?
Solved

FSMO roles

Posted on 2011-02-19
9
Medium Priority
?
907 Views
Last Modified: 2012-05-11
I have confusion in siezeing fsmo roles,  could  any one  please  explain when to sieze  and how to implement
0
Comment
Question by:Manjugrp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 7

Expert Comment

by:jakirkhan
ID: 34935800
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back
online, you'll have a problem.

Link : http://support.microsoft.com/kb/255504
0
 
LVL 7

Expert Comment

by:SterlingMcClung
ID: 34935906
jakirkhan is correct, a seizure of FSMO roles can be very dangerous and if possible a FSMO transfer is always preferred.  What is your specific confusion with seizing FSMO roles?
0
 
LVL 3

Expert Comment

by:rxdeath
ID: 34936134
yes like these guys said hopefully you just want to transfer, not seize.  here is a great link for transfering

http://support.microsoft.com/kb/324801...very easy
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 34936227
Hi Manjugrp,

Q1) could  any one  please  explain when to sieze

You can sieze FSMO role, when your current server holding FSMO role is crashed due to hardware failure and there is no way to recover it back.

Q2) How to sieze FSMO role.
The following would seize the PDC Emulator role to <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:

"seize domain naming master"

"seize infrastructure master"

"seize RID master"

"seize schema master"

Secondly, as best practice, always split the FSMO roles to, two different server.

Keep Forest wide on one server and domain wide on another one.
0
 
LVL 27

Expert Comment

by:☠MAS☠
ID: 34936729
as mentioned by amitkulshrestha you  seize only when the current holder become non-responsive.

and do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

here is the link to seize the roles with screenshot
http://www.petri.co.il/seizing_fsmo_roles.htm
0
 

Author Comment

by:Manjugrp
ID: 34937269
for ex. forest root domain controller holding domain naming master is crashed (hardware failure) what shall I do sieze or transfer if transfer how to transfer when DC is dead
0
 
LVL 44

Expert Comment

by:Amit
ID: 34937305
Run below command

netdom query fsmo /Domain:<DomainDNSName>

Check how many roles are still live. If this server holds on DNM role. You just need to seize that only and move it some other server.

If need steps check this

http://www.petri.co.il/seizing_fsmo_roles.htm
0
 

Author Comment

by:Manjugrp
ID: 34937983
Forest root domain controller holding domain naming master and schema master  is crashed (hardware failure) , Ok I have a ADC i will connect to adc and sieze the roles then how can I transfer or rebuild the roles to my ADC
0
 
LVL 44

Expert Comment

by:Amit
ID: 34938068
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question