?
Solved

Server 2003 FSMO roles reported wrong

Posted on 2008-10-01
4
Medium Priority
?
323 Views
Last Modified: 2012-05-05
We have a statewide network, with each office having a 2003 AD server as a backup.  At our hq, we have  the main 2003 AD server.
Recently, we had problems with the original server.  Rolese were transerverd to our ms-vicksburg server from the original AD ms-dc1.  Now, we have a new 2003 server box ms-dc.  We transfered the roles to this box, and everything seems to be replicating through the districts.
Recently, trying to add a user to a computer, AD said on ms-dc that the user was there.  However, when trying to add him, it would not.  Looking at ms-dc1's AD, the user was not there.
I did a netdom query fsmo roles, and everything is pointing to the ms-vicksburg server.  However, do the same on the ms-dc, and everything is pointing to the ms-dc server.
Is there any way to without removing AD from ms-dc1 to force it to look at ms-dc?  I would like to keep dc1 as a backup for the main server.
Thanks.
0
Comment
Question by:Heath Calhoun
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:RobinHuman
ID: 22616269
Use Ntdsutil to sieze the FSMO role
see http://support.microsoft.com/kb/255504
0
 

Author Comment

by:Heath Calhoun
ID: 22624967
All other servers are showing ms-dc as the 5 FSMO's.  Just ms-dc1 is still showing ms-vicksburg as the holder of the FSMO's.  I used the GUI's to transfer from vicksburg to dc.
0
 
LVL 12

Expert Comment

by:RobinHuman
ID: 22625067
Possiblt because ms-dc1 was the original role holder, it has not registered the change from ms-vicksburg to the new role master; try setting the roles back to dc1 and then transferring them to the new primary
0
 

Accepted Solution

by:
Heath Calhoun earned 0 total points
ID: 23265362
Wound up having to do a forceremoval of dc1 server.  Then did a meta cleanup.  Had one issue moved user shares to new server, gave everyone read of the root shares, but no one could modify their files.  Found I had to give  domain users instead read rights.  That fixed that problem.  I did not have domain users on dc1.  Wonder if it was because it was a dc.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question