Solved

Order to seize FSMO roles for downed DC

Posted on 2009-04-09
5
1,097 Views
Last Modified: 2012-05-06
Does it matter which order FSMO roles are seized? One of our 5 DCs failed; it had all roles except the Infrastructure Master. We need all 4 roles seized to a new, single DC.

Thanks!
0
Comment
Question by:meade470
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24107469
No the order doesn't matter, just make sure that old server is dead, buried, and wiped...don't want to ever bring it online after you seize the roles off it.  I'm sure you have seen the seize fsmo link below but I'm including it for others that may stumble on this question via google or EE search
http://support.microsoft.com/kb/255504
 
 
Thanks
Mike
0
 
LVL 2

Author Comment

by:meade470
ID: 24107737
Thank you for your feedback.  Is there a certain amount of time we should wait after seizing the roles are is it an instant change?  Also, we are under the impression we should implement KB216498 to clean data/metadata in Active Directory.  Can this be done right after the roles are seized or is it best to wait some time?  Thanks
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24108241
You don't have to wait long,  just let the info replicate to all your DC's.
...and yes you need to implement 216498 for that failed DC-- also known as a metadata cleanup.   Yes you can do that after you seize the roles.
I'd also wipe that failed DC, you can install Windows on it after that and use it for whatever you want.
Thanks
Mike
 
0
 
LVL 2

Author Comment

by:meade470
ID: 24118469
Mike,

Thanks for your feedback.  Yesterday afternoon we seized the FSMO roles and today we cleaned the metadata.  I guess time will tell us if everything it working correctly.  We are going to keep an eye on all the event logs on all the DC's.  Thanks for your help.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24118649
Good work!!  24 hours out is good
You can run a netdom /query fsmo to verify the roles from any DC.
Thanks
Mike
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question