Windows Server Domain Controllers

AD with Two DC's: DC1 - W2K8R2, DC2 - W2K3sp2 -!FSMO role holder! - "passed away".
What's the proper steps to keep few hundred users to stay logged in and be able to get to all shared folders, network printers, etc.

Thank you.
cohhelpAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BillBondoCommented:
Im sure first thing is to seize the roles. And then I would create another dc jic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cohhelpAuthor Commented:
How to seize the roles from a "physically dead" machine?
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Lets say DC-A is dead but DC-B is alive.  All FSMO roles were on DC-A.  What you need to do is on DC-B, you would go ahead and seize all FSMO roles.  I use command line but you could use the GUI also.

Below is the instructions for GUI:

Transfer the Schema Master Role
Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.


Register Schmmgmt.dll
1.Click Start, and then click Run.
2.Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3.Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role
1.Click Start, click Run, type mmc in the Open box, and then click OK.
2.On the File, menu click Add/Remove Snap-in.
3.Click Add.
4.Click Active Directory Schema, click Add, click Close, and then click OK.
5.In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
6.Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7.In the console tree, right-click Active Directory Schema, and then click Operations Master.
8.Click Change.
9.Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the Domain Naming Master Role
1.Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2.Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

NOTE: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.
3.Do one of the following: ¿In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

-or-
¿In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4.In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
5.Click Change.
6.Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
1.Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2.Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

NOTE: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.
3.Do one of the following: ¿In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

-or-
¿In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4.In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
5.Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.
6.Click OK to confirm that you want to transfer the role, and then click Close.


Below is instructions for using NTDSUTIL (command line):

Seize FSMO roles
To seize the FSMO roles by using the Ntdsutil utility, follow these steps: 1.      Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
2.Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3.Type roles, and then press ENTER.
4.Type connections, and then press ENTER.
5.Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
6.At the server connections prompt, type q, and then press ENTER.
7.      Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
8.      At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Notes¿Under typical conditions, all five roles must be assigned to “live” domain controllers in the forest. If a domain controller that owns a FSMO role is taken out of service before its roles are transferred, you must seize all roles to an appropriate and healthy domain controller. We recommend that you only seize all roles when the other domain controller is not returning to the domain. If it is possible, fix the broken domain controller that is assigned the FSMO roles. You should determine which roles are to be on which remaining domain controllers so that all five roles are assigned to a single domain controller. For more information about FSMO role placement, click the following article number to view the article in the Microsoft Knowledge Base:
223346

 FSMO placement and optimization on Windows 2000 domain controllers
¿If the domain controller that formerly held any FSMO role is not present in the domain and if it has had its roles seized by using the steps in this article, remove it from the Active Directory by following the procedure that is outlined in the following Microsoft Knowledge Base article:
216498

 How to remove data in active directory after an unsuccessful domain controller demotion
¿Removing domain controller metadata with the Windows 2000 version or the Windows Server 2003 build 3790 version of the ntdsutil /metadata cleanup command does not relocate FSMO roles that are assigned to live domain controllers. The Windows Server 2003 Service Pack 1 (SP1) version of the Ntdsutil utility automates this task and removes additional elements of domain controller metadata.
¿Some customers prefer not to restore system state backups of FSMO role-holders in case the role has been reassigned since the backup was made.
¿Do not put the Infrastructure master role on the same domain controller as the global catalog server. If the Infrastructure master runs on a global catalog server it stops updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest.

To test whether a domain controller is also a global catalog server: 1.Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.Double-click Sites in the left pane, and then locate the appropriate site or click Default-first-site-name if no other sites are available.
3.Open the Servers folder, and then click the domain controller.
4.In the domain controller's folder, double-click NTDS Settings.
5.On the Action menu, click Properties.
6.On the General tab, view the Global Catalog check box to see if it is selected.
0
cohhelpAuthor Commented:
http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

This is a very good source, but it's just missing ONE phrase for a non-PowerShell guru:

If you want to use PowerShell to transfer any of your five FSMO roles (PDC Emulater, RID Master, Infrastructure Master, Domain Naming Master and Schema Master) then you will first need to import the Active Directory Module into PowerShell.

ipmo activedirectory

Thanks for help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.