Error while Transferring FSMO Roles

Discussion in 'Active Directory' started by gonnabokay, Apr 7, 2008.

  1. gonnabokay

    gonnabokay Guest

    We currently have 2 DCs in our domain. We are planning to add a 3rd and then
    demote the oldest DC.

    The old DC that we want to demote has the Operations master roles for the
    domain. (multi-domain forest).

    Before the cutover and demotion of the old server we wanted to transfer the
    FSMO roles to the 2nd DC in our domain.

    While transferring the Infrastructure Role we receive this error:
    The Infrastructure operations master role should not be transferred to a gc
    server.

    The server we want to transfer the role to is indeed a GC. But...the server
    we want to transfer from is also a GC. In fact, all DCs in our forest are GCs.

    Since the old server that we want to transfer roles from and the new server
    that we want to transfer roles to are both GCs....is it okay to go ahead and
    transfer the roles?

    Thanks...

    gonnabokay
     
    gonnabokay, Apr 7, 2008
    #1

    1. Advertisements

  2. gonnabokay

    Joseph T Corey Guest

    Are all of the DCs in the forest GCs? If so (and you plan to keep it that
    way), it would be safe to transfer the Infrastructure Master role to a GC.
    The problem is introduced when you have a multidomain environment where all
    DCs are not GCs. Check out the following KB:

    http://support.microsoft.com/kb/223346/
     
    Joseph T Corey, Apr 7, 2008
    #2

    1. Advertisements

  3. gonnabokay

    Paul Bergson [MVP-DS] Guest

    Paul Bergson [MVP-DS], Apr 8, 2008
    #3
  4. gonnabokay

    Ziad K. Chafi Guest

    Hello,
    I noticed that you are working in a multi-domain forest, as you said, in
    this case, placing the IS role on a GC will cause some conflicts, especially
    if you are giving cross domain permissions, i.e. granting users from other
    domains access to local resources, resulting in displaying the SID of the
    foreign security principals instead of the acutal name. Now since you have 2
    DCs, it is recommended to stop the GC service on the DC that will hold the IS
    role, afterall, you do not need all your DCs to be GCs.

    Hope it helps...
     
    Ziad K. Chafi, Apr 8, 2008
    #4
  5. gonnabokay

    Jorge de Almeida Pinto [MVP - DS] Guest

    that is a message from Windows that is not ablways correct, because it
    depends on the IF.....

    for a single domain forest make all DCs a GC (IM can be on any DC)

    for a multiple domain forest
    http://blogs.dirteam.com/blogs/jorg...frastructure-master-fsmo-and-the-gc-role.aspx

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], May 16, 2008
    #5

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Transferring FSMO roles

  2. Transferring FSMO roles

  3. Transferring FSMO roles using a script

  4. Transferring Fsmo roles

  5. Transferring FSMO roles

  6. FSMO Roles Where should the master roles be "In House" or at "DR"

  7. transferring fsmo roles from the first dc in the forest

  8. transferring fsmo roles

Loading...