Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can I seize FSMO Roles if my Root/Parent Domain Controller Died and my Child Domain Controllers are still operational

Posted on 2015-02-24
5
Medium Priority
?
527 Views
Last Modified: 2015-02-25
Good afternoon-

I have one Root Domain Controller (root.com) that just died physically and cannot be repaired - The Root DC had the Schema Role on it, So now when I try to modify group policies, I get an error indicating that no domains are available. I also have Child Domain Controllers (child.root.com)....I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication, etc.....?? I have a bunch of errors in event viewer in reference to the Root Domain Controller being unreachable, However, no issues with loging into the network.
0
Comment
Question by:rbonds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Accepted Solution

by:
rgorman earned 750 total points
ID: 40629185
From what I know you need the root domain.  You won't be able to get by without it.  Your best bet would be to recreate it and restore from backup.  You should be able to install a new server, virtual or physical, with the same name and IP and do a restore of AD using DCPROMO and the system state backup.
0
 

Author Comment

by:rbonds
ID: 40629205
How would I restore from AD and System State Backup?  I'm sorry I forgot to mention that I'm working with windows server 2003.

I also made a bunch of changes in my child domain without being aware that the root domain was dead for several months.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 750 total points
ID: 40629219
I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication,

This cannot be done. Schema Master role is a Forest Wide role that the forest root domain holds. You will need to restore the DC from a backup in your root domain. You should always have n+1 DC's per
domain/site for redundancy.

Authoritative Restore from System State
https://technet.microsoft.com/en-us/library/cc961934.aspx

Will.
0
 
LVL 6

Expert Comment

by:rgorman
ID: 40629253
Or you could follow the advanced options here...

https://support.microsoft.com/kb/311078
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40630124
You can transfer forest wide roles to child domain if root domain is alive

OR

You can seize schema master and naming master roles to child domain only if one of the parent DC is available and you are having enterprise admins credentials
Infact if you have one parent DC alive you would seize roles to that DC only and question itself get resolved

In your case root domain is not available, so you cannot do whatever you are trying to do

Only valid option could be restore root domain if you have system state backup
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question