Solved

FSMO + Active Directory migration

Posted on 2014-02-05
6
685 Views
Last Modified: 2014-02-05
For active directory migration do I need the FSMO moved over to the new server or does it automatically get put on the new server when it gets promoted?

I'm not really sure what the FSMO does. Looks like when I promoted the 2nd server the active directory list was copied to the new server with all the users. I plan on just turning off the first server and not demoting it.

I'm testing this out all in a Virtual environment before I actually do this just trying to cover the basic procedures.
0
Comment
Question by:easyworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 400 total points
ID: 39836839
Don't just shutoff the first server without demoting, then you also have to go through a metadata cleanup.  you want to have a clean demotion using dcpromo.

It will automatically transfer the FSMO roles but I like doing them myself and making sure it worked with no issues.  More on transferring    http://support.microsoft.com/kb/255690

There are 2 forest wide FSMO roles (Schema master, Domain naming master).  Three FSMOs per domain (PDC emulator, RID master, Infrastructure master).   Search for FSMO and there is a lot of great info out there.

Thanks

Mike
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837162
Yeah, but it complains about "Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)" when I try to transfer the fsmo roles using ntdsutil.

Why do I need to worry about demoting the server?
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837173
I just noticed your link has GUI so i'll take another look at that tomorrow.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39837249
If you don't demote there will still be references to it in AD.  Is this a production network.  I'd always try to have two DCs.

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 39837673
As stated do NOT just power down the server. It is very important to demote a DC gracefully if possible. If you cannot demote the DC and it has the FSMO roles on it you will need to "Seize" the roles to the working DC. You will also need to do a metadata cleanup (already mentioned), Somethings metadata does not do a good job of cleaning up is removing all of the SRV records present in DNS. SRV records are very important as it tell the clients where to find the proper domain controllers to authenticate to using different types of protocols (ldap, kerberos, global catalog etc). If you do not remove these records manually after seizing the roles and metadata cleanup your clients run the risk of pointing to a DC that no longer exists which can create error messages with the user experience.

SRV records are located under DNS Manager>internal.domain>_msdcs folder. Go through all of the folders and delete any references to the old domain controller.

Another thing you will need to check is the Sites and Services as well to ensure that you remove and computer objects related to the failed DC, and deleting them.

As stated it would be best if you can demote the DC gracefully but if you can't make sure that you follow the above steps.

Will.
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837697
The server that is going to be removed is a file server for a small company of like 5 employees. I really appreciate the input guys.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question