dedri
asked on
AD restore of operations masters(FSMO) role
Hello,
I am trying to figure out if in case of failure of one of our Domain Controller which holds all FSMO roles is it possible to restore it.
As per the MS article,
Restoring the RID Master can result in Active Directory data corruption, so it is not recommended.
Restoring the Schema Master can result in orphaned objects, so it is not recommended.
So in case we need to restore RID and Schema Master, what is the best practice? Is it possible to restore this server?
Windows servers are 2003R2. domain functional level is also 2003R2.
I am trying to figure out if in case of failure of one of our Domain Controller which holds all FSMO roles is it possible to restore it.
As per the MS article,
Restoring the RID Master can result in Active Directory data corruption, so it is not recommended.
Restoring the Schema Master can result in orphaned objects, so it is not recommended.
So in case we need to restore RID and Schema Master, what is the best practice? Is it possible to restore this server?
Windows servers are 2003R2. domain functional level is also 2003R2.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
here is the article from the microsoft site which I am reading:
http://technet.microsoft.com/en-us/library/cc526503.aspx
http://technet.microsoft.com/en-us/library/cc526503.aspx
Interesting article -- I wish they had a published date on it. Assuming that your DCs are only being DCs (and DNS), I like the articles recommendation of starting fresh. It sounds like a little bit of conflicting information. The bullet list that I provided was of Microsoft's site and that talks about restoring form backup.
Tom
Tom
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes, I know that the best practices is to sieze the roles, reinstall the server , but in my situation this is not only the domain controller and server holds also Certificate Authority, Terminal server licenses, home folders, etc.., and in case of failure I was wondering if restore is possible, and if this restore will not make any bad things to my active directory
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
10x alicain,
you clarify to me about Schema Master.
So, just to summarize, in case of failure I can restore the server from backup, the prerequisite is the roles shouldn't be seized.
you clarify to me about Schema Master.
So, just to summarize, in case of failure I can restore the server from backup, the prerequisite is the roles shouldn't be seized.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As you say, when the RID master has been seized, it must not be returned to service. Although this is different to the scenario of : the DC holding the RID master fails, no roles are transferred/seized and the DC is non-authoritatively restored from backup.
I cannot think what the information you've read about the schema master is referring to. It is only used during the process of updating the schema. I cannot see how doing a non-authoritative restore of the schema master would result in orphaned objects, unless it was done in an unsupported way i.e. rollback of a VM image, but that's a different story...
Also, it is worth considering that in the event of a failure, it may be less pain to transfer/seize the roles, metadata cleanup then rebuild the DC rather than restore from backup, depending on the nature of the failure.
Documenting the possible failure scenarios and your recovery plan in each case will help. Given you have multiple DCs, consider spreading them around.
Regards,
Alastair.