?
Solved

FSMO + Active Directory migration

Posted on 2014-02-05
6
Medium Priority
?
692 Views
Last Modified: 2014-02-05
For active directory migration do I need the FSMO moved over to the new server or does it automatically get put on the new server when it gets promoted?

I'm not really sure what the FSMO does. Looks like when I promoted the 2nd server the active directory list was copied to the new server with all the users. I plan on just turning off the first server and not demoting it.

I'm testing this out all in a Virtual environment before I actually do this just trying to cover the basic procedures.
0
Comment
Question by:easyworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1600 total points
ID: 39836839
Don't just shutoff the first server without demoting, then you also have to go through a metadata cleanup.  you want to have a clean demotion using dcpromo.

It will automatically transfer the FSMO roles but I like doing them myself and making sure it worked with no issues.  More on transferring    http://support.microsoft.com/kb/255690

There are 2 forest wide FSMO roles (Schema master, Domain naming master).  Three FSMOs per domain (PDC emulator, RID master, Infrastructure master).   Search for FSMO and there is a lot of great info out there.

Thanks

Mike
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837162
Yeah, but it complains about "Domain Controller - "DsBindW error 0x6ba (The RPC server is unavailable)" when I try to transfer the fsmo roles using ntdsutil.

Why do I need to worry about demoting the server?
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837173
I just noticed your link has GUI so i'll take another look at that tomorrow.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39837249
If you don't demote there will still be references to it in AD.  Is this a production network.  I'd always try to have two DCs.

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 39837673
As stated do NOT just power down the server. It is very important to demote a DC gracefully if possible. If you cannot demote the DC and it has the FSMO roles on it you will need to "Seize" the roles to the working DC. You will also need to do a metadata cleanup (already mentioned), Somethings metadata does not do a good job of cleaning up is removing all of the SRV records present in DNS. SRV records are very important as it tell the clients where to find the proper domain controllers to authenticate to using different types of protocols (ldap, kerberos, global catalog etc). If you do not remove these records manually after seizing the roles and metadata cleanup your clients run the risk of pointing to a DC that no longer exists which can create error messages with the user experience.

SRV records are located under DNS Manager>internal.domain>_msdcs folder. Go through all of the folders and delete any references to the old domain controller.

Another thing you will need to check is the Sites and Services as well to ensure that you remove and computer objects related to the failed DC, and deleting them.

As stated it would be best if you can demote the DC gracefully but if you can't make sure that you follow the above steps.

Will.
0
 
LVL 1

Author Comment

by:easyworks
ID: 39837697
The server that is going to be removed is a file server for a small company of like 5 employees. I really appreciate the input guys.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month13 days, 2 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question