FSMO role issues after demoting and re-promoting server

Discussion in 'Active Directory' started by Kremlar, Jan 8, 2006.

  1. Kremlar

    /kj Guest

    I have done it with virtual machines and test labs, once intentionally. ;-)
    This would be the way to "experiment" and satisfy ones curiosity,

    It's just such a risky proposition. I just can't imagine what reason would
    be great enough to attempt this intentionally in a production environment.

    /kj

    "Jorge de Almeida Pinto"
     
    /kj, Jan 11, 2006
    #21
    1. Advertisements

  2. Kremlar

    Paul Bergson Guest

    Thats why I always get it out of the domain and back in. To much black
    magic I don't understand, although Herb has convinced me that piece isn't
    necessary.

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.

     
    Paul Bergson, Jan 11, 2006
    #22
    1. Advertisements

  3. Kremlar

    Herb Martin Guest

    Yes, but unless you are adding objects WHILE doing the DCPromo
    that will not happen.

    You would have to add some number of objects also (each DC
    has a pool.)

    But I will bet (although I don't know) that RID servers do NOT
    use the same (exact) mechanism to hand out RIDs but probably
    have some method to specialize the RID based on themselves.
    I take it that he left it online?
    I agree; that is the kind of goofy stuff I mean. Something is
    not right about the domain and it may be difficult to pin down
    like you did with duplicate RIDs.

    Maybe that is all there is...but like you I suspect there is
    more.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]

     
    Herb Martin, Jan 11, 2006
    #23
  4. Kremlar

    Herb Martin Guest

    I am 100% (as much as on anything) about the DCPromo cycle
    being sufficient.

    I am slightly less convinced about the safety of bringing it
    online for 5 minutes to demote.

    The latter seems to work just fine, but the problems with
    seized-roles DCs is so subtle sometimes as to be difficult
    to give a definite answer.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Jan 11, 2006
    #24
  5. Kremlar

    /kj Guest

    Although I agree that demoting and re-promoting is sufficient, my first
    choice is to rebuild it from scratch. Perhaps just my ultra conservative
    approach to AD and DC's.

    And my reasoning is that something caused the original DC to belly up. If it
    was so bad that it couldn't be restored conventionally, might there be other
    lingering "issues" with drivers / os files, etc.

    To often though it wasn't just a pure DC and the demote/repromote is the
    preferred choice.

    /kj
     
    /kj, Jan 11, 2006
    #25
  6. Kremlar

    /kj Guest

    There's a little info in http://support.microsoft.com/kb/305475/en-us and I
    suspect that the "RidNextRid" may be involved. I'm with Paul, too much of
    this gives me a headache I don't need.

    Yes, the client left it alone. Never "cycled" it as far as I know. It had
    been back on line for a couple of days before I got there and sorted out the
    chronological string of events.

    Haven't heard any major quarks from him lately, but I too would wager
    somewhere down the road a PSS call is comming.

    Speaking of which, maybe I'll try pinging a couple of PSS guys and see it
    they can share some siezed fsmo horror stories. - ought to be entertaining.

    /kj

     
    /kj, Jan 11, 2006
    #26
  7. me neighter

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    # Jorge de Almeida Pinto #
    BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    -----------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    -----------------------------------------------------------------------------


    -----------------------------------------------------------------------------
     
    Jorge de Almeida Pinto, Jan 11, 2006
    #27
  8. 100% confident about force demoting offline, cleanup metadata (let that
    replicate) and re-introduce afterwards

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    # Jorge de Almeida Pinto #
    BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    -----------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    -----------------------------------------------------------------------------


    -----------------------------------------------------------------------------
     
    Jorge de Almeida Pinto, Jan 11, 2006
    #28
  9. Kremlar

    Paul Bergson Guest

    Did you ever get nominated for MVP in Directory Services? You are
    constantly in here.

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Jorge de Almeida Pinto"
     
    Paul Bergson, Jan 11, 2006
    #29
  10. well.... it keeps me off the streets! ;-))

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    # Jorge de Almeida Pinto #
    BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    -----------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    -----------------------------------------------------------------------------


    -----------------------------------------------------------------------------
     
    Jorge de Almeida Pinto, Jan 11, 2006
    #30
  11. and AD and directory services is cool!

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    # Jorge de Almeida Pinto #
    BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
    -----------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test before implementing!
    -----------------------------------------------------------------------------


    -----------------------------------------------------------------------------
     
    Jorge de Almeida Pinto, Jan 11, 2006
    #31
  12. Kremlar

    Herb Martin Guest

    Please do. I suspect they want have anything clear cut --
    not because it isn't BAD, but because it is go intermittent
    and sometimes subtle but I would love to hear the result
    of the ping....

    More importantly, I suspect, would be to see some architecture
    or design discussion from the dev group about what is going
    on in seized-role and why the following doesn't even work:
    (I tried it)

    [Seized-role DC is brought back online]
    Transfer role back to 'seized-role' DC
    Transfer role again to 'new' DC

    Even this was unsatisifying but again I cannot prove it was
    due to seize-role effects.


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Jan 11, 2006
    #32
  13. Kremlar

    Herb Martin Guest

    Could be, my original experience was with "hardware down"
    where the DC was fine but needed a new [video card or something]
    and so wasn't any big deal other than the seizure.

    As to "couldn't be restored" then I would agree but that is
    separate from the seizure.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]

     
    Herb Martin, Jan 11, 2006
    #33
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.