As we’re implementing a migration from Windows 2003/Exchange 2003 to Windows 2008/Exchange 2007 at work at the moment I’ve been doing a lot of reading on FSMO placement for the new domain controllers. I found this article which gives a clear outline of how it should be done.
How to setup a group policy central store for Windows 2012 and Office 2013 administrative templates (ADMX).
A Windows Active Directory LDAP query fails or is authenticated as "NT AUTHORITY\ANONYMOUS LOGON" even though you entered correct domain credentials. The problem is caused by "pwdssp.dll" missing from a registry key.