Solved

Seizing FSMO roles

Posted on 2008-10-25
6
1,219 Views
Last Modified: 2008-10-25
When attempting to transfer all the FSMO roles from one DC to another (currently 1 DC holds all roles) because the AD is corrupted on the DC that holds all the roles...

I log on to the good DC that I want to transfer the FSMO roles to and upon attempting to transfer it gives me an error that tt can not transfer the role because it can not contact the role holder.  

Does that mean my only option is to seize roles?  If I do that , I've heard that the computer that the original DC that held the FSMO roles can not never be brought back online?

Is this the case even if I run metadata clean up?  The machine i seize the roles from can't be dcpromo /forceremoval and be promoted again back online?

Please advice.  Thanks!
0
Comment
Question by:digi_net
  • 2
  • 2
  • 2
6 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Yes - if you seize the roles then you MUST NOT connect the original role holder back onto the domain - even after a metadata cleanup intil you have at least removed its domain controller role - normally just rebuild the machine - or you could do a DCPROMO /forceremoval (while is is physcially disconnected), and then DCPROMO it again back into the domain
0
 

Author Comment

by:digi_net
Comment Utility
Should I seize the roles first or do the dcpromo /forceremoval first?

Do I need to do the metadata cleanup on all good DC?

After doing the dcpromo /forceremoval while it is physically unplugged on the bad dc, can I then reboot it and keep its same computer name and the promote it again to a DC after the reboot?  Is there any other thing I need to do?


Thanks!





0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 300 total points
Comment Utility
Seize the roles then you can do the dcpromo /forceremoval. Honestly it doesn't matter what this is the proceed I do myself.

You need to do a metadata cleanup on the DC you seize the roles too.

After doing the metadata cleanup go through DNS to make sure you don't have any records still listed for the failed dc. Remove the DC from the domain then join back to the domain. Make sure the primary DNS is pointing to a working DC. You can then dcpromo to promote to a dc.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 200 total points
Comment Utility
If the first DC is dead then disconnect it from the domain - it does not matter then what order you do the processes in. You once the old DC has been removed from the domain then  you can add it back in with the same name - however I would err on the safe side and rebuild with machine from new by re-installing windows again to make sure that windows itself was in good condition
0
 

Author Comment

by:digi_net
Comment Utility
So if I have 3 domain controllers and 1 is the down one.  I only have to perform the metadata clean up on one of the good dc left or both 2 dc that are still good?  thanks.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Just one of the good ones. The best one to run the metadata cleanup on is the PDC emulator. You want to remove any reference of the failed dc.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now