?
Solved

Can I seize FSMO Roles if my Root/Parent Domain Controller Died and my Child Domain Controllers are still operational

Posted on 2015-02-24
5
Medium Priority
?
570 Views
Last Modified: 2015-02-25
Good afternoon-

I have one Root Domain Controller (root.com) that just died physically and cannot be repaired - The Root DC had the Schema Role on it, So now when I try to modify group policies, I get an error indicating that no domains are available. I also have Child Domain Controllers (child.root.com)....I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication, etc.....?? I have a bunch of errors in event viewer in reference to the Root Domain Controller being unreachable, However, no issues with loging into the network.
0
Comment
Question by:rbonds
5 Comments
 
LVL 6

Accepted Solution

by:
rgorman earned 750 total points
ID: 40629185
From what I know you need the root domain.  You won't be able to get by without it.  Your best bet would be to recreate it and restore from backup.  You should be able to install a new server, virtual or physical, with the same name and IP and do a restore of AD using DCPROMO and the system state backup.
0
 

Author Comment

by:rbonds
ID: 40629205
How would I restore from AD and System State Backup?  I'm sorry I forgot to mention that I'm working with windows server 2003.

I also made a bunch of changes in my child domain without being aware that the root domain was dead for several months.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 750 total points
ID: 40629219
I wanted to know can I seize roles from the dead Root Domain Controller to a Child Domain controller without mucking up AD, Replication,

This cannot be done. Schema Master role is a Forest Wide role that the forest root domain holds. You will need to restore the DC from a backup in your root domain. You should always have n+1 DC's per
domain/site for redundancy.

Authoritative Restore from System State
https://technet.microsoft.com/en-us/library/cc961934.aspx

Will.
0
 
LVL 6

Expert Comment

by:rgorman
ID: 40629253
Or you could follow the advanced options here...

https://support.microsoft.com/kb/311078
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 40630124
You can transfer forest wide roles to child domain if root domain is alive

OR

You can seize schema master and naming master roles to child domain only if one of the parent DC is available and you are having enterprise admins credentials
Infact if you have one parent DC alive you would seize roles to that DC only and question itself get resolved

In your case root domain is not available, so you cannot do whatever you are trying to do

Only valid option could be restore root domain if you have system state backup
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question