jacobb_2000
asked on
Domain Naming Master Offline after DCPRO Windows 2008 Server
Hello
I just upgrade my domain to a Windows 2008 DC. Right after that I noticed that the Domain Naming Master went offline before I could move it from the Window 2003 DC to the Windows 2008 DC.
when I run netdom query fsmo this is what I get.
Domain naming master *** Warning: role owner is a deleted DC: CN=NTDS Set
tings\0ADEL:948d2692-3640-
46a8-bbe6-2ef678110ba2,CN=
ration,DC=ccichicago,DC=cc
I just upgrade my domain to a Windows 2008 DC. Right after that I noticed that the Domain Naming Master went offline before I could move it from the Window 2003 DC to the Windows 2008 DC.
when I run netdom query fsmo this is what I get.
Domain naming master *** Warning: role owner is a deleted DC: CN=NTDS Set
tings\0ADEL:948d2692-3640-
46a8-bbe6-2ef678110ba2,CN=
ration,DC=ccichicago,DC=cc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is two way to move FSMO role to another server first is transfer the FSMO role to another server, transfer normally happens when server is going for maintenance like disk crash, driver update, patches updates etc, so you don't want your FSMO role donw you temporary transfer the FSMO roles.
Another way is to seize the FSMO role on another server, its same like king is dead & assigning his heir to hold the throne further by making him the King, seizing works in same way, if the server holding FSMO role is dead & it can't be revert back, you have to seize the FSMO role on another DC, once you seize the dc you can't bring the crash server back to network even it can be as you have seize the role, the new dc will be treated as authoritative server, so never put back the DC from which you seize the FSMO role. If you want to reuse the server & DC name or server, perform the metadata cleanup for AD, removed all the left out records from AD DNS manually, allow time for replication to another DC's & once you verify changes are replicated & there is no more traces using repadmin tool, you can format the new server, install the fresh OS & configure as DC & transfer the roles if you wish.
So Seizing happens in disaster recover scenario where you can't transfer the FSMO role , in your case it looks same to me you can seize the FSMO role on healthy dc but make sure w/o performing metadata steps don't connect the dc even if it can be connected.
So, if you think you don't wanna bring old dc back seize the FSMO role & also check there is no replication error in your current domain.
http://www.petri.co.il/seizing_fsmo_roles.htm
http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx
Another way is to seize the FSMO role on another server, its same like king is dead & assigning his heir to hold the throne further by making him the King, seizing works in same way, if the server holding FSMO role is dead & it can't be revert back, you have to seize the FSMO role on another DC, once you seize the dc you can't bring the crash server back to network even it can be as you have seize the role, the new dc will be treated as authoritative server, so never put back the DC from which you seize the FSMO role. If you want to reuse the server & DC name or server, perform the metadata cleanup for AD, removed all the left out records from AD DNS manually, allow time for replication to another DC's & once you verify changes are replicated & there is no more traces using repadmin tool, you can format the new server, install the fresh OS & configure as DC & transfer the roles if you wish.
So Seizing happens in disaster recover scenario where you can't transfer the FSMO role , in your case it looks same to me you can seize the FSMO role on healthy dc but make sure w/o performing metadata steps don't connect the dc even if it can be connected.
So, if you think you don't wanna bring old dc back seize the FSMO role & also check there is no replication error in your current domain.
http://www.petri.co.il/seizing_fsmo_roles.htm
http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx
Why is everyone insisting on seizing the roles?? We don't even know what the problem is yet!!!
So you weren't interested in actually finding out what the problem was? What about the server that currently has that role on it? You will now have to rebuild that server if it's live.
ASKER
I talked with Microsoft and we were unable to get the old DC working.
we will be demoting the old Server.
thx
Jake
we will be demoting the old Server.
thx
Jake
From both domain controllers run the following command:
NETDOM QUERY FSMO
Post the results, also post the results of DCDIAG and IPCONFIG /ALL from both DC's please.