Seizing FMSO roles. Pls help.

G

Guest

Hi

I have 2 DC in my company. Lets call it ServerA and ServerB. ServerA was the initial server with all the 5 FMSO roles. However, last week ServerA hardisk crashed. (2 of the 3 hardisk configured as RAID 5 crashed at once!! - The machine is from a reputable company but i shalln't disclosed it. Btw the machine is only 6 mths old. Sheer bad luck). I don't have a full backup of the system. Only data backups. Anyhow i have replaced the hardisks and re-installed the OS. i run DCpromo and make ServerA back as a DC. ServerA manage to "Synchronised" with ServerB during DCpromo. All users and computers appear in ServerA after the DCpromo. However, if i were to create a new user in ServerA, i will received event error id: 16650. After i ran ndsutils and seize the "Infrastructure master", "PDC" and "RID master" roles, i did not have the event id: 16650 error and i could create users in ServerA.

After the above seizure, i received 2 FMSO errors instead of 5 which is the "Schema master" and "Domain naming master" roles. In my situation, could i seize the remaining roles from ServerA. What will happen to ServerA? Will it still be a DC? Will i have to DCpromo ServerA again to demote it and then run DCpromo again to "join" back as a DC? If i were to do just that, will all the softwares and folders still remain intact. (i only have Terminal Server licencing, Symantec Antivirus and user data in it)According to an article in Microsoft Knowledgebase, it is not recommended to seize all the roles unless i want to put ServerA permanently out of the domain. In which case i'm not but in fact trying to re-instate in into the domain

PLS HELP. GREATLY APPRECIATED!!
 
M

Mark Scott

You should only seize roles from a server which has crashed and will NEVER
reappear in the domain again.

Since Server A crashed, you should have seized all 5 roles onto server B, I
think its likelythat you used the same DNS name and IP address, since the
server has a different SID, serverB is very confused as to where the FMSO
roles are, Server A is different now than it was before.

If all your FMSO's are on A then I would seize ALL 5 roles onto B, reformat
A and start again from scratch, Ideally, if your environment is small, I
would reinstall BOTH DCs from scratch and start again. - use CSVDE to
export all objects from AD.

Regards

Mark

nacha said:
Hi,

I have 2 DC in my company. Lets call it ServerA and ServerB. ServerA was
the initial server with all the 5 FMSO roles. However, last week ServerA
hardisk crashed. (2 of the 3 hardisk configured as RAID 5 crashed at
once!! - The machine is from a reputable company but i shalln't disclosed
it. Btw the machine is only 6 mths old. Sheer bad luck). I don't have a full
backup of the system. Only data backups. Anyhow i have replaced the hardisks
and re-installed the OS. i run DCpromo and make ServerA back as a DC.
ServerA manage to "Synchronised" with ServerB during DCpromo. All users and
computers appear in ServerA after the DCpromo. However, if i were to create
a new user in ServerA, i will received event error id: 16650. After i ran
ndsutils and seize the "Infrastructure master", "PDC" and "RID master"
roles, i did not have the event id: 16650 error and i could create users in
ServerA.
After the above seizure, i received 2 FMSO errors instead of 5 which is
the "Schema master" and "Domain naming master" roles. In my situation, could
i seize the remaining roles from ServerA. What will happen to ServerA? Will
it still be a DC? Will i have to DCpromo ServerA again to demote it and then
run DCpromo again to "join" back as a DC? If i were to do just that, will
all the softwares and folders still remain intact. (i only have Terminal
Server licencing, Symantec Antivirus and user data in it)According to an
article in Microsoft Knowledgebase, it is not recommended to seize all the
roles unless i want to put ServerA permanently out of the domain. In which
case i'm not but in fact trying to re-instate in into the domain.
 
G

Guest

Thanks Mark. I see your point. After seizing all 5 roles from A, could i demote and re-promote A instead of reformating and start again from scratch? If i had to reformat and start from scratch, can i use back the same server name and ip address? I presume i had to demote A to member server before reformating/reinstallation

Thanks again. Very much appreciated

Nach


----- Mark Scott wrote: ----

You should only seize roles from a server which has crashed and will NEVE
reappear in the domain again

Since Server A crashed, you should have seized all 5 roles onto server B,
think its likelythat you used the same DNS name and IP address, since th
server has a different SID, serverB is very confused as to where the FMS
roles are, Server A is different now than it was before

If all your FMSO's are on A then I would seize ALL 5 roles onto B, reforma
A and start again from scratch, Ideally, if your environment is small,
would reinstall BOTH DCs from scratch and start again. - use CSVDE t
export all objects from AD

Regard

Mar

nacha said:
the initial server with all the 5 FMSO roles. However, last week Server
hardisk crashed. (2 of the 3 hardisk configured as RAID 5 crashed a
once!! - The machine is from a reputable company but i shalln't disclose
it. Btw the machine is only 6 mths old. Sheer bad luck). I don't have a ful
backup of the system. Only data backups. Anyhow i have replaced the hardisk
and re-installed the OS. i run DCpromo and make ServerA back as a DC
ServerA manage to "Synchronised" with ServerB during DCpromo. All users an
computers appear in ServerA after the DCpromo. However, if i were to creat
a new user in ServerA, i will received event error id: 16650. After i ra
ndsutils and seize the "Infrastructure master", "PDC" and "RID master
roles, i did not have the event id: 16650 error and i could create users i
ServerAthe "Schema master" and "Domain naming master" roles. In my situation, coul
i seize the remaining roles from ServerA. What will happen to ServerA? Wil
it still be a DC? Will i have to DCpromo ServerA again to demote it and the
run DCpromo again to "join" back as a DC? If i were to do just that, wil
all the softwares and folders still remain intact. (i only have Termina
Server licencing, Symantec Antivirus and user data in it)According to a
article in Microsoft Knowledgebase, it is not recommended to seize all th
roles unless i want to put ServerA permanently out of the domain. In whic
case i'm not but in fact trying to re-instate in into the domain
 
M

Mark Scott

No, you CANNOT demote / promote, because The Schema Master / RID Master /
Domain Naming Master roles are critical to the running of the network, Both
of your DCs have information regarding these roles and AD would be
corrupted.

If I were you I would cut your losses and start again. If you were
reformatting then you *should* be able to use the same servernames and IPs,
to make doubly sure I would decomission both Domain controllers at the same
time, reinstall the first one with the same details and then reinstall the
second and then promote it.

Once you have finished this, I would reccomend tranferring the roles of the
Infrastructure and domain naming master to server B via the MMC, and make
sure you take a full backup of both domain controllers.

Regards

Mark

Nacha said:
Thanks Mark. I see your point. After seizing all 5 roles from A, could i
demote and re-promote A instead of reformating and start again from scratch?
If i had to reformat and start from scratch, can i use back the same server
name and ip address? I presume i had to demote A to member server before
reformating/reinstallation.
 
C

Chris Hall

Good morning,

I was reading this thread and had a question: you recommended moving both
the Infrastructure & domain naming master to server B--doesn't the server
that holds the domain naming master need to have the GC also? And if so,
doesn't having the infrastructure on the same dc as the GC cause conflicts?

I'm working on a couple of test boxes and after I installed both servers, I
got this error:

Event Type: Warning
Event Source: NTDS General
Event Category: (9)
Event ID: 1534
Date: 4/7/2004
Time: 4:00:02 PM
User: MOON\Administrator
Computer: SERVER1
Description:
This machine holds the Domain Master Role, and is not a GC. These two
states are incompatible. Either this machine should be made a GC or the
role should be transferred to a machine that is a GC.
 
M

Mark Scott

I stand corrected :)

The Domain Naming Master must be on a GC, The Infrastructure Master should
not be on a GC,

The RID and the PDC masters should be on the same box. KB223346 has all
the details.

Cheers

Mark
 
C

Chris Hall

Thanks Mark.

Mark Scott said:
I stand corrected :)

The Domain Naming Master must be on a GC, The Infrastructure Master should
not be on a GC,

The RID and the PDC masters should be on the same box. KB223346 has all
the details.

Cheers

Mark

servers, Master could demote
 
C

Cary Shultz [A.D. MVP]

Mark,

Not necessarily true. If you have only one domain in the forest then it
does not matter if the DC that holds the FSMO role of Infrastructure Master
is also a GC. Think about why this could be a problem in a multiple domain
/ tree situation.

HTH,

Cary
 
G

Guest

Thanks Mark . Been a great help.

Cheers

----- Mark Scott wrote: ----

No, you CANNOT demote / promote, because The Schema Master / RID Master
Domain Naming Master roles are critical to the running of the network, Bot
of your DCs have information regarding these roles and AD would b
corrupted

If I were you I would cut your losses and start again. If you wer
reformatting then you *should* be able to use the same servernames and IPs
to make doubly sure I would decomission both Domain controllers at the sam
time, reinstall the first one with the same details and then reinstall th
second and then promote it

Once you have finished this, I would reccomend tranferring the roles of th
Infrastructure and domain naming master to server B via the MMC, and mak
sure you take a full backup of both domain controllers

Regard

Mar

Nacha said:
Thanks Mark. I see your point. After seizing all 5 roles from A, could
demote and re-promote A instead of reformating and start again from scratch
If i had to reformat and start from scratch, can i use back the same serve
name and ip address? I presume i had to demote A to member server befor
reformating/reinstallation
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top