Solved

Active Directory Replication

Posted on 2006-10-31
6
192 Views
Last Modified: 2010-04-18
Our network has been disjoined from a corporate AD topology. We have a PDC, Exchange Server and various member servers.
Q. Is there a time limit in which AD will stop working if the local PDC does not see the FSMO master ?
0
Comment
Question by:rvincenty
6 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 17842717
Do you expect to rejoin the domain with the FSMO soon, or is this permenant?
It's it's permenant, seize the FMSO roles
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=2728
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 17842749
This link might be useful to you as well. http://www.geocities.com/bipinsavalia/MCSE/ImplementingandAdministeringWindows2000DirectoryServiceInfrastructure.htm
I'm not aware of a persay time limit, but you will start having troubles after awhile for sure.
0
 
LVL 8

Assisted Solution

by:garyrafferty
garyrafferty earned 100 total points
ID: 17844427
There is not a time limit that i am aware of but for certain functions the server will need to access the FSMO role see below

Schema master - failure will only be noticeable to admins when they are trying to modify the schema - it will not affect network users. Seizing the role to the standby should only be done when the master has failed permanently. Use the AD Schema MMC snap-in to transfer roles.

Domain naming master - failure will only be noticeable to admins when they are trying to add or remove domains - it will not affect network users. Seizing the role to the standby should only be done when the  master has failed permanently. Use the AD Domains and Trusts console to transfer roles.

RID master - failure is not visible to network users. Admins will notice it is dead if they are trying to create objects in a domain that has run out of relative identifers. Don't seize the role to the standby unless the master has failed permanently. Use the AD Users and Computers (dsa.msc) console to transfer roles.

Infrastructure master - failure is not visible to network users. Will only be visible to admins if they have recently renamed and moved a large number of accounts. Role can be seized to a DC that is not a global catalog server but is well-connected to one - the role can be returned to the original later on. Use the AD Users and Computers (dsa.msc) console to transfer roles.

PDC emulator - affects network users, especially those using non W2K clients. Role may need to be seized to the standby immediately. The role can be returned to the original DC later on when it has been brought back online. Use the AD Users and Computers (dsa.msc) console to transfer roles.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 19

Accepted Solution

by:
feptias earned 200 total points
ID: 17845940
"AD sites must replicate at least every 60 days. AD will start to throw away objects that have not been used for 60 days or more, so if you have two sites that become disconnected for more than 60 days then the DC's on one site might have a different picture of the AD universe than the DC's at other sites."

This was extracted (loosely) from the book by Mark Minasi, Mastering Windows Server 2003, Copyright Sybex. I assume he knows what he is talking about. He goes on to strongly recommend that you should not reconnect a DC to the network that has been unable to replicate to the AD for more than 60 days.

I would not expect this to mean that "AD will stop working" at one site after 60 days, just that there will be irreconcilable differences between the AD's on the two sites.

Hope this helps.

0
 

Author Comment

by:rvincenty
ID: 17846031
We will not join the previous domain anymore. I need to keep the same AD scheme past the 60 days. I assume once I seize the FSMO roles to the local DC and "clean" the AD from those objects that I don't need, I should be OK ?
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 17846129
you should be ok, yes. Just seize the FMSO roles and all should be well.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now