Solved

FSMO roles

Posted on 2011-02-19
9
893 Views
Last Modified: 2012-05-11
I have confusion in siezeing fsmo roles,  could  any one  please  explain when to sieze  and how to implement
0
Comment
Question by:Manjugrp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 7

Expert Comment

by:jakirkhan
ID: 34935800
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back
online, you'll have a problem.

Link : http://support.microsoft.com/kb/255504
0
 
LVL 7

Expert Comment

by:SterlingMcClung
ID: 34935906
jakirkhan is correct, a seizure of FSMO roles can be very dangerous and if possible a FSMO transfer is always preferred.  What is your specific confusion with seizing FSMO roles?
0
 
LVL 3

Expert Comment

by:rxdeath
ID: 34936134
yes like these guys said hopefully you just want to transfer, not seize.  here is a great link for transfering

http://support.microsoft.com/kb/324801...very easy
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 43

Accepted Solution

by:
Amit earned 500 total points
ID: 34936227
Hi Manjugrp,

Q1) could  any one  please  explain when to sieze

You can sieze FSMO role, when your current server holding FSMO role is crashed due to hardware failure and there is no way to recover it back.

Q2) How to sieze FSMO role.
The following would seize the PDC Emulator role to <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:

"seize domain naming master"

"seize infrastructure master"

"seize RID master"

"seize schema master"

Secondly, as best practice, always split the FSMO roles to, two different server.

Keep Forest wide on one server and domain wide on another one.
0
 
LVL 25

Expert Comment

by:-MAS
ID: 34936729
as mentioned by amitkulshrestha you  seize only when the current holder become non-responsive.

and do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

here is the link to seize the roles with screenshot
http://www.petri.co.il/seizing_fsmo_roles.htm
0
 

Author Comment

by:Manjugrp
ID: 34937269
for ex. forest root domain controller holding domain naming master is crashed (hardware failure) what shall I do sieze or transfer if transfer how to transfer when DC is dead
0
 
LVL 43

Expert Comment

by:Amit
ID: 34937305
Run below command

netdom query fsmo /Domain:<DomainDNSName>

Check how many roles are still live. If this server holds on DNM role. You just need to seize that only and move it some other server.

If need steps check this

http://www.petri.co.il/seizing_fsmo_roles.htm
0
 

Author Comment

by:Manjugrp
ID: 34937983
Forest root domain controller holding domain naming master and schema master  is crashed (hardware failure) , Ok I have a ADC i will connect to adc and sieze the roles then how can I transfer or rebuild the roles to my ADC
0
 
LVL 43

Expert Comment

by:Amit
ID: 34938068
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question