where's the schema master?!

M

mischko

hello!

two weeks ago i renamed a w2k3 domain. before this, i had to seperate
our w2k-child domain.
now, the w2k3 root-domain is renamed, but in the child-domain is no
schema master (and no schema-admin group ...). dns-master, pdc, rid,
infrastructure master are all here. but no schema master. and i have no
rights to seize it. has somebody any idea how to fix this? how long can
the domain be without this function?!

i don't want to make a new domain, and transfer all users, groups and
computers ... this is very laborious.

can somebody help me?

thanks, michael.
 
H

Herb Martin

mischko said:
hello!

two weeks ago i renamed a w2k3 domain. before this, i had to seperate
our w2k-child domain.
Click to expand...

You cannot (successfully) prune a child domain from it's
parent domain.

They will ALWAYS be in the same forest unless you
uninstall. (With rename they may not be parent child
but they are still in the same forest.)

There is ONLY one Schema Master PER FOREST.
now, the w2k3 root-domain is renamed, but in the child-domain is no
schema master (and no schema-admin group ...).
Click to expand...

Child domains NEVER have the Schema Master UNLESS
you explicitly moved it there from the Root Forest Domain
(the default is the VERY FIRST DC of the Forest.)
dns-master, pdc, rid,
infrastructure master are all here. but no schema master. and i have no
rights to seize it. has somebody any idea how to fix this? how long can
the domain be without this function?!
Click to expand...

You should ONLY have ONE Domain Naming Master also
(for the forest.)
i don't want to make a new domain, and transfer all users, groups and
computers ... this is very laborious.
Click to expand...

There is a PDC Emul, RID and Infrastructure master in
every domain, but only one (each) Schema and Domain Naming
master PER FOREST.
 
M

mischko

You cannot (successfully) prune a child domain from it's
parent domain.
They will ALWAYS be in the same forest unless you
uninstall. (With rename they may not be parent child
but they are still in the same forest.)
Click to expand...
There is ONLY one Schema Master PER FOREST.
Click to expand...

i know ... what's the effect if there's no schema master. is there any
possibility to seize one?
You should ONLY have ONE Domain Naming Master also
(for the forest.)
Click to expand...

i transfered the domain naming master before i renamed the domain. in
the root domain i seized it. (but only the domain naming master - not
the schema master .... don't ask).
There is a PDC Emul, RID and Infrastructure master in
every domain, but only one (each) Schema and Domain Naming
master PER FOREST.
Click to expand...

yes, but what can i do?! making a new one?

thank you!
michael
 
H

Herb Martin

mischko said:
i know ... what's the effect if there's no schema master. is there any
possibility to seize one?
Click to expand...

Your original mail certainly sounded like you expected
a schema master to be in the child domain.

Sure you can Seize the Schema Master but FIRST make
sure you don't have on already.

Roles should ALWAYS be TRANSFERRED (not Seized),
if possible, from the running role holder.

NTDSUtil (roles subarea) can transfer or seize roles.
i transfered the domain naming master before i renamed the domain. in
the root domain i seized it. (but only the domain naming master - not
the schema master .... don't ask).
Click to expand...

Seized or transferred?

You must generally REMOVE forever the original role holder
if you actually did a seize.
yes, but what can i do?! making a new one?
Click to expand...

Seize with NTDSUtil.

Key points when you work with NTDSUtil roles (or also
"metadata cleanup"):

1) You CONNECT to a RUNNING DC

2) You use the running, connected DC to seize a role,
or SELECT a down DC for metadata cleanup.
 
M

mischko

Hi Martin!
Seize with NTDSUtil.
Key points when you work with NTDSUtil roles (or also
"metadata cleanup"):
Click to expand...
1) You CONNECT to a RUNNING DC
Click to expand...
2) You use the running, connected DC to seize a role,
or SELECT a down DC for metadata cleanup.
Click to expand...

to seize a schema master, you need schema-admin rights. in the child
domain, there's no schema admin's group ...
 
H

Herb Martin

mischko said:
Hi Martin!




to seize a schema master, you need schema-admin rights. in the child
domain, there's no schema admin's group ...
Click to expand...

There's no Schema Master either (usually).

Enterprise Admins can place someone (themselves)
in the Schema Admins group -- both groups are on the
Root Forest Domain (i.e., 1st domain in forest.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Active Directory root server problem 1
ADPREP /FORESTPREP (again) 3
Quick design question 2
Schema Not Replicating 2
Seizing the Schema Owner and Domain Role Owner Roles 4
FSMO Advise Sought (Schema Master & Domain Naming Master) 4
Schema Master and Domain Naming Master down 1
Is it safe to seize the Schema Master FSMO Role? 4

Top