seizing the fsmo roles and reallocating them...

K

kellogy

Hi,

I have some queries reg. the role transfer.

I'm in an environment where there is a single primary
domain and one child domain for the primary domain.

one backup domain ctlr holds the infrastucture, RID and
pdc roles and the second the forest wide roles of schema
and domain naming master of the primary domain. This also
contains the global catelog. Now this mac is currently
offline.

With this situation, if i try to add computers to the
primary domain, or assign permissions for shares to
members in the primary domain, i'm not able to do it. The
error message when i try to add a mac. to the primary
domain is --- this server cannot perform the requested
operation, but i'm able to do all these operations on the
child domain. I have made the domain ctlr holding the
domain roles of the primary as the global catelog.


with this scenario, can i seize the the forest level roles
to the domain controller with has the domain roles. Will
this solve the problem? I read in some documentation that
server hosting the infrastructure fsmo role should not be
a global catelog? Is that so?

will siezing the roles help me in any way?


-kellogy
 
H

Herb Martin

I have some queries reg. the role transfer.
I'm in an environment where there is a single primary
domain and one child domain for the primary domain.

One presumes you mean:
Forest with single PARENT domain and 1 CHILD domain.

But you might be talking about Domain CONTROLLERS
so we cannot be sure.
one backup domain ctlr holds the infrastucture, RID and
pdc roles and the second the forest wide roles of schema
and domain naming master of the primary domain. This also
contains the global catelog. Now this mac is currently
offline.

On Win2000 there are NO Backup DCs ("BDC"s) -- only DCs
there is really no PDC either, but one of the DCs holds that
"PDC Emulator" -- one would certainly not refer to that DC
as a BDC.

If you have NT BDCs in that domain, they CANNOT hold
any of these roles.
With this situation, if i try to add computers to the
primary domain, or assign permissions for shares to
members in the primary domain, i'm not able to do it. The
error message when i try to add a mac. to the primary
domain is --- this server cannot perform the requested
operation, but i'm able to do all these operations on the
child domain. I have made the domain ctlr holding the
domain roles of the primary as the global catelog.

For Windows 2000 ALL DCs can accept changes.

If that's not working, you have some other problem, e.g.,
permissions or DNS (finding the servers.)
with this scenario, can i seize the the forest level roles
to the domain controller with has the domain roles. Will
this solve the problem? I read in some documentation that
No -- it's unrelated.

Schema Master is ONLY about "changing the schema"
and Domain Naming Master is about adding/removing
domains to the Forest.
server hosting the infrastructure fsmo role should not be
a global catelog? Is that so?

If you have more than one Domain -- the infrastructure
master straightens out naming inconsticencies between
multiple domains -- (e.g., you have a user Dom1 in a
group on DomA and you rename the user) -- by
comparing itself periodically to a GC. If it's a GC
there won't be any differences -- also note it's mostly
a COSMETIC job.

will siezing the roles help me in any way?

No. Leave the roles alone and fix your real problems.
 
D

Deji Akomolafe

IF you are having problems bringing the original FSMO roles holder back to
the network intact, YES seizing the roles will help you - in fact it is your
ONLY option unless you want to start over.

Moreso, you really don't want your only GC to be away for too long. That's
asking for trouble. Like you've been told before, make more GCs.

HTH
Deji
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top