Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

FSMO Roles Issue

Hi,

We recently moved all of the FSMO roles from our 2003 server over to our 2008 server. We had an image created of the 'C' drive that was created before moving the roles over. Last week our server crashed and we were forced to bring it back to life using the image that we had stored on an external drive.

Now that the server has come back to life it has caused serious problems, probably because the FSMO roles were part of that image.

What is the best way to resolve the current problems that we are seeing?

ElliTech
0
ellitech
Asked:
ellitech
  • 3
  • 2
3 Solutions
 
KenMcFCommented:
As you found out you should never image a DC.

On the DC that crashed take it off the network ASAP run "DCPromo /forceremoval"
Then on the 2008 DC run a metadatacleanup of the old server, link below.
Run "netdom /query fsmo" on the 2008 DC to verify that it holds all roles.
Run DCDiag to verify no errors.

http://support.microsoft.com/kb/216498
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would say forcibly demote EVERY SERVER EXCEPT the current (desired) FSMO master (demote AFTER removing them from the LAN - they shouldn't be able to talk to any other DC or to the FSMO master), then do a metadata cleanup deleting existing DCs from the FSMO master.  You may also have to DELETE accounts - both computer and user - created from the point at which you created the backup that you eventually restored). Then re-promote the old DCs back to be DCs.

Mind you, I've never had to do this, but to me, logically, it should work.  The FSMO masters govern who gets what resources to work with... So by removing ALL DCs, there are no "outstanding" resources, only the ones on the remaining (FSMO Master) DC.  When you promote new DCs, they should get new blocks to work with and things should return to normal... by leew logic at least.  

And if that doesn't work, you'll probably have to rebuild from scratch (this is the reason Microsoft does not support or recommend using imaging as a backup solution, ESPECIALLY on DCs).
0
 
ellitechAuthor Commented:
Just a quick question, if we demote the 2003 server down to a member server would it be OK to leave it like that temporarily? We are looking to virtualize the 2003 server and that is why the FSMO roles were moved to the 2008 server.

ElliTech
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
KenMcFCommented:
I would remove from the network first and then do the metadatacleanup. Make sure the 2008 server is error free and everything is working. Then plug the 2003 server back into the network and add back into the domain.
0
 
KenMcFCommented:
Missed a part should have been

I would remove from the network first and then do the "DCPromo /forceremoval" and the metadatacleanup cleanup on the 2008 server
0
 
ellitechAuthor Commented:
Thanks for your help

ElliTech
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now