Solved

Can I seize FSMO Roles if my Root/Parent Domain Controller Died and my Child Domain Controllers are still operational

Posted on 2015-02-24
5
457 Views
Last Modified: 2015-02-25
Good afternoon-

I have one Root Domain Controller (root.com) that just died physically and cannot be repaired - The Root DC had the Schema Role on it, So now when I try to modify group policies, I get an error indicating that no domains are available. I also have Child Domain Controllers (child.root.com)....I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication, etc.....?? I have a bunch of errors in event viewer in reference to the Root Domain Controller being unreachable, However, no issues with loging into the network.
0
Comment
Question by:rbonds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Accepted Solution

by:
rgorman earned 250 total points
ID: 40629185
From what I know you need the root domain.  You won't be able to get by without it.  Your best bet would be to recreate it and restore from backup.  You should be able to install a new server, virtual or physical, with the same name and IP and do a restore of AD using DCPROMO and the system state backup.
0
 

Author Comment

by:rbonds
ID: 40629205
How would I restore from AD and System State Backup?  I'm sorry I forgot to mention that I'm working with windows server 2003.

I also made a bunch of changes in my child domain without being aware that the root domain was dead for several months.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 40629219
I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication,

This cannot be done. Schema Master role is a Forest Wide role that the forest root domain holds. You will need to restore the DC from a backup in your root domain. You should always have n+1 DC's per
domain/site for redundancy.

Authoritative Restore from System State
https://technet.microsoft.com/en-us/library/cc961934.aspx

Will.
0
 
LVL 6

Expert Comment

by:rgorman
ID: 40629253
Or you could follow the advanced options here...

https://support.microsoft.com/kb/311078
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40630124
You can transfer forest wide roles to child domain if root domain is alive

OR

You can seize schema master and naming master roles to child domain only if one of the parent DC is available and you are having enterprise admins credentials
Infact if you have one parent DC alive you would seize roles to that DC only and question itself get resolved

In your case root domain is not available, so you cannot do whatever you are trying to do

Only valid option could be restore root domain if you have system state backup
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question