FSMO transfer from offline DC

Discussion in 'Active Directory' started by Mike, Sep 2, 2009.

  1. Mike

    Mike Guest

    Hi,

    I have one question concerning FSMO roles.
    In the domain we have 2 DC, both GC and DNS for redundancy.
    DC1 is fsmo holder. Yesterday, I lost SCSI controller on it so the server is
    offline.

    Fortunately, users can logon into domain with no problems.

    Question:
    How can I transfer FSMO roles from offline DC1 to online DC2?

    Many thanks in advance for your help.

    Mike
     
    Mike, Sep 2, 2009
    #1
    1. Advertisements

  2. Mike

    josé Guest

    josé, Sep 2, 2009
    #2
    1. Advertisements

  3. Hello Mike,

    It is not only FSMOs that must be seized. But if you have seized the FSMO
    roles to the other DC NEVER bring back the old DC from backup or whatever
    way. Youhave to remove it complete from the AD databse, DNS zones etc.

    Here are the additional steps described:
    http://support.microsoft.com/kb/555846/en-us

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Sep 2, 2009
    #3
  4. Mike

    Mike Guest

    you have to do a seizure : see http://support.microsoft.com/kb/255504
    Thanks for the answer José.
    How can I seize roles from the server who is offline?

    Thanks
     
    Mike, Sep 2, 2009
    #4
  5. Mike,
    You do that just as described in the articles posted. The old FSMO role
    owner doesn't have to be online (that would be a "role transfer"). You
    basically use ntdsutil or the GUI tools and tell the other DC to take
    over the roles.

    Make sure you don't bring DC1 (offline now) not online again if you
    seize the roles. If it is forseable that it will be online again the
    next couple of hours/days, you probably best leave the situation alone
    as AD can work without FSMO roles online for a short time.

    Cheers,
    Florian
     
    Florian Frommherz [MVP], Sep 2, 2009
    #5
  6. Mike

    Mike Guest

    Thank you for the answer Florian,
    Ok, I understand tranfer of roles. However, seizures for my understanding
    would like to say
    "seize the roles an leave it in some "untaken" state until someone take it
    back".

    So should I do all roles seizures and after take it back (how?), or by doing
    seizures from living DC, the roles will be automatically assigned to him?
    I'm not sure that my explaination are crystal clear :)

    I think that the offline DC will not be taken online again. May be that we
    will reinstall new server from scracth and promote it
    to DC/GC for redondouncy reasons, but FSMO roles will stay on new roles
    holder.

    Regards,

    Adi
     
    Mike, Sep 7, 2009
    #6
  7. Hello Mike,

    See my answer to your posting, if you have seized the FSMO roles to another
    DC, NEVER bring back the DC online which has them before. Because that DC
    still is in it's own database the FSMO role holder. The result will be to
    have 2 DCs with the FSMO roles.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Sep 7, 2009
    #7
  8. Howdie!
    Well, it is actually "force another DC to take over the role and notify
    others that the old owner doesn't have the role anymore".
    As said: if you're seizing the roles, you cannot bring back online the
    former role owner. It would try to impersonate the role again and that
    could lead to double RID/SID problems, schema problems and the like. If
    you seized the role, you need to flatten the former role owner and
    re-install it. That would involve a manual metadata cleanup on the
    directory.

    Cheers,
    Florian
     
    Florian Frommherz [MVP], Sep 7, 2009
    #8
  9. that's called SEIZE role when source DC is not alive anymore

    see:
    http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------

    __________ Information from ESET Smart Security, version of virus signature database 4508 (20091014) __________

    The message was checked by ESET Smart Security.

    http://www.eset.com
     
    Jorge de Almeida Pinto [MVP - DS], Oct 14, 2009
    #9
  10. Mike

    jlwali

    Joined:
    Sep 6, 2017
    Messages:
    1
    Likes Received:
    0
    i have a problem when transfer of the operations master role cannot be performed because the requested FSMO operation failed. the current FSMO holder could not be contacted..

    when i run netdom query fsmo

    C:\Documents and Settings\james>netdom query fsmo
    Schema owner zssfserver.zssf.local

    Domain role owner ZSSFSERVER1.zssf.local

    PDC role zssfserver.zssf.local

    RID pool manager ZSSFSERVER1.zssf.local

    Infrastructure owner zssfserver.zssf.local

    The command completed successfully.

    NB: zssfserver is the server i want to be a Primary Domain Controller & ZSSFSERVER1 is the server which is offline/corrupt/formatted

    please assist
     
    jlwali, Sep 6, 2017
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.