Solved

FSMO Roles Issue

Posted on 2011-02-23
6
463 Views
Last Modified: 2012-05-11
Hi,

We recently moved all of the FSMO roles from our 2003 server over to our 2008 server. We had an image created of the 'C' drive that was created before moving the roles over. Last week our server crashed and we were forced to bring it back to life using the image that we had stored on an external drive.

Now that the server has come back to life it has caused serious problems, probably because the FSMO roles were part of that image.

What is the best way to resolve the current problems that we are seeing?

ElliTech
0
Comment
Question by:ellitech
  • 3
  • 2
6 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 334 total points
ID: 34966226
As you found out you should never image a DC.

On the DC that crashed take it off the network ASAP run "DCPromo /forceremoval"
Then on the 2008 DC run a metadatacleanup of the old server, link below.
Run "netdom /query fsmo" on the 2008 DC to verify that it holds all roles.
Run DCDiag to verify no errors.

http://support.microsoft.com/kb/216498
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 166 total points
ID: 34966240
I would say forcibly demote EVERY SERVER EXCEPT the current (desired) FSMO master (demote AFTER removing them from the LAN - they shouldn't be able to talk to any other DC or to the FSMO master), then do a metadata cleanup deleting existing DCs from the FSMO master.  You may also have to DELETE accounts - both computer and user - created from the point at which you created the backup that you eventually restored). Then re-promote the old DCs back to be DCs.

Mind you, I've never had to do this, but to me, logically, it should work.  The FSMO masters govern who gets what resources to work with... So by removing ALL DCs, there are no "outstanding" resources, only the ones on the remaining (FSMO Master) DC.  When you promote new DCs, they should get new blocks to work with and things should return to normal... by leew logic at least.  

And if that doesn't work, you'll probably have to rebuild from scratch (this is the reason Microsoft does not support or recommend using imaging as a backup solution, ESPECIALLY on DCs).
0
 

Author Comment

by:ellitech
ID: 34966325
Just a quick question, if we demote the 2003 server down to a member server would it be OK to leave it like that temporarily? We are looking to virtualize the 2003 server and that is why the FSMO roles were moved to the 2008 server.

ElliTech
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 334 total points
ID: 34966438
I would remove from the network first and then do the metadatacleanup. Make sure the 2008 server is error free and everything is working. Then plug the 2003 server back into the network and add back into the domain.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34966447
Missed a part should have been

I would remove from the network first and then do the "DCPromo /forceremoval" and the metadatacleanup cleanup on the 2008 server
0
 

Author Closing Comment

by:ellitech
ID: 34966453
Thanks for your help

ElliTech
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now