Announcement

Collapse
No announcement yet.

FSMO Role Transfer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • FSMO Role Transfer

    In my organization i have single Domain Controller running on Server 2008 R2 Std. i installed server 2008 r2 std on separate machine. i make this server as ADC. I wanted to make this ADC as PDC so that i can demote the current PDC.
    I seized and transfer all 5 FSMO roles from current PDC to ADC, all the roles transfered success fully.When i run the command netdom dsquery:PDC it returned me the name of newly promoted PDC . But when i checked operation master from Active Directory User and Configuration i found error which are attached with this message.

    MY old DC name is NEFSVRADB.nef.local
    and New ADC name is NEFSVRADC.nef.local.

    I couldn't understand the root cause for this issue.

    Thanks in Advance
    Attached Files
    Last edited by Kamal18sharma; 4th October 2012, 19:12.

  • #2
    Re: FSMO Role Transfer

    Originally posted by Kamal18sharma View Post
    I seized and transfer all 5 FSMO roles from current PDC to ADC
    How exactly did you move the FSMOs -- if I read the above correctly, your mistake was seizing the FSMOs -- you should only do this when the original DC is offline and will NEVER, EVER, come back.
    You should have transferred them gracefully.
    If that is the case, your only solution may be to flatten the original DC
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: FSMO Role Transfer

      Did you seize or transfer the roles.

      Oops too late Ossian was first.
      Last edited by gerth; 4th October 2012, 19:18. Reason: to late
      gerth

      MCITP sa, ea & va, [email protected]

      Comment


      • #4
        Re: FSMO Role Transfer

        Originally posted by Ossian View Post
        How exactly did you move the FSMOs -- if I read the above correctly, your mistake was seizing the FSMOs -- you should only do this when the original DC is offline and will NEVER, EVER, come back.
        You should have transferred them gracefully.
        If that is the case, your only solution may be to flatten the original DC
        Thanks for Reply.
        I understand that for transferring the FSMO roles seizing was not required and i first Seized the Roles and then Transfer the Roles , a big mistake.

        Comment


        • #5
          Re: FSMO Role Transfer

          Originally posted by gerth View Post
          Did you seize or transfer the roles.

          Oops too late Ossian was first.
          I first Seize the roles and then transfer.

          Comment


          • #6
            Re: FSMO Role Transfer

            OK, so you actually seized the FSMOs -- I am pretty sure your only option is to turn off the original DC (don't try demoting), delete the computer account in AD and do a metadata cleanup on your active directory. Format and reinstall the DC, join it to the domain (preferably with a new name, but certainly with a new computer account), and do a DCPROMO.

            You may want to see if anyone gives an alternative solution before you take so drastic a step, but I strongly suspect there arent any.

            What else does the original DC do?

            (There is no need to post the same thing twice above )
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: FSMO Role Transfer

              As Ossian has already indicated, you should not try to demote it.
              • Verify the services it is running; if a DNS server, ensure that all Clients and DHCP are re-pointed at another DNS server. Also, check if it has DHCP and so on and migrate it to another server
              • Turn it off
              • Delete the computer account
              • Do a metadata cleanup using NTDSUTIL
              • Ensure the server node (for the one you are removing) is deleted from AD Sites and Services
              • Format and reinstall
              • Join it a a member server of the Domain
              • DCPROMO it and also make it a GC
              • Optionally, migrate services back to it
              • Optionally, transfer FSMO roles back to it

              Comment

              Working...
              X