Solved

FSMO + Active Directory migration

Posted on 2014-02-05
6
679 Views
Last Modified: 2014-02-05
For active directory migration do I need the FSMO moved over to the new server or does it automatically get put on the new server when it gets promoted?

I'm not really sure what the FSMO does. Looks like when I promoted the 2nd server the active directory list was copied to the new server with all the users. I plan on just turning off the first server and not demoting it.

I'm testing this out all in a Virtual environment before I actually do this just trying to cover the basic procedures.
0
Comment
Question by:easyworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 400 total points
ID: 39836839
Don't just shutoff the first server without demoting, then you also have to go through a metadata cleanup.  you want to have a clean demotion using dcpromo.

It will automatically transfer the FSMO roles but I like doing them myself and making sure it worked with no issues.  More on transferring    http://support.microsoft.com/kb/255690

There are 2 forest wide FSMO roles (Schema master, Domain naming master).  Three FSMOs per domain (PDC emulator, RID master, Infrastructure master).   Search for FSMO and there is a lot of great info out there.

Thanks

Mike
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837162
Yeah, but it complains about "Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)" when I try to transfer the fsmo roles using ntdsutil.

Why do I need to worry about demoting the server?
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837173
I just noticed your link has GUI so i'll take another look at that tomorrow.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39837249
If you don't demote there will still be references to it in AD.  Is this a production network.  I'd always try to have two DCs.

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 39837673
As stated do NOT just power down the server. It is very important to demote a DC gracefully if possible. If you cannot demote the DC and it has the FSMO roles on it you will need to "Seize" the roles to the working DC. You will also need to do a metadata cleanup (already mentioned), Somethings metadata does not do a good job of cleaning up is removing all of the SRV records present in DNS. SRV records are very important as it tell the clients where to find the proper domain controllers to authenticate to using different types of protocols (ldap, kerberos, global catalog etc). If you do not remove these records manually after seizing the roles and metadata cleanup your clients run the risk of pointing to a DC that no longer exists which can create error messages with the user experience.

SRV records are located under DNS Manager>internal.domain>_msdcs folder. Go through all of the folders and delete any references to the old domain controller.

Another thing you will need to check is the Sites and Services as well to ensure that you remove and computer objects related to the failed DC, and deleting them.

As stated it would be best if you can demote the DC gracefully but if you can't make sure that you follow the above steps.

Will.
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837697
The server that is going to be removed is a file server for a small company of like 5 employees. I really appreciate the input guys.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question