Active Directory Server 2003 Operations Master is down.

Posted on 2013-09-06
Medium Priority
Last Modified: 2013-09-08

I recently lost my operations master server. I have one additional server on site, ( I can create a user on it) and two others at a different site. All of the remaining servers are acting as DNS servers and global catalog servers. It looks like I have to transfer my PDC emulator to one of my working servers, as well as other roles.

I am concerned with which roles should go and the order they should be transferred in. Also, I am not clear on how to go through this process.
Please advise as soon as possible

Thank you in advance

Question by:dwesolowicz
  • 6
  • 3
  • 2
LVL 36

Expert Comment

by:Seth Simmons
ID: 39472362
from the other domain controller, open command prompt and run netdom query fsmo and you will see what roles are on which server to find out which server they reside on and see which one needs to be relocated

follow this article; go to the seize fsmo roles section


doesn't matter which one you do first as long as you are able to relocate them - and be certain the old server isn't coming back or you might have issues with multiple servers having the same role

Author Comment

ID: 39472371
Thanks for the reply. Looks like the server that went down contains all the roles.

Schema owner                bretdc1fp.bretfordhq.local

Domain role owner           bretdc1fp.bretfordhq.local

PDC role                    bretdc1fp.bretfordhq.local

RID pool manager            bretdc1fp.bretfordhq.local

Infrastructure owner        bretdc1fp.bretfordhq.local

In this case, is it still ok to transfer all of these roles?

Thank you again for your reply
LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1000 total points
ID: 39472374
if the server is not coming back, then yes, transfer all the roles to another server

also want to consider later cleaning up what's leftover of that domain controller

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.


Author Comment

ID: 39472382
Is there any harm in not moving the roles for a few days? I would like to do some additional reading so I am clear on the process.

Author Comment

ID: 39472387
Looks like you can transfer roles via ad users and computers as well. Is command line the best way to go or can I use the snap in?

Author Comment

ID: 39472399
my apologies......in my case, I have to seize the roles since the server will no longer be in production or operational
LVL 36

Expert Comment

by:Seth Simmons
ID: 39472404
yes you can transfer (not seize) using gui tools though it's easier from the command line since gui requires registering a dll and adding mmc snap-in manually - doable, just cumbersome

wouldn't recommend waiting very long to seize the roles since it could affect some services

the entire process would only take a couple minutes but a bit longer for it to replicate depending on how many other sites and domain controllers exist
LVL 24

Accepted Solution

Sandeshdubey earned 1000 total points
ID: 39472405
As the FSMO role holder server is down and cannot be brought back you need to seize the fsmo role transfer will not work.

Seize FSMO role:http://www.petri.co.il/seizing_fsmo_roles.htm

You need to seize the fsmo role on online DC,here order is not important you can seize the role in any order.http://sandeshdubey.wordpress.com/2011/10/07/how-to-transfer-or-seize-fsmo-roles/

You also need to perfrom metadata cleanup of offline DC.http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/

Dont foreget to configure authorative time server role on PDC role holder server:http://support.microsoft.com/kb/816042

You also need to change the dns setting of clients /server whcih may be pointing to offline DC for name resolution this may be in DHCP or TCP/IP setting.

Just for your info there's some info on FSMOs and what would happen if any specific FSMO is down for any length of time, permanently or termporarily.
Active Directory FSMO Roles Explained and What Happens When They Fail and Why you may not be able to keep a DC up once roles were seized.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)

Hope this helps

Author Comment

ID: 39472440
Thanks to all of you! I am going to give this a try now since it wont take to long.
I will let you know how things go.

Author Comment

ID: 39472456
Well I wen through the process, and I am having problems with users home directorys being mapped. Is this typical?
LVL 24

Expert Comment

ID: 39472470
How is the home drive configured can you elaborate by scripts,GPP,etc.Can you post the printscreen of home drive policy.

Check the sysvol folder too and ensure that polcies and script folder is replicated.

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question