Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FSMO Role duplication.

Posted on 2006-10-28
7
Medium Priority
?
454 Views
Last Modified: 2010-04-13
I have a client who has 3 sites, which until this spring were connected by a VPN, managed by their ISP.  This WAN had a single domain, and 3 WIn2000 AD DC's.  This summer sometime, the client decided to begin managing their own WAN, and broke the VPN.  However, it wasn't noticed until the start of the school year.  (It's a school system)

I was on-site there for the 1'st time on Fri, and made a mistake... since the other servers were unavailible do to the VPN, (the previous network manager is unavailable to explain anything) I siezed all the FSMO roles I could at a remote site, thinking they had an improperly performed upgrade.  (they had obsolete hardware that I thought was the other 2 servers, taken offline)

I can NOT seize the GC role...  This will be a big problem.

Repairing the VPN will be the 1'st step, but what kind of trouble can I expect when I get them back on the same WAN, with the duplication of FSMO's?  2 RID & Schema Masters?  If I remember right, I even went so far as to delete the machine account for the REAL Schema & RID Master... Is this going to take an Authoritative Restore to fix?
0
Comment
Question by:hvymtl0u812
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 15

Expert Comment

by:plimpias
ID: 17827813
Here is what i would do since its early in the game. Do a system state restore as the dc was on thursday. Its going to create many many problems not only with your server but the other servers also if you bring that VPN up. You best solution would be to restore, it's early so now is the time to do it.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17828012
Hi hvymtl0u812,

Once you seize a role, you can not bring the old server back into the equation.  plimpias is correct, a restore is the way to go.

Also, there is no GC role to seize.

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
http://www.petri.co.il/seizing_fsmo_roles.htm

-red
0
 
LVL 2

Author Comment

by:hvymtl0u812
ID: 17831408
I would have restored a sys-state backup already... only 1 prob... they weren't DOING backups.  None... nada.  EVER.

(This is why they needed my help in the 1'st place.)

Ok... so because of that, my thought is: perform a sys-state backup of the other machine... (the one that had been holding all the roles)  Then use AD Recovery Console and perform a non-authoratative restore.  (After bringing up the VPN).  Wouldn't that just tell the screwed up server to re-aquire all its AD info from another AD server?

And there must be a GC.  Global Catalogs are necessary to service logon requests... (and since I couldn't get that role to seize, the EVENT VIEWER will see alot of errors related to "a Global Catalog Server could not be contacted")
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 1000 total points
ID: 17831472
Yes, there must be a GC - but this is not an FSMO role, and is not "seized"

http://support.microsoft.com/kb/313994

If you perform a system state backup of the one that was holding all the roles, and restore it to the same server, what are you expecting that will do?

You will need to format and reinstall it with a different name - join it to the domain, and start again

-red
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 1000 total points
ID: 17831610
the GC isn't a ROLE at all!!!!!

making a DC a GC is just giving that DC a FULL copy of the AD database.  It is NOT a role and thus cannot be 'transfered' like the 5 FSMO roles.  Also, EVERY DC can be a GC if you would like it to be (and SHOULD be done for redundancy as you are finding out).  

also, you stated that a GC is needed for authentication which is only 1/2 true.  A GC is needed for authentication BY DEFAULT, but it can be changed if you wish.  Sorry, i just don't like seeing technically incorrect info on here since others will search the site later for reference.  
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question