So I have two different domain controllers on the same domain that reside on their own subnets. Domain controller A is the PDC with all the FSMO roles and Domain Controller B is on the other subnet (setup for its own DNS and GC). All policies are saved in the Certificate Store for the domain to ensure policies are enforced.
Sites and services is setup for a site and subnet for each. The idea for domain controller B is that at some point I have to bring down domain controller A and B should be able to provide services on its own without A.
All clients on the first subnet are pointed towards domain controller A for DNS and use it for authentication. The same goes for users on the other subnet for B.
We tested this today by breaking our connectivity link and ensuring DC B could not rely on A for anything. We were able to have a user validate logging into a client that was not cached, the only take away was that it took forever to generate a profile for this user. We tried to go a gpresult /r and it is using DC B to authenticate but errors out when trying to pull user policies.
Also, on DC B it took forever for me to connect to group policy / ADUC / etc. Initially told me it couldnt connect to domain services and gave me a choice to connect to another DC other than the PDC. I connected to DC B and I was able to get back into group policy.
Do I need to transfer FSMO roles to the DC B once the DC A goes down? Or is there something else I need to check to have this work? The best way I can describe on the how /why portion is that we will be in a fixed location (DC A & B collocated), a portion will be told to move to another location, they will fall in on that other subnet (DC B will move to this location), then DC A will shut down until the fall in on the DC B location. While DC A is shutting down and moving, the DC B needs to be able to provide services for users.