Transferring FSMO role
I have production server running in eval mode. To upgrade license I installed another server on hyper-V of same physical host and transfer all FSMO roles. After transfer repadmin was generating error on main server but it worked fine on secondary server (all these worked fine in lab test).
I tried moving FSMO back but it did not help, therefore, I put FSMO on guest again some worked from pshell, some transfer worked form ntdsutil and some worked from console.
Eventually, I tried removing ADDS form host machine and instead of completely removing it suggested me to make it workgroup and stayed with an alert action as promote to DC.
I removed DC from users and computer container, removed NTDS from AD sites and services but it does not allow me to remove DC name from AD sites services. Tried ntdsutil metadata cleanup and it still does not remove.
Option to make it a workgroup is grayed out and DCpromo /force does work either.
Is there any ways to cleanup from adsiedit or more granular level of cleanup. If hyper-v is the only service running I should be able to able to join it back to domain, as DC on hyperV stars automatically with physical host????
I tried moving FSMO back but it did not help, therefore, I put FSMO on guest again some worked from pshell, some transfer worked form ntdsutil and some worked from console.
Eventually, I tried removing ADDS form host machine and instead of completely removing it suggested me to make it workgroup and stayed with an alert action as promote to DC.
I removed DC from users and computer container, removed NTDS from AD sites and services but it does not allow me to remove DC name from AD sites services. Tried ntdsutil metadata cleanup and it still does not remove.
Option to make it a workgroup is grayed out and DCpromo /force does work either.
Is there any ways to cleanup from adsiedit or more granular level of cleanup. If hyper-v is the only service running I should be able to able to join it back to domain, as DC on hyperV stars automatically with physical host????
If, at any time, you used a snapshot and then reverted to it for the DC VM, then you've caused some serious probblems with AD.
If not, I would pull the DC VM off (if it's seemingly working) the host server and run on something else temporarily, delete the "failed" DC from the list of domain controllers in the VM DC. Then wipe and reload the host server as a Hyper-V server ONLY.
Make sure run DCDIAG /C /E /V on each DC and research and resolve any unexplained errors.
If not, I would pull the DC VM off (if it's seemingly working) the host server and run on something else temporarily, delete the "failed" DC from the list of domain controllers in the VM DC. Then wipe and reload the host server as a Hyper-V server ONLY.
Make sure run DCDIAG /C /E /V on each DC and research and resolve any unexplained errors.
I am unable to get demote the host to domain and it is in workgroup but it fails to add to domain controller now. Dcdiag shows could not find server but nslookup shows new DNS
there is no snapshot. I created hyper V guest only to transfer to FSMO role, so I could upgrade license on host
I'll repeat:
I would pull the DC VM off (if it's seemingly working) the host server and run on something else temporarily, delete the "failed" DC from the list of domain controllers in the VM DC. Then wipe and reload the host server as a Hyper-V server ONLY.
(I'm referring to deleting the DC from AD Domain Controllers OU). Metadata cleanup is automated in 2012 when you delete a DC).
MAKE A BACKUP FIRST!
I would pull the DC VM off (if it's seemingly working) the host server and run on something else temporarily, delete the "failed" DC from the list of domain controllers in the VM DC. Then wipe and reload the host server as a Hyper-V server ONLY.
(I'm referring to deleting the DC from AD Domain Controllers OU). Metadata cleanup is automated in 2012 when you delete a DC).
MAKE A BACKUP FIRST!
but it does not allow me to remove DC name from AD sites services
Based on the above comment, when every you cannot remove an object if you are using a 2008 or higher domain you need to check the Properties>Object Tab> Protect from accidential deletion.
If that is checked it does not matter what level of access you have in the domain you need to remove this before you can do anything with it. You will not be able to delete/cleanup using ntdsutil etc.
Check that first then do the demotion. If you already have the Guest VM as the FSMO role holder (verifying using netdom query fsmo) you can simply demote the Host with ADDS installed.
If any roles are still on the host and you cannot transfer them do the Guest VM you will need to seize the roles to the guest VM.
Once you have done that remove the machines from the domain and also rename it if possible. Then bring up a second guest vm and prmote it to a DC for redundancy.
Will.
Hi Will. thanks for your comment... I found the root cause of the problem was second NIC I used for hypervisor. I posted my question solution on second link -
Please look go through it and advise.I would definitely like second opinion on that. As I would be adding ADDS role and transferring roles to main host once apply license
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Hyper-V/Q_28626986.html
Please look go through it and advise.I would definitely like second opinion on that. As I would be adding ADDS role and transferring roles to main host once apply license
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Hyper-V/Q_28626986.html
I brought my home lab server to production and created a VM on hyper V transfer all fsmo roles. Decommissioned production server, reinstalled OS and transfer role back. All file server where on secondary partitioned and I was able to restore permission.
Note - For moderator the issue has been resolved and I don't see any closed button.
Note - For moderator the issue has been resolved and I don't see any closed button.
I've requested that this question be closed as follows:
Accepted answer: 0 points for pchettri's comment #a40901420
for the following reason:
RESOLVED
Accepted answer: 0 points for pchettri's comment #a40901420
for the following reason:
RESOLVED
did try few suggestion from first comment to get closer to resolution. I guess that would be the closes for closure. If this question is still not resolved and if I am still not able to post question. I would call tomorrow to discontinue paying for this account, as discussed in the previous call. It should have been working by now as promised
Premium Content
You need an Expert Office subscription to comment.Start Free Trial