challBOE
asked on
If I Seize Schema Master am I required to restore failed Domain Controller?
Seize schema master role repercussions in an 11 DC environment which is at Forest level functionality = 2003, domain level functionality= 2008 r2, and all Domain controllers on server OS=2012.
DC1, with all fsmo roles, failed.
Dc2 was able to grab all roles except Schema Master, in the ADUC Users/Computers mmc it shows "error" under current Schema Master.
In command line (netdom /query fsmo it shows
"Warning: role owner is a deleted DC".
I was ready to use NTdsutil to seize the schema Master role, but reading up on it, it says the failed DC (DC1) would have to be restored in order for Schema Master to work (allow DCpromo to work) again . I have no intention of restoring the failed DC1.
I have Exchange servers, I will probably need to DCPromo again.
Is this true that the original failed DC1 must be restored, or can I grab the Schema role successfully and have full functionality in my domain with out having to restore the failed server DC1?
DC1, with all fsmo roles, failed.
Dc2 was able to grab all roles except Schema Master, in the ADUC Users/Computers mmc it shows "error" under current Schema Master.
In command line (netdom /query fsmo it shows
"Warning: role owner is a deleted DC".
I was ready to use NTdsutil to seize the schema Master role, but reading up on it, it says the failed DC (DC1) would have to be restored in order for Schema Master to work (allow DCpromo to work) again . I have no intention of restoring the failed DC1.
I have Exchange servers, I will probably need to DCPromo again.
Is this true that the original failed DC1 must be restored, or can I grab the Schema role successfully and have full functionality in my domain with out having to restore the failed server DC1?
No, you should be able to seize the schema master and move on. In fact, restoring the previous schema master after seizing the role would be a bad idea.
Don't restore DC1 now, you already seized other FSMO roles which DC1 holds previously
seize schema master role as well
Seize process is there because you cannot bring original FSMO master back online, I don't know where you got document to restore original DC back before seize schema master, that is wrong docuemntation
seize schema master role as well
Seize process is there because you cannot bring original FSMO master back online, I don't know where you got document to restore original DC back before seize schema master, that is wrong docuemntation
ASKER
Mahesh,
Here is where I got the original documentation.
https://www.petri.com/seizing_fsmo_roles
"The following table summarizes the FSMO seizing restrictions:
FSMO Role Restrictions
Schema **Original must be reinstalled** <------------
Domain Naming
RID
PDC Emulator Can transfer back to original"
It is that comment "original must be reinstalled" that concerned me.
Here is where I got the original documentation.
https://www.petri.com/seizing_fsmo_roles
"The following table summarizes the FSMO seizing restrictions:
FSMO Role Restrictions
Schema **Original must be reinstalled** <------------
Domain Naming
RID
PDC Emulator Can transfer back to original"
It is that comment "original must be reinstalled" that concerned me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone, Petri was the document I had originally wanted to use and Mahesh helped me interpret the one line that was holding me back. I did have to go into DNS and remove all references to the failed DC, even after metadata cleanup. And probably most helpful, wait for all the changes to migrate to all DCs before trying to seize the roles.
Thank you all for your help.
Thank you all for your help.
Good reference articles:
https://support.microsoft.com/en-ca/help/216498/how-to-remove-data-in-active-directory-after-an-unsuccessful-domain-co
https://www.petri.com/delete_failed_dcs_from_ad