FSMO roles

I have confusion in siezeing fsmo roles,  could  any one  please  explain when to sieze  and how to implement
Manjunatha TActive Directory SMEAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
AmitConnect With a Mentor IT ArchitectCommented:
Hi Manjugrp,

Q1) could  any one  please  explain when to sieze

You can sieze FSMO role, when your current server holding FSMO role is crashed due to hardware failure and there is no way to recover it back.

Q2) How to sieze FSMO role.
The following would seize the PDC Emulator role to <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:

"seize domain naming master"

"seize infrastructure master"

"seize RID master"

"seize schema master"

Secondly, as best practice, always split the FSMO roles to, two different server.

Keep Forest wide on one server and domain wide on another one.
0
 
jakirkhanCommented:
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back
online, you'll have a problem.

Link : http://support.microsoft.com/kb/255504
0
 
SterlingMcClungCommented:
jakirkhan is correct, a seizure of FSMO roles can be very dangerous and if possible a FSMO transfer is always preferred.  What is your specific confusion with seizing FSMO roles?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
rxdeathCommented:
yes like these guys said hopefully you just want to transfer, not seize.  here is a great link for transfering

http://support.microsoft.com/kb/324801...very easy
0
 
MAS (MVE)Technical Department HeadCommented:
as mentioned by amitkulshrestha you  seize only when the current holder become non-responsive.

and do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

here is the link to seize the roles with screenshot
http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
Manjunatha TActive Directory SMEAuthor Commented:
for ex. forest root domain controller holding domain naming master is crashed (hardware failure) what shall I do sieze or transfer if transfer how to transfer when DC is dead
0
 
AmitIT ArchitectCommented:
Run below command

netdom query fsmo /Domain:<DomainDNSName>

Check how many roles are still live. If this server holds on DNM role. You just need to seize that only and move it some other server.

If need steps check this

http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
Manjunatha TActive Directory SMEAuthor Commented:
Forest root domain controller holding domain naming master and schema master  is crashed (hardware failure) , Ok I have a ADC i will connect to adc and sieze the roles then how can I transfer or rebuild the roles to my ADC
0
 
AmitIT ArchitectCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.