Solved

Active Directory Replication

Posted on 2006-10-31
6
234 Views
Last Modified: 2010-04-18
Our network has been disjoined from a corporate AD topology. We have a PDC, Exchange Server and various member servers.
Q. Is there a time limit in which AD will stop working if the local PDC does not see the FSMO master ?
0
Comment
Question by:rvincenty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 17842717
Do you expect to rejoin the domain with the FSMO soon, or is this permenant?
It's it's permenant, seize the FMSO roles
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=2728
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 17842749
This link might be useful to you as well. http://www.geocities.com/bipinsavalia/MCSE/ImplementingandAdministeringWindows2000DirectoryServiceInfrastructure.htm
I'm not aware of a persay time limit, but you will start having troubles after awhile for sure.
0
 
LVL 8

Assisted Solution

by:garyrafferty
garyrafferty earned 100 total points
ID: 17844427
There is not a time limit that i am aware of but for certain functions the server will need to access the FSMO role see below

Schema master - failure will only be noticeable to admins when they are trying to modify the schema - it will not affect network users. Seizing the role to the standby should only be done when the master has failed permanently. Use the AD Schema MMC snap-in to transfer roles.

Domain naming master - failure will only be noticeable to admins when they are trying to add or remove domains - it will not affect network users. Seizing the role to the standby should only be done when the  master has failed permanently. Use the AD Domains and Trusts console to transfer roles.

RID master - failure is not visible to network users. Admins will notice it is dead if they are trying to create objects in a domain that has run out of relative identifers. Don't seize the role to the standby unless the master has failed permanently. Use the AD Users and Computers (dsa.msc) console to transfer roles.

Infrastructure master - failure is not visible to network users. Will only be visible to admins if they have recently renamed and moved a large number of accounts. Role can be seized to a DC that is not a global catalog server but is well-connected to one - the role can be returned to the original later on. Use the AD Users and Computers (dsa.msc) console to transfer roles.

PDC emulator - affects network users, especially those using non W2K clients. Role may need to be seized to the standby immediately. The role can be returned to the original DC later on when it has been brought back online. Use the AD Users and Computers (dsa.msc) console to transfer roles.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 19

Accepted Solution

by:
feptias earned 200 total points
ID: 17845940
"AD sites must replicate at least every 60 days. AD will start to throw away objects that have not been used for 60 days or more, so if you have two sites that become disconnected for more than 60 days then the DC's on one site might have a different picture of the AD universe than the DC's at other sites."

This was extracted (loosely) from the book by Mark Minasi, Mastering Windows Server 2003, Copyright Sybex. I assume he knows what he is talking about. He goes on to strongly recommend that you should not reconnect a DC to the network that has been unable to replicate to the AD for more than 60 days.

I would not expect this to mean that "AD will stop working" at one site after 60 days, just that there will be irreconcilable differences between the AD's on the two sites.

Hope this helps.

0
 

Author Comment

by:rvincenty
ID: 17846031
We will not join the previous domain anymore. I need to keep the same AD scheme past the 60 days. I assume once I seize the FSMO roles to the local DC and "clean" the AD from those objects that I don't need, I should be OK ?
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 17846129
you should be ok, yes. Just seize the FMSO roles and all should be well.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question