Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Transferring FSMO roles back to original Domain Controller

I have a primary domain controller DC01 that stopped booting. While it was down I transferred all the FSMO roles and Catalog Server to DC02. I found out that something in DC01's chassis was wrong and I got it fixed and now I can boot DC01 back up. Can I transfer all the FSMO roles from DC02 back to DC01?

Seize domain naming master
Seize infrastructure master
Seize PDC
Seize RID master
Seize schema master
1 Solution
Donald StewartNetwork AdministratorCommented:
You sure can, I have just recently gone thru the same scenario
Glen KnightCommented:
Did you seize the roles from the other DC?
If so then the DC you seized the roles from should not be reintroduced in to the network.

You should only seize roles as a last resort if the server is never going to come back on to the network
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Please make sure that your Infrastructure Master role is not on a server that is a Global Catalog at the same time. If you need to you can move the GC to another server within the site.
Glen KnightCommented:
@gktech that is only an issue in a Multi Domain environment, if it's a single domain there is no issue with this and infact I would suggest that all the DC's in a single domain environment should be Global Catalogue servers.
If you seized the roles in the first place (which I imagine you did, as you said you did it whilst DC01 was down), you should NOT just bring DC01 back up now that it's fixed. Due to the seizing as opposed to a graceful transfer of roles, it will still think it's the role holder, so you'll end up with 2 DCs thinking they hold all the FSMO roles, which is not good!!!

My advice would be to completely reformat DC01, reinstall the OS etc, then join it to the domain again, and then repromote it to DC status.

Before you rejoin it, you should probably run a metadata cleanup to remove all the records the domain has for this server (http://www.petri.co.il/delete_failed_dcs_from_ad.htm).

Finally, once DC01 has been repromoted, you can gracefully transfer the roles back on to it from DC02 - You should NOT use seize when you do this part - Use Transfer instead.


Glen KnightCommented:
If the roles were seized there is NO other option but to format DC01 and re-install AFTER a METADATA cleanup.
morarcAuthor Commented:
Great help thanks!

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now