I have a scenario that one of our client has issue with one of their domain controller. This domain controller has schema master and Domain role owner.
This DC is not completely down. It is up and running and looks like the Sysvol and Netlogin folders are also available. But the other domain controllers are not able to replicate with the affected domain controller. Also when you tried to move the two above roles from the GUI, it says that the FSMO roles cannot be moved because the server is not available.
The network configuration is perfectly but it looks like the Active Directory is corrupted.
This domain controller has been tried to repair by installing Service pack 2 and windows update but it didn't help at all.
So it looks like the only option left to Seize these two roles from this domain controller and move it to another server.
Following articles have been suggested:
Also some other sites also suggests similar steps. There are some questions which needs to be answered before the above steps are taken.
Q1. The affected domain controller still needs to be removed manually using NTSDL utility.
Q2. What about the Netlogon and sysvol folders. What will happen if the these folders are still working. How this needs to be moved to another domain controller or it will be moved automatically with the process of manual movement of these roles.
Q3. What kind of other issues the network or Systems running on the network can face in these circumstances.
Q4. The above procedure of seizing will not affect anything running on the rest of the domains.
Q5. All the documents suggested that if you are seizing these roles manually, then have to be careful otherwise your AD partially or completely stopped working. If you type correctly everything what could go wrong.
Q6. All the working domain controllers will have Active Directory backup.
There is a test setup already in place to test the NTSDL utility.
An early reply will be highly appreciated.