Announcement

Collapse
No announcement yet.

AD FSMO role Seizure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD FSMO role Seizure

    I recently seize RID, Infrastructure, Domain naming master, PDC from our current DC after we managed to bring it back online and the roles could not be transfered. I was able to transfere the Schema Master role successfully. The momement i powered down the current DC, users could no longer access Exchange mail box and we couldnt work on the ADUC console. Please help.

    Thanks

  • #2
    Re: AD FSMO role Seizure

    Let me get this straight

    One DC that held all the roles for the domain failed. You were able to bring the DC back online.

    After you brought the DC back online did you transfer, or seize, all, or some, of the roles to a secondary DC?

    From what I can gather you seized the roles of RID, Infrastructure Master, Domain Naming and PDC. While this failing DC was online. However, you also transferred the role of Schema Master while the DC was also still online.

    I hate to be pedantic but it's crucial to know.

    A couple of things. You should never seize roles of an online DC. You will have issues. If you seize roles you must never bring the DC online that was once holding this roles. You must always transfer roles of an online DC.

    Please check your event logs for errors. Check for replication errors using replmon and repadmin. Also, make sure that your connections are pointing to the correct DNS server.
    GoogleFu is strong with this one ^

    Comment


    • #3
      Re: AD FSMO role Seizure

      Yes you need be alot more clear on what you did?

      Did you always have 2 DC's in your domain?

      It important that the second DC had a full replication before you seized the roles.

      run this command on the DC "netdom query fsmo"

      does it list all roles?

      You migth be lucky and the problem might just be DNS and all you need to do is delete the SRV records for old DC and make sure you have SRV records for new role holder.
      MCSE 2003; MCTS Vista; Sec+; CCNA
      Attitude Makes The Difference!
      in other words you got to WANT to do it..

      Comment


      • #4
        Re: AD FSMO role Seizure

        Thanks guys, you are both correct, I seized some roles and transfered only Schema. I gave the instructions over the phone when the failure happend. so it skipped my mind to tell them to take the the first DC offline after the seizure. I got an error mesage "Operation failed , Active Directory- Exchange Extension" on the new DC when i powered down the first DC. But the moment i powered on the Dirst DC, everything is normal again. i knwo this is not right. What can i do to remedie the situation. Will removing the SRV record of the first DC in DNS solve this problem

        Comment


        • #5
          Re: AD FSMO role Seizure

          Usually what happens is the Non FSMO role holder DC's still get a full replication of AD etc so as long as the new DC had a recent update it ill have all AD information upto date, and it must be acting as the FSMO roles holder.

          the problem is you havent had a smooth sieze or transfer of the roles and AD is not in a clean state.

          so you must first check DNS to see where all clients and servers inc the DC itself is looking for AD Services, these are the SRV records in DNS.

          before you start to mess with anything, what is you disaster recovery plan if any at all?
          MCSE 2003; MCTS Vista; Sec+; CCNA
          Attitude Makes The Difference!
          in other words you got to WANT to do it..

          Comment

          Working...
          X