Solved

Changed Global Catalog & Operations matser from one DC to the other now can't log into anything!!!

Posted on 2008-06-25
4
170 Views
Last Modified: 2010-04-21
This afternoon I switched the global catalog & operations master from 1 DC to another. Now we are unable to log into anything!!!!!! HELP!!
0
Comment
Question by:leeareanetworks
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21870537
First question has to be why? If you have a single domain its best to leave the FSMO roles where they are. Also if you have multiple DCs on a single domain it makes sense for them ALL to be Global Catalog servers.
I suggest you move the Operations Master back and make all DCs Global Catalogs
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 300 total points
ID: 21870559
OK any DC can be a global catalog.
So if you still have access to your workstation and use that workstation for active directory operations - start up siotes and services and make the other DC a GC as well, no harm done.
Now for the roles....
You may need to boot into safe mode on the server
Use replmon to see which machine is holding the roles
http://support.microsoft.com/kb/297230

Now transfer roles
http://support.microsoft.com/kb/324801

If that doesnt work then you can try moving the roles using ntdsutil
http://support.microsoft.com/kb/255504

Finally if that wont work to transfer you can use that same tool to seize the roles
0
 
LVL 4

Assisted Solution

by:andrewc2189
andrewc2189 earned 200 total points
ID: 21870579
All you should have to do is log back onto either server, possibly with the local administrator account if no accounts are cached/working for login, and change it back the same way you did before. I'm assuming you don't need instructions for how to do it via GUI.

If the question is more involved then that please provide more details i.e. Do you need the operations master and global catalog on this new server or is it possible to move them back to the old one? Is there a reason you had to move these? More info on your network setup too would be helpful.
0
 

Author Closing Comment

by:leeareanetworks
ID: 31471763
With no Global Catalog the ONLY account you can login as on the Domain is the Administrator account.  We had to reboot in Directory Services Repair mode and reset it, then login, then use what you gave us.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now