Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 920
  • Last Modified:

FSMO roles

I have confusion in siezeing fsmo roles,  could  any one  please  explain when to sieze  and how to implement
0
Manjunatha T
Asked:
Manjunatha T
1 Solution
 
jakirkhanCommented:
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back
online, you'll have a problem.

Link : http://support.microsoft.com/kb/255504
0
 
SterlingMcClungCommented:
jakirkhan is correct, a seizure of FSMO roles can be very dangerous and if possible a FSMO transfer is always preferred.  What is your specific confusion with seizing FSMO roles?
0
 
rxdeathCommented:
yes like these guys said hopefully you just want to transfer, not seize.  here is a great link for transfering

http://support.microsoft.com/kb/324801...very easy
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
AmitIT ArchitectCommented:
Hi Manjugrp,

Q1) could  any one  please  explain when to sieze

You can sieze FSMO role, when your current server holding FSMO role is crashed due to hardware failure and there is no way to recover it back.

Q2) How to sieze FSMO role.
The following would seize the PDC Emulator role to <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:

"seize domain naming master"

"seize infrastructure master"

"seize RID master"

"seize schema master"

Secondly, as best practice, always split the FSMO roles to, two different server.

Keep Forest wide on one server and domain wide on another one.
0
 
MASTechnical Department HeadCommented:
as mentioned by amitkulshrestha you  seize only when the current holder become non-responsive.

and do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

here is the link to seize the roles with screenshot
http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
Manjunatha TActive Directory SMEAuthor Commented:
for ex. forest root domain controller holding domain naming master is crashed (hardware failure) what shall I do sieze or transfer if transfer how to transfer when DC is dead
0
 
AmitIT ArchitectCommented:
Run below command

netdom query fsmo /Domain:<DomainDNSName>

Check how many roles are still live. If this server holds on DNM role. You just need to seize that only and move it some other server.

If need steps check this

http://www.petri.co.il/seizing_fsmo_roles.htm
0
 
Manjunatha TActive Directory SMEAuthor Commented:
Forest root domain controller holding domain naming master and schema master  is crashed (hardware failure) , Ok I have a ADC i will connect to adc and sieze the roles then how can I transfer or rebuild the roles to my ADC
0
 
AmitIT ArchitectCommented:
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now