Solved

FSMO Roles Issue

Posted on 2011-02-23
6
467 Views
Last Modified: 2012-05-11
Hi,

We recently moved all of the FSMO roles from our 2003 server over to our 2008 server. We had an image created of the 'C' drive that was created before moving the roles over. Last week our server crashed and we were forced to bring it back to life using the image that we had stored on an external drive.

Now that the server has come back to life it has caused serious problems, probably because the FSMO roles were part of that image.

What is the best way to resolve the current problems that we are seeing?

ElliTech
0
Comment
Question by:ellitech
  • 3
  • 2
6 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 334 total points
ID: 34966226
As you found out you should never image a DC.

On the DC that crashed take it off the network ASAP run "DCPromo /forceremoval"
Then on the 2008 DC run a metadatacleanup of the old server, link below.
Run "netdom /query fsmo" on the 2008 DC to verify that it holds all roles.
Run DCDiag to verify no errors.

http://support.microsoft.com/kb/216498
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 166 total points
ID: 34966240
I would say forcibly demote EVERY SERVER EXCEPT the current (desired) FSMO master (demote AFTER removing them from the LAN - they shouldn't be able to talk to any other DC or to the FSMO master), then do a metadata cleanup deleting existing DCs from the FSMO master.  You may also have to DELETE accounts - both computer and user - created from the point at which you created the backup that you eventually restored). Then re-promote the old DCs back to be DCs.

Mind you, I've never had to do this, but to me, logically, it should work.  The FSMO masters govern who gets what resources to work with... So by removing ALL DCs, there are no "outstanding" resources, only the ones on the remaining (FSMO Master) DC.  When you promote new DCs, they should get new blocks to work with and things should return to normal... by leew logic at least.  

And if that doesn't work, you'll probably have to rebuild from scratch (this is the reason Microsoft does not support or recommend using imaging as a backup solution, ESPECIALLY on DCs).
0
 

Author Comment

by:ellitech
ID: 34966325
Just a quick question, if we demote the 2003 server down to a member server would it be OK to leave it like that temporarily? We are looking to virtualize the 2003 server and that is why the FSMO roles were moved to the 2008 server.

ElliTech
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 334 total points
ID: 34966438
I would remove from the network first and then do the metadatacleanup. Make sure the 2008 server is error free and everything is working. Then plug the 2003 server back into the network and add back into the domain.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34966447
Missed a part should have been

I would remove from the network first and then do the "DCPromo /forceremoval" and the metadatacleanup cleanup on the 2008 server
0
 

Author Closing Comment

by:ellitech
ID: 34966453
Thanks for your help

ElliTech
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question