Disaster recovery scenario with a Seize Role

Hi Experts,

We are having a disaster recovery exercise soon. Scenario as follows:

1 forest domain with 2 active sites and a DR site.
Currently Site A (2 DCs with one DC holding all 5 roles) is in active replication/sync with Site B (2 DC). However in a disaster recovery scenario of site B to be down, a disaster site named site C with 1 DC will be up with a backed up data of Site B.

The DC with the5 FSMO roles will then be shut down (to create a scenario of FSMO role holder crashed). DC in site C will seize all roles.

Question is, after DC in site C seize roles, will it still be able to recognise other the other DC in Site A which is still alive? Or a restore is also needed for the DC in Site A? Basically what I'm trying to find out is that, if a DC seized all the FSMO roles, will it still be able to recognise other DCs in other sites and what needs to be done if it can recognize and if it can't does it mean we have to restore all other DCs?

Thanks in advance
Ali_JuniorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Network ZeroCloud Engineer Commented:
I'm going to quote Microsoft on this "  domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems."

Reference KDB: http://support.microsoft.com/KB/255504
0
Neil RussellTechnical Development LeadCommented:
Firstly you say that you are using a " with 1 DC will be up with a backed up data of Site B. "
If that means you will try and restore a backup of a DC from B to C then you will fail.

Also as stated, a DC that has had all its roles Seized while offline should NEVER be switched back on. It will cause all kind of issues on your network.
0
Ali_JuniorAuthor Commented:
Thanks for the input, but I think I might have confused you guys :-P

1. The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.
2. The site C is basically a physical site which when brought up into the scenario as the disaster site will be the exact copy of DCs from site B (since site B will be deemed down).

All I needed to confirm is that the remaining Dcs that are alive, can it communicate to the DC that has seized the role.

Thanks.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Ali_JuniorAuthor Commented:
To add on to Point 1. the formatted DC will only be introduced after the disaster recovery exercise is done and situation has been normalized. It will not be brought up during the exercise.
0
Neil RussellTechnical Development LeadCommented:
Any DC can communicate with any other DC so long as there are network links. You will have to ensure that all of the roles are siezed and away you go :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Network ZeroCloud Engineer Commented:
This is where I think we are confused:

The DC which has it's roles seized will not be introduced back to the forest. It will be formatted and re-introduced.

if the DC in the domain being seized and then is going to be formatted there's going to be no communcation.

Say that site B blew up..

You have 3 DC's   1\ your seizing and formatting number 2 is gone and C is the backup

So there are no DC's left since you will be formatting DC1 and then it will be able to communicate with DC3 once it has been restored normally.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.