Solved

Disaster recovery scenario with a Seize Role

Posted on 2014-12-03
6
158 Views
Last Modified: 2014-12-17
Hi Experts,

We are having a disaster recovery exercise soon. Scenario as follows:

1 forest domain with 2 active sites and a DR site.
Currently Site A (2 DCs with one DC holding all 5 roles) is in active replication/sync with Site B (2 DC). However in a disaster recovery scenario of site B to be down, a disaster site named site C with 1 DC will be up with a backed up data of Site B.

The DC with the5 FSMO roles will then be shut down (to create a scenario of FSMO role holder crashed). DC in site C will seize all roles.

Question is, after DC in site C seize roles, will it still be able to recognise other the other DC in Site A which is still alive? Or a restore is also needed for the DC in Site A? Basically what I'm trying to find out is that, if a DC seized all the FSMO roles, will it still be able to recognise other DCs in other sites and what needs to be done if it can recognize and if it can't does it mean we have to restore all other DCs?

Thanks in advance
0
Comment
Question by:Ali_Junior
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480079
I'm going to quote Microsoft on this "  domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems."

Reference KDB: http://support.microsoft.com/KB/255504
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40480181
Firstly you say that you are using a " with 1 DC will be up with a backed up data of Site B. "
If that means you will try and restore a backup of a DC from B to C then you will fail.

Also as stated, a DC that has had all its roles Seized while offline should NEVER be switched back on. It will cause all kind of issues on your network.
0
 

Author Comment

by:Ali_Junior
ID: 40482096
Thanks for the input, but I think I might have confused you guys :-P

1. The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.
2. The site C is basically a physical site which when brought up into the scenario as the disaster site will be the exact copy of DCs from site B (since site B will be deemed down).

All I needed to confirm is that the remaining Dcs that are alive, can it communicate to the DC that has seized the role.

Thanks.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Ali_Junior
ID: 40482098
To add on to Point 1. the formatted DC will only be introduced after the disaster recovery exercise is done and situation has been normalized. It will not be brought up during the exercise.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 250 total points
ID: 40482111
Any DC can communicate with any other DC so long as there are network links. You will have to ensure that all of the roles are siezed and away you go :)
0
 
LVL 7

Assisted Solution

by:Network Zero
Network Zero earned 250 total points
ID: 40482131
This is where I think we are confused:

The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.

if the DC in the domain being seized and then is going to be formatted there's going to be no communcation.

Say that site B blew up..

You have 3 DC's   1\ your seizing and formatting number 2 is gone and C is the backup

So there are no DC's left since you will be formatting DC1 and then it will be able to communicate with DC3 once it has been restored normally.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question