I needed to move our FSMO roles to a centralised server today, the main cause for this was firewall ruling (cannot add rules mid-week) and an urgent requirement for Domain controllers in our Azure Production environment.
We were unable to dcpromo our Azure server and after 2 days of troubleshooting, wiresharking and several work-a-rounds – we decided to move the FSMO roles yet again. Now, I know for a fact that continuously moving the FSMO roles is NOT HEALTHY for a domain environment, I was totally against it, but I bit the bullet and did as I was told.
They are now in their new home, On-Premise Site A, and will not be moved again. However, due to Microsoft best practice, we will split the Schema master and Domain Naming Master off to DC2 once all firewall rules are in place.
Continue reading Step by Step Moving FSMO roles in Server 2012 R2