SCAIT
asked on
Domain Controller failed; how can I transfer FSMO/RID roles?
Hi all,
I need some help with the following scenario.
Our primary domain controller failed, and I did not get a chance to demote via dcpromo. I built a replacement running Windows Server 2008 Enterprise R2 x64, ran dcpromo, and received some errors at first that stated I could not create an additional domain controller as DC2 was still setup as the RID master but was offline. I transferred some FSMO roles (schema, domain naming, etc) to another DC via AD DS. I've rebooted the new DC and confirmed it is now a global catalogue server running DNS.
My questions to this community are:
-- How can I ensure the new DC is properly configured on the forest to be the main DC?
-- How can I transfer those FSMO roles over to this new DC, and verify it is the RID master, and how can I verify the AD replication? (I see that the NTDS connection settings are only replicating to 2 other domain controllers/member servers, rather to all 9.)
-- Is DC2 now an orphan controller? What do I do to ensure that it is off of our forest? Do I need to use Ntdsutil?
Thanks, and I appreciate your help with this.
--
Dan
I need some help with the following scenario.
Our primary domain controller failed, and I did not get a chance to demote via dcpromo. I built a replacement running Windows Server 2008 Enterprise R2 x64, ran dcpromo, and received some errors at first that stated I could not create an additional domain controller as DC2 was still setup as the RID master but was offline. I transferred some FSMO roles (schema, domain naming, etc) to another DC via AD DS. I've rebooted the new DC and confirmed it is now a global catalogue server running DNS.
My questions to this community are:
-- How can I ensure the new DC is properly configured on the forest to be the main DC?
-- How can I transfer those FSMO roles over to this new DC, and verify it is the RID master, and how can I verify the AD replication? (I see that the NTDS connection settings are only replicating to 2 other domain controllers/member servers, rather to all 9.)
-- Is DC2 now an orphan controller? What do I do to ensure that it is off of our forest? Do I need to use Ntdsutil?
Thanks, and I appreciate your help with this.
--
Dan
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
1. Seize the all 5 FSMO roles to any healthy DC
2. Meta data clean up failed FSMO server (http://www.petri.co.il/delete_failed_dcs_from_ad.htm)
3.Meta data cleanup DC2 also
4.Check the new FSMO server is operational by netdom query fsmo
5.Rebuild DC2 and promote is as DC and wait for the replication
6.If DC2 replicating to all the DC move the FSMO role to DC2(if req)
2. Meta data clean up failed FSMO server (http://www.petri.co.il/delete_failed_dcs_from_ad.htm)
3.Meta data cleanup DC2 also
4.Check the new FSMO server is operational by netdom query fsmo
5.Rebuild DC2 and promote is as DC and wait for the replication
6.If DC2 replicating to all the DC move the FSMO role to DC2(if req)
ASKER
Thanks Mike, and all who provided help. This worked and got us exactly where we need to be. I appreciate the help.
--
Dan
--
Dan
Excellent work, glad you got things back up and running.
You need to first verify the FSMO role holder before you proceed if any role is missing you need to seize the role.
You can run repadmin /replsum ,repadmin /showreps,etc to verify the replication.More see this:http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx
You also need to configure authorative time server role on PDC role holder server:http://support.microsoft.com/kb/816042
Point the dns setting of clients and member server to new DC IP address this may in TCP/IP or DHCP setting assuming new DC is assigned different IP address.
Note:There is no primary and backup DCs. All DCs are RW except RODCs. However, your DCs can be holder of FSMO roles:http://windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html