Solved

SBS2003 failure; need to seize FSMO

Posted on 2016-08-18
15
75 Views
Last Modified: 2016-08-26
Today our Windows SBS2003 Server has failed before we could migrate the domain. We successfully moved our email to Office365 online from Exchange and do not use Sharepoint. The Data has been backed up from the 8 Windows 7 workstations.
How can I seize the FSMO and services to replace this failed Server from a new Windows Server 2012?  Thank you very much for any help in advance.
Erichiwaann
0
Comment
Question by:Erichiwaann
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 25

Expert Comment

by:-MAS
ID: 41761936
Hi,
Do you have additional domain controller?
If yes you can seize your additional domain controller.
https://www.petri.com/seizing_fsmo_roles

Thanks
1
 
LVL 18

Expert Comment

by:Mal Osborne
ID: 41761938
Quite simple, the fact that the old server was running SBS rather than Server 2003 makes no difference in this scenario.

Either use Powershell, or go old skool and do it with NTDSUTIL.

Powershell instructions here:
https://gallery.technet.microsoft.com/PowerShell-TransferSeize-8e359e5a

NTDSUTIL here:
https://support.microsoft.com/en-us/kb/255504
1
 

Author Comment

by:Erichiwaann
ID: 41761945
Unfortunately we do not have an additional DC. The SBS2003 Server is down/off. So I have a Windows 2012 Server that is currently connected to the domain. I have just used the "add roles" wizard to install AD, DNS and DC. But the DC wizard has failed when pointing to the existing local domain and will go no further. I am reading the powershell instructions now and will let you know ASAP. Thank you both.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Erichiwaann
ID: 41761947
Forgot to mention: The 2012 Server is currently only a "member server"...
0
 
LVL 25

Expert Comment

by:-MAS
ID: 41761948
Hi Erichiwaan,
If you do not have an ADC before the failure of FSMO holder your only option is to recover from backup or setup an entirely new domain controller with a new domain from scratch.


Thanks
MAS
1
 

Author Comment

by:Erichiwaann
ID: 41761954
So it will be the latter I'm afraid-  "setting up a new domain controller with a new domain from scratch".  After I create the new domain, how can I add the workstations and keep the users desktops?
0
 
LVL 25

Expert Comment

by:-MAS
ID: 41761963
I am afraid you will have to add domain added PCs to the new domain after backing up the profile.
https://support.microsoft.com/en-us/kb/971759 
Restore the profile after adding PC to new domain.

You may use this to unjoin and join to new domain.
https://technet.microsoft.com/en-us/library/hh849798(v=wps.620).aspx

Thanks
MAS
1
 

Author Comment

by:Erichiwaann
ID: 41761974
Thank you MAS. How long do I have to do this or before the broken domains workstations have networking issues running without the SBS2003? Just curious...
0
 
LVL 18

Accepted Solution

by:
Mal Osborne earned 500 total points
ID: 41762021
OK, seizing FSMO roles is something you can only do on a domain controller that has a valid copy of the domain data.

In your case, getting this would require the old SBS box to be at least partly functional, it would have to be working as a DC.

The alternative is to start again, creating  all the users, and adding all PCs to the domain. The new users and machines, even if named the same will be different. Any security settings applied to folders and files will be invalid.

How badly "failed" is the old SBS2003 server?  Is it feasible to get it on its feet for 30 mins or so while you add the 2012 server and sync the domain data?
1
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41763527
Since you have to set up a new domain you can "migrate" the workstations and preserve the user's profiles and data if you use the ForensIT User Profile Wizard.  It's free and it works great -- I use it regularly for situations like this.

The wizard will join the workstations to the new Server 2012 domain and migrate the profiles all at once.

Remember though, since you no longer have an SBS you now need CALS for your new Server 2012 domain.
1
 

Author Comment

by:Erichiwaann
ID: 41763770
Attempting to revive the Server through a series of hardware transplants....
0
 

Author Comment

by:Erichiwaann
ID: 41764362
The used hardware transplants did not take I'm afraid and will be moving forward with the ForensIT User Profile Wizard. Thanks for everyone's participation so far. I really appreciate your expertise very much.
0
 

Author Comment

by:Erichiwaann
ID: 41767129
Thanks for everyones help. Unfortunately the ForensIT User Profile Wizard didn't work for me and I had to add the PCs to the new domain. And now have DNS issues. Should I start another thread to get some help with this?
0
 
LVL 25

Expert Comment

by:-MAS
ID: 41767147
Start a new thread to get a faster response.
1
 

Author Comment

by:Erichiwaann
ID: 41772246
Unfortunately I was not able to migrate user profiles with the ForensIT User Profile Wizard and had to re-connected each workstation. I appreciate everyone's input and expertise within this thread. Have a good weekend! Erichiwaann
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question