[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


FSMO seized - failed server online - what now?

Posted on 2006-06-20
Medium Priority
Last Modified: 2010-04-13
I have a very simple network with about 10 workstations (windows xp) and 2 domain controllers (windows 2000).  

Roughly 3 weeks ago the primary domain controller was having serious stability issues and I was unable to get it to boot for a successfull transfer of FSMO roles.  As users were unable to login I seized the FSMO roles on secondary DC and operations resumed as normal.

Now I have the unstable server back online how do I inform this server that it is no longer pdc master.   When trying to access the Operations Masters tab through active directory I am unable to use the "change roles" as it is unable to contact the current FSMO.  Im assuming it still thinks it is the current FSMO but it has been stripped away.

Is there a way to manually fix it through NTDSutil?

Do I have to reinstall windows again?

The unstable server is also the Exchange server (go figure?) and the re-installation of this one would be tricky?

Would I be better off requesting a server upgrade (it is a bit underpowered for an exchange server) and migrate the current exchange 2000 to a windows 2003/exchange 2003 enviornment?
Question by:mulcahyj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 13

Accepted Solution

Kini pradeep earned 300 total points
ID: 16944893
no you need not reinstall windows but you cannot keep the old role master online,
you need not to rmove that m/c as a dc.
a normal dcpromo might not work, get that DC offline again and demote it with dcpromo /forceremoval (make sure sp4 ) then do a metedata cleanup.  
readd the m/c after deleting any of its dns entries and then again promote it to a dc.
i think thats the only way out, if you find anything new let me know.

Author Comment

ID: 16945480
will the dcpromo /forceremoval have an effect on the exchange installation?  
LVL 13

Expert Comment

by:Kini pradeep
ID: 16945758
do not have much experience with exchange, but the dcpromo /forceremoval should not impact the exchange, because what it does is it demotes the domain controller without notifying any other DC in the domain, due to which we have to do the metadata cleanup.
but make sure you have exchange backed up, if you have a good backup then you need not worry abou anything.

Author Comment

ID: 16953811
Here is what I have decided to do, although I have not done this as of yet.  

I am going to make the unstable server the operations master once again. The reason I want to do this is because this machine is running my exchange service which requires active directory.  I can not do a dcpromo /forceremove on this box as it could potentially have drastic effects on my exchange.  I have sifted through some other problems somewhat similar to mine and removing and reinstalling exchange seems to be a rather large headache.

So the current machine holding the operations master fsmo roles, the power house, I will dcpromo /forceremove him and do the metedata cleanup.
After this is complete I will make sure our exchange server is once again in full control of the network.  (is this possible?  Can i seize the pdc master back after it has been seized away?)
Once everything is running as intended I will bring our powerhouse back online, dcpromo him back as a domain controller.

Now here is what I would like to end up with.  The exchange server I just want to be an exchange server (requires active directory so i cant demote him)  And the power house server is where i want all the login, dns, profiles, file storage ect. to be taking place. (this server is built for this type of service)

So after this server is back online and promoted as an additional domain controller of that domain. Is this when i should TRANSFER fsmo roles to him?  Do I need to do anythingn else besides the 5 roles to make him the big man in the domain?

- Jason
LVL 13

Expert Comment

by:Kini pradeep
ID: 16953961
well since you have 2 Dc's in the domain
exchange and powerhouse.
exchange previously had the FSMO roles which were seized to powerhouse, now according to your strategy, what you would need to do is take powerhouse offline.
get exchange online, (make sure its a GC as well). no need to seize the roles back because exchange would still show the FSMO roles (they were seized and not transferred so ideally the server should not be brought online before a metadata cleanup).

few things to remember :
backup the Dc's.
take the powerhouse offline.
bring the exchange online.
make sure the domain is functional, up and kicking.
if you can afford to bring a swing server online ( another piece of hardware) as a Dc would be good, it would eliminate any harm to the domain.
do a metadata cleanup for the powerhouse Dc on exchange.
do a dcpromo /forceremoval on the powerhouse.
add it to the domain and then promote it.
make sure the replication among the Dc's is consistent (AD as well as file replication)
then transfer the fsmo roles to powerhouse and do a graceful demotion on exchange and keep it as only an exchange server.
i know its gonna be time consuming but its good to take precautions to prevent a Dissaster.
let me know if i could be of any further assistance.

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question