Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Seizing FSMO roles

Posted on 2008-10-25
6
1,223 Views
Last Modified: 2008-10-25
When attempting to transfer all the FSMO roles from one DC to another (currently 1 DC holds all roles) because the AD is corrupted on the DC that holds all the roles...

I log on to the good DC that I want to transfer the FSMO roles to and upon attempting to transfer it gives me an error that tt can not transfer the role because it can not contact the role holder.  

Does that mean my only option is to seize roles?  If I do that , I've heard that the computer that the original DC that held the FSMO roles can not never be brought back online?

Is this the case even if I run metadata clean up?  The machine i seize the roles from can't be dcpromo /forceremoval and be promoted again back online?

Please advice.  Thanks!
0
Comment
Question by:digi_net
  • 2
  • 2
  • 2
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 22802041
Yes - if you seize the roles then you MUST NOT connect the original role holder back onto the domain - even after a metadata cleanup intil you have at least removed its domain controller role - normally just rebuild the machine - or you could do a DCPROMO /forceremoval (while is is physcially disconnected), and then DCPROMO it again back into the domain
0
 

Author Comment

by:digi_net
ID: 22802100
Should I seize the roles first or do the dcpromo /forceremoval first?

Do I need to do the metadata cleanup on all good DC?

After doing the dcpromo /forceremoval while it is physically unplugged on the bad dc, can I then reboot it and keep its same computer name and the promote it again to a DC after the reboot?  Is there any other thing I need to do?


Thanks!





0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 300 total points
ID: 22805085
Seize the roles then you can do the dcpromo /forceremoval. Honestly it doesn't matter what this is the proceed I do myself.

You need to do a metadata cleanup on the DC you seize the roles too.

After doing the metadata cleanup go through DNS to make sure you don't have any records still listed for the failed dc. Remove the DC from the domain then join back to the domain. Make sure the primary DNS is pointing to a working DC. You can then dcpromo to promote to a dc.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 200 total points
ID: 22805114
If the first DC is dead then disconnect it from the domain - it does not matter then what order you do the processes in. You once the old DC has been removed from the domain then  you can add it back in with the same name - however I would err on the safe side and rebuild with machine from new by re-installing windows again to make sure that windows itself was in good condition
0
 

Author Comment

by:digi_net
ID: 22805263
So if I have 3 domain controllers and 1 is the down one.  I only have to perform the metadata clean up on one of the good dc left or both 2 dc that are still good?  thanks.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22805266
Just one of the good ones. The best one to run the metadata cleanup on is the PDC emulator. You want to remove any reference of the failed dc.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question