I have a forest and single domain created additional domain controller if I type netdom query fsmo same results. Now question is how to transfer some roles and which are roles can be transferred again what is advantages? Second question additional domain controller and domain controller shows same result (if I type netdom query fsmo same results) meaning if domain controller is not avliable (fails) additional Domain controller will works as domain controller? Need not to transfer any roles? DC and ADC having same database stored locally (sysvol)?

Hi

 This is normal when you run "netdom query fsmo" it shows fsmo roles holder.(PDC).I usually prefer all fsmo roles on a DC(PDC) and it is a physcial server.

 DC and ADC have same DB stored,if PDC is not avaible and could not turn off again,just you can seize the fsmo roles to another avaible DC.

 So i recommned that all fsmo roles on a DC.

• Proposed as answer by Ethan HuaMicrosoft contingent staff, Moderator Thursday, July 16, 2015 7:10 AM

Hi Jumpav, 

Your DC and the ADC replicate the AD database so they will have the same information, please refer to the below link for more information on the FSMO roles and their movement and their related scenarios.

https://support.microsoft.com/en-us/kb/255504

Regards,

Sudhir Akupatni

• Proposed as answer by Ethan HuaMicrosoft contingent staff, Moderator Thursday, July 16, 2015 7:10 AM

Thanks again if PDC is down for temporally let say for a week it is needs to resize FSMO roles if we did not resize what will happen since PDC and ADC are same

Hi

 If PDC will turn on again,not need to transfer fsmo roles,But during this time;

- With the PDCE offline,users WHO have recently changed their passwords are more likely to get or Access errors,they will also be more likely to stay locked out if using Account Lockout policies.

- Time can more easily get out of sync,leading to kerberos authentication errors down the road.

- The PDCE being offline will also prevent the creation of certain well-known security groups and users when you are upgrading forests and domains.

- The adminSDHolder process wil not ocur when the PDCE is offline.

- You will not be able to administer DFS Namespaces

- it is where group policies are edited 8by default)

ALso check this How Operations Masters Work (PDCE section)

http://technet.microsoft.com/en-us/library/cc780487(WS.10).aspx

Thanks a lot last query what is mean by PDCE and adminSDH again difference between DC and ADC is need to see attributes? I saw when was created it looks same date if any other option to see difference between Domain controller and additional domain controller

Hi

AdminSDHolder;

https://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx

PDC Emulator;

https://msdn.microsoft.com/en-us/library/cc223752.aspx

again difference between DC and ADC is need to see attributes? I saw when was created it looks same date if any other option to see difference between Domain controller and additional domain controller

There is no specific attribute to distinguish between the two. People tend to think in terms of the first Domain Controller and additional Domain Controllers (ADCs), but in fact there might not be a difference between these Domain Controllers. Both provides the same functionality.
 

Regards,

Eth

Thanks a lot kindly let me know how to identify domain controllers and additional domain controllers

Thanks a lot kindly let me know how to identify domain controllers and additional domain controllers. I mean when was created since naming convention looks DC so I want to know how to identify primary Domain controller and additional domain controller needs see ant attributes? Or logs or folders etc?

If you run the command netdom query fsmo | find "PDC" you will see which server in your domain is the actual PDC (Primary Domain Controller).

To change one of the FSMO roles you have to open up dsa.msc (Active Directory Users and Computers) then right click on your root domain and select operation master. In the Window which open up you can transfer the roles to another DC.

• Marked as answer by jumpav 21 hours 58 minutes ago