Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Disaster recovery scenario with a Seize Role

Posted on 2014-12-03
6
Medium Priority
?
165 Views
Last Modified: 2014-12-17
Hi Experts,

We are having a disaster recovery exercise soon. Scenario as follows:

1 forest domain with 2 active sites and a DR site.
Currently Site A (2 DCs with one DC holding all 5 roles) is in active replication/sync with Site B (2 DC). However in a disaster recovery scenario of site B to be down, a disaster site named site C with 1 DC will be up with a backed up data of Site B.

The DC with the5 FSMO roles will then be shut down (to create a scenario of FSMO role holder crashed). DC in site C will seize all roles.

Question is, after DC in site C seize roles, will it still be able to recognise other the other DC in Site A which is still alive? Or a restore is also needed for the DC in Site A? Basically what I'm trying to find out is that, if a DC seized all the FSMO roles, will it still be able to recognise other DCs in other sites and what needs to be done if it can recognize and if it can't does it mean we have to restore all other DCs?

Thanks in advance
0
Comment
Question by:Ali_Junior
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480079
I'm going to quote Microsoft on this "  domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems."

Reference KDB: http://support.microsoft.com/KB/255504
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40480181
Firstly you say that you are using a " with 1 DC will be up with a backed up data of Site B. "
If that means you will try and restore a backup of a DC from B to C then you will fail.

Also as stated, a DC that has had all its roles Seized while offline should NEVER be switched back on. It will cause all kind of issues on your network.
0
 

Author Comment

by:Ali_Junior
ID: 40482096
Thanks for the input, but I think I might have confused you guys :-P

1. The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.
2. The site C is basically a physical site which when brought up into the scenario as the disaster site will be the exact copy of DCs from site B (since site B will be deemed down).

All I needed to confirm is that the remaining Dcs that are alive, can it communicate to the DC that has seized the role.

Thanks.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:Ali_Junior
ID: 40482098
To add on to Point 1. the formatted DC will only be introduced after the disaster recovery exercise is done and situation has been normalized. It will not be brought up during the exercise.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 750 total points
ID: 40482111
Any DC can communicate with any other DC so long as there are network links. You will have to ensure that all of the roles are siezed and away you go :)
0
 
LVL 7

Assisted Solution

by:Network Zero
Network Zero earned 750 total points
ID: 40482131
This is where I think we are confused:

The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.

if the DC in the domain being seized and then is going to be formatted there's going to be no communcation.

Say that site B blew up..

You have 3 DC's   1\ your seizing and formatting number 2 is gone and C is the backup

So there are no DC's left since you will be formatting DC1 and then it will be able to communicate with DC3 once it has been restored normally.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question