AD FSMO role Seizure

This topic contains 4 replies, has 4 voices, and was last updated by Avatar Anonymous 10 years ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    phemmy
    Member
    #144899

    I recently seize RID, Infrastructure, Domain naming master, PDC from our current DC after we managed to bring it back online and the roles could not be transfered. I was able to transfere the Schema Master role successfully. The momement i powered down the current DC, users could no longer access Exchange mail box and we couldnt work on the ADUC console. Please help.

    Thanks

    Avatar
    stamandster
    Member
    #280348

    Re: AD FSMO role Seizure

    Let me get this straight

    One DC that held all the roles for the domain failed. You were able to bring the DC back online.

    After you brought the DC back online did you transfer, or seize, all, or some, of the roles to a secondary DC?

    From what I can gather you seized the roles of RID, Infrastructure Master, Domain Naming and PDC. While this failing DC was online. However, you also transferred the role of Schema Master while the DC was also still online.

    I hate to be pedantic but it’s crucial to know.

    A couple of things. You should never seize roles of an online DC. You will have issues. If you seize roles you must never bring the DC online that was once holding this roles. You must always transfer roles of an online DC.

    Please check your event logs for errors. Check for replication errors using replmon and repadmin. Also, make sure that your connections are pointing to the correct DNS server.

    Avatar
    ikon
    Member
    #354230

    Re: AD FSMO role Seizure

    Yes you need be alot more clear on what you did?

    Did you always have 2 DC’s in your domain?

    It important that the second DC had a full replication before you seized the roles.

    run this command on the DC “netdom query fsmo”

    does it list all roles?

    You migth be lucky and the problem might just be DNS and all you need to do is delete the SRV records for old DC and make sure you have SRV records for new role holder.

    Avatar
    Anonymous
    #367248

    Re: AD FSMO role Seizure

    Thanks guys, you are both correct, I seized some roles and transfered only Schema. I gave the instructions over the phone when the failure happend. so it skipped my mind to tell them to take the the first DC offline after the seizure. I got an error mesage “Operation failed , Active Directory- Exchange Extension” on the new DC when i powered down the first DC. But the moment i powered on the Dirst DC, everything is normal again. i knwo this is not right. What can i do to remedie the situation. Will removing the SRV record of the first DC in DNS solve this problem

    Avatar
    ikon
    Member
    #354231

    Re: AD FSMO role Seizure

    Usually what happens is the Non FSMO role holder DC’s still get a full replication of AD etc so as long as the new DC had a recent update it ill have all AD information upto date, and it must be acting as the FSMO roles holder.

    the problem is you havent had a smooth sieze or transfer of the roles and AD is not in a clean state.

    so you must first check DNS to see where all clients and servers inc the DC itself is looking for AD Services, these are the SRV records in DNS.

    before you start to mess with anything, what is you disaster recovery plan if any at all?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.