Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to recover FSMO Role Holder DC

Posted on 2008-06-20
4
Medium Priority
?
1,738 Views
Last Modified: 2008-06-22
I am in deep doo-doo.
Environment: 3 DC's with one DC (Main DC) having all the fsmo roles. All DCs have a copy of the GC.
The Main DC began to reboot continuously and get Directory service errors on the login page. I couldn't even login.
The error was
" Directory Services could not start because of the following errors: A transaction recover failed. Error status 0x0000227."

Rebooted into SAFE Directory Services Mode. I ran: ntdsutil files info. Some of my NTDS files were missing including the NTDS.dit file.
Went to my most recent backup and restored the NTDS folder. However the edb.log and temp.edb were missing from the backup so I just re-created them with nothing in them.
Still in DS mode, I restarted the DFS services, just to make sure.
I rebooted into normal mode. Same problem.
I rebooted into DS mode and went into System and saw the main DC was assigned to an "unknown domain". It did not even recognize the server as a DC.
So....I decided to clean everything off and start over. I went to one of my other DC's to try to seize the FSMO roles using ntdsutil, but I got the message that the server was unavailble.
My question is what do I do now?
I can't do a dcpromo /forceremoval and then ntdsutil metadata cleanup from one of the other DCs. I've bit the bullet and decided to spend 4 hours this weekend building the server up again(different name :)) but how do I get the FSMO roles over to one of my other DCs?
Thanks


0
Comment
Question by:PWyatt1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21835401

Hey there,

First things first. Turn off the broken DC, it can't be back on the network if you've going to grab everything. I strongly recommend you rebuild it completely rather than trying DCPromo to Demote and Promote it again.

At the very least the server should be removed from the domain entirely (dropped back to a Workgroup). It is essential that it gains a new Computer Account.

First the FSMO Roles:

Start
Run
ntdsutil
Roles
Connections
Connect to Server <AnyWorkingDC>
quit

That gets us the Connection we need, the connection should be to the DC we want to hold the roles (not the current role holder). We should check we know where all the FSMO roles are:

Select Operation Target
List Roles for Connected Server
quit

That's shown us where they all are. Now you can Seize them:

Seize Domain Naming Master
Seize PDC
Seize RID Master
Seize Infrastructure Master
Seize Schema Master

The Seize operation will attempt a graceful transfer first, that should fail but Seize should work.

Now you need to perform Metadata Cleanup to get rid of the DC that died. There's an MS Article for that one here:

http://support.microsoft.com/kb/216498

If you have any questions, or any of it is unclear please don't hesitate to ask.

Chris
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21835415
When restoring the NTDS-folder, did you do a authoritative restore when using ntdsutil?
0
 

Author Comment

by:PWyatt1
ID: 21835869
Hi Chris-Dent. Doh!. When I was doing the seizing I just looked at the first couple of lines which showed a transfer error. Dummy me. If I had read further sdown, I would have seen that each of the FSMOs were being seized OK.  They were already on the new authroritative server!

HI henjohn. The answer was that I did do an authroritative restore. Thanks for the hint.

However, I'll go ahead and give Chris-Dent the points, although I think I should get half of them :)
Thanks guys for the quick responses
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 21836868

:) At least everything is working.

Chris
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question