Solved

domain controller clarification

Posted on 2013-05-18
5
207 Views
Last Modified: 2013-05-27
dear gurus, good day

v build master domain controller on vmware, where the vendor recommend it must be seperate and physical.v r using w2k8 r2 sp1,  i would like to know below points

- how can i come to know which is my master domain controller at this moment by command line and GUI interface?
- how can i transfer master domain controller roles from 1 machine to another, and verify it

kind regards
tmsa
0
Comment
Question by:tmsa12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 7

Expert Comment

by:msifox
ID: 39177474
0
 
LVL 12

Expert Comment

by:Dave
ID: 39178200
That's a bit long winded.

Firstly as far as I know Microsoft no longer recommends running physical domain controllers. There is info on their recommended best practices here:-

http://support.microsoft.com/kb/888794

which links to this link

http://www.experts-exchange.com/searchResults.jsp?searchTerms=fsmo+roles&searchType=10

which is for Hyper-V but as the first article says is also applicable to VMware. The basic  requirement is for at least two Domain Controllers on separate physical hosts.

Secondly there is no "master domain controller", Active Directory is a "multi-master" system and in general every domain controller can write to the Active Directory database. Server 2008 did introduce read only domain controllers RODCs but I don't expect you to have any of those.

There are things called Flexible Single Master Operations (FSMO) roles but these may be spread across multiple servers. To find the roles from the command line use the instructions here:-

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_27286786.html

(netdom query fsmo )

From the GUI , assuming you are using the legacy Administration tool the server 2003 instructions are ok and they are here:-

http://support.microsoft.com/kb/324801

If you are not logged into the DC then you need to install the "remote Server Administration Tools" (RSAT Tools) from here:-

http://www.microsoft.com/en-us/download/details.aspx?id=7887
0
 

Author Comment

by:tmsa12
ID: 39178207
dear sir thank u deatil response i need to know 2 points

- how to transfer step by step from master server to another server fmso, ad, dns, which is perfect link detail step by step for w2k8 r2 sp1

- if the master server is dead, no response, so how to start additional domain controller as master fmso, dns, ad functional for all network

kind regards
tmsa
0
 
LVL 12

Expert Comment

by:Dave
ID: 39178319
Hi,

Firstly if you are trying to recover from the loss of all domain controllers then the only way is from a system state backup. Install a new server with the same name as the old, DO NOT INSTALL ACTIVE DIRECTORY just restore from the system state backup. Any attempt to restore a domain by running DCPromo or re-installing AD from the wizard generates a domain with a unique Security Identifier and all the member systems will know its a different domain and not recognise it. This is why you should always have two Domain Controllers on discrete physical servers.,

DNS is NOT a FSMO role. Its a service that is often hosted on a Domain Controller and the Active Directory can hold the DNS data but DNS not part of Active Directory Services.

If you have Domain Controllers without DNS installed then simply add the DNS role via the "Roles" page of Server Manager (server 2008 & 2008R2). If they are on the same sub-net as the failed DC add its IP address to the NIC.

In order to cleanly "transfer" the FSMO roles both servers must be running and the instructions are here:-

http://support.microsoft.com/kb/324801

If the master server is dead, so long as you have another Domain Controller running then you can "seize" the FSMO roles using NTSUtil as per this:-

http://support.microsoft.com/kb/255504

If the Infrastructure server is dead you can't install another DC until that role is seized. Seizing the roles is disruptive. You should make sure you never bring the removed DC back on-line, and you need to remove it from Active Directory using NTDSUTIL as below

http://support.microsoft.com/kb/223787
0
 
LVL 12

Accepted Solution

by:
Dave earned 500 total points
ID: 39178321
Sorry that last link on Metadata cleanup should be:-

http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question