------------
> > > --
> > >
> > > PLEASE READ: The information contained in this email is
> > confidential
> > > and intended for the named recipient(s) only. If you are not an
> > > intended recipient of this email please notify the sender
> > immediately
> > > and delete your copy from your system. You must not copy,
> > distribute
> > > or take any further action in reliance on it. Email is
> not a secure
> > > method of communication and Nomura International plc
> ('NIplc') will
> > > not, to the extent permitted by law, accept responsibility or
> > > liability for (a) the accuracy or completeness of, or (b)
> > the presence
> >
> > > of any virus, worm or similar malicious or disabling code
> in, this
> > > message or any attachment(s) to it. If verification of this
> > email is
> > > sought then please request a hard copy. Unless otherwise
> stated this
> > > email: (1) is not, and should not be treated or relied upon as,
> > > investment research; (2) contains views or opinions that
> are solely
> > > those of the author and do not necessarily represent
> those of NIplc;
> > > (3) is intended for informational purposes only and is not a
> > > recommendation, solicitation or offer to buy or sell
> securities or
> > > related financial instruments. NIplc does not provide investment
> > > services to private customers. Authorised and regulated by the
> > > Financial Services Authority. Registered in England no.
> 1550505 VAT
> > > No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand, London,
> > > EC1A 4NP. A member of the Nomura group of companies.
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
> >
> > PLEASE READ: The information contained in this email is
> confidential
> > and intended for the named recipient(s) only. If you are not an
> > intended recipient of this email please notify the sender
> immediately
> > and delete your copy from your system.
> > You must not copy, distribute or take any further action in
> reliance
> > on it. Email is not a secure method of communication and Nomura
> > International plc ('NIplc') will not, to the extent
> permitted by law,
> > accept responsibility or liability for (a) the accuracy or
> > completeness of, or (b) the presence of any virus, worm or similar
> > malicious or disabling code in, this message or any
> attachment(s) to
> > it. If verification of this email is sought then please
> request a hard
> > copy. Unless otherwise stated this email: (1) is not, and
> should not
> > be treated or relied upon as, investment research; (2)
> contains views
> > or opinions that are solely those of the author and do not
> necessarily
> > represent those of NIplc; (3) is intended for informational
> purposes
> > only and is not a recommendation, solicitation or offer to
> buy or sell
> > securities or related financial instruments. NIplc does
> not provide
> > investment services to private customers. Authorised and
> regulated by
> > the Financial Services Authority. Registered in England no.
> > 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> > Martin's-le-Grand, London, EC1A 4NP. A member of the
> Nomura group of
> > companies.
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
|
