WIN2K8 AD FSMO
Hello,
My present configuration :Single Domain, single DC
Server-A = Windows 2008 Standard SP2 (32bit non R2)
4 FSMO roles are on Server-A except "master infrastrcuture role" with is on a Server-B
Server-B does not exist any more (has been définitely disconnected 2 years ago without a regular DCPROMO)
In Active Directory both Server-A AND Server-B do appear since Server-B has never been correctly demoted.
In the event log many replications errors since Server-B does not physically exist but still appear in AD. Many NTFRS errors also related to same problem
Questions:
I am concerned about erasing server-B from AD since it still holds the "master infrastrcuture role' and I do not know if this role will by automatically transfered to server-A
I have also to add Server-C, a new W2K8 R2 server as a spare DC.
Should I add Server-C and promote it as a DC BEFORE solving the Server-B problem or AFTER solving this problem?
What is the best and the safest way to do all these changes ?
My present configuration :Single Domain, single DC
Server-A = Windows 2008 Standard SP2 (32bit non R2)
4 FSMO roles are on Server-A except "master infrastrcuture role" with is on a Server-B
Server-B does not exist any more (has been définitely disconnected 2 years ago without a regular DCPROMO)
In Active Directory both Server-A AND Server-B do appear since Server-B has never been correctly demoted.
In the event log many replications errors since Server-B does not physically exist but still appear in AD. Many NTFRS errors also related to same problem
Questions:
I am concerned about erasing server-B from AD since it still holds the "master infrastrcuture role' and I do not know if this role will by automatically transfered to server-A
I have also to add Server-C, a new W2K8 R2 server as a spare DC.
Should I add Server-C and promote it as a DC BEFORE solving the Server-B problem or AFTER solving this problem?
What is the best and the safest way to do all these changes ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Seize the infrastructure master role on the existing DC and delete the failed DC from AD.
Follow these two guides:
www.petri.co.il/seizing_fsmo_roles.htm
www.petri.co.il/delete_failed_dcs_from_ad.htm
Then run DCDIAG and verify your AD is healthy.
Follow these two guides:
www.petri.co.il/seizing_fsmo_roles.htm
www.petri.co.il/delete_failed_dcs_from_ad.htm
Then run DCDIAG and verify your AD is healthy.
Sieze the infrastructure master - if you delete the missing server from Server 2008, then it automatically does a clean-up (unlike Server 2003).
There is no reason not to have ALL the FSMO roles on s single server in a single domain environment - indeed its much more efficient.
The only time you ever need to worry about the placement of the infrastructure master is when you have a forest with multiple domains AND not all DCs are GCs. In all other cases, leave the Infrastructure master with the other roles.
There is no reason not to have ALL the FSMO roles on s single server in a single domain environment - indeed its much more efficient.
The only time you ever need to worry about the placement of the infrastructure master is when you have a forest with multiple domains AND not all DCs are GCs. In all other cases, leave the Infrastructure master with the other roles.
What you can do is seize the Master Infrasture Role as you will not be able to transfer the role. You can do this using the NTDSUTIL. I have provided a link below which will explain how to seize fsmo roles.
http://support.microsoft.com/kb/255504
With respect to the old DC you should clean up your schema and you can remove all traces of the old DC via ADSIEDIT. You should do, because if you have lingering objects in AD this can cause replication issues. The Infrastructure Master Role is effectively obsolete if all your DCs are Global Catalog Servers. Make sure when you create a new DC to make this a Global Catalog Server.
Kind regards,
JBond2010
http://support.microsoft.com/kb/255504
With respect to the old DC you should clean up your schema and you can remove all traces of the old DC via ADSIEDIT. You should do, because if you have lingering objects in AD this can cause replication issues. The Infrastructure Master Role is effectively obsolete if all your DCs are Global Catalog Servers. Make sure when you create a new DC to make this a Global Catalog Server.
Kind regards,
JBond2010
As I stated if this is server 2008, running at the Server 2008 functional level there ia no need to do a metadata cleanup - Server 2008 AD will do this automatically when the object is deleted in AD.
Hello,
I would suggest you to seize the Infrastucture master by using NTDSUTIL tool.
Perform below on server A
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to (IN your case Server A).
At the server connections prompt, type q, and then press ENTER.
Seize Infrasinfrastructure master
This will seize the infrastructure master to your Sever A.
Once this is done , You need to perform metadata cleanup of Server B (Who's reference still exists in AD due to improper demtion)
Refer below link to perform Metadata cleanup
http://support.microsoft.com/kb/216498
Also make sure none of the DNS Entry of server B exists in your DNS
Check this location in DNS
-Each & every sub folder inside _msdcs folder in DNS
-Name server tab in DNS
-Host records in DNS
Reference - http://blogs.msmvps.com/awinish/2011/05/08/metadata-cleanup-of-a-domain-controller/
After performing this wait till replicaiton happens. and Run Netdom query FSMO to check the Infrastructure Roles is now on Server A.
Once this is done you can go ahead and run DCPROMO On server C and make it as domain controller.
Thats it ... You are done.
Regards,
_Prashant_
I would suggest you to seize the Infrastucture master by using NTDSUTIL tool.
Perform below on server A
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to (IN your case Server A).
At the server connections prompt, type q, and then press ENTER.
Seize Infrasinfrastructure master
This will seize the infrastructure master to your Sever A.
Once this is done , You need to perform metadata cleanup of Server B (Who's reference still exists in AD due to improper demtion)
Refer below link to perform Metadata cleanup
http://support.microsoft.com/kb/216498
Also make sure none of the DNS Entry of server B exists in your DNS
Check this location in DNS
-Each & every sub folder inside _msdcs folder in DNS
-Name server tab in DNS
-Host records in DNS
Reference - http://blogs.msmvps.com/awinish/2011/05/08/metadata-cleanup-of-a-domain-controller/
After performing this wait till replicaiton happens. and Run Netdom query FSMO to check the Infrastructure Roles is now on Server A.
Once this is done you can go ahead and run DCPROMO On server C and make it as domain controller.
Thats it ... You are done.
Regards,
_Prashant_
ASKER
Many answers were OK, but this was the first one and it was OK
Thank you
Thank you
netdom query fsmo