Fsmo roles

[Guest]

Hi everybody,

I have DC1 which is windows 2000 standard, first DC in the forest(all fsmo
roles), DNS, GC and Exchange 2000 server. I have another windows 2000 std DC2
which is GC and DHCP server. Now, what I want is to transfer dhe fsmo roles
from DC1 to DC2 and the articles I read are a little bit ambiguous(Probablly
for my level of english ;-) )
Microsoft has a recomandation to be connected to a certain DC etc. What I
understood is that if a log on to DC2, start AD Schema mmc and right click,
click operations master and than change it will be the correct way of doing
it. Did I understand well or it is the other way arround?
What would be the consequences of not respectig this recomandation? As
timeframe and load for the servers?

Thans in advance,

Mike

 

[Frank Szita [MSFT]]

You should be able to open the active directory schema mmc on the domain
controller that you want to transfer that role to. The target domain
controller should be displayed. Just click the change button. If you have
problems you may also use the command line utility called ntdsutil.
Procedures are listed in Microsoft Knowledge Base article 255504
(http://support.microsoft.com/?id=255504). Use the command transfer
instead of seize.

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Cary Shultz [A.D. MVP]]

Mike,

There are actually two ways of transferring any of the five FSMO Roles
between Domain Controllers. You can use the GUI ( the various MMCs ) or, as
Frank suggested, you can use that all powerful utility ntdsutil.

I myself prefer ntdsutil but this is a command-line interface ( CLI ) tool
that is a bit hard to understand at first. It is also very powerful and you
must exercise caution when using it. Not necessarily for beginners ( and I
am not saying that you are a beginner! ). Frank was correct in suggesting
that the command should be 'transfer'. There are two possibilities when you
use ntdsutil: transfer and seize. You really do not want to mess around
with the seize command. You would use the seize command only in the event
that the DC that held a role or roles dies a most ungraceful death.
Assuming in that case that you were not be able to transfer the role(s) to
another Domain Controller. So, you have to grab them! And forcefully, at
that. The DC that died can not ever come back to the Domain if you use the
seize command. Otherwise you will have two DCs that 'think' that they hold
the same FSMO Role ( not a pretty picture ).

If you are going to use the MMCs then you would use the Active Directory
Users and Computers MMC to transfer the three Domain-wide FSMO Roles ( PDC
Emulator, RID Master and Infrastructure Master ) and you would use the
Active Directory Domains and Trusts MMC to transfer the Forest-wide Role of
Domain Naming Master. Both of the MMCs are readily available. However, to
transfer the other Forest-wide FSMO Role ( Schema Master ) you have to jump
through a couple of hoops to get the Schema MMC. And this is built that way
so that not just anyone can get to it. You can do a lot of damage!

Here is the MSKB Article on how to use the MMCs to transfer the FSMO Roles:

http://support.microsoft.com/?id=255690

And it is a good idea to actually be doing this from the DC to which you
want to transfer the Roles. So, if you have DC01 and DC02 and DC01 holds
all of the Roles but you want DC02 to hold them all simply log on to DC02
and open up the various MMCs and go for it!

HTH,

Cary

 

[ptwilliams]

Here's a similar article with lots of nice pictures ;-)
-- http://www.msresource.net/content/view/28/47/


There's also a couple of links to other articles and KBs on the subject.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Mike,

There are actually two ways of transferring any of the five FSMO Roles
between Domain Controllers. You can use the GUI ( the various MMCs ) or, as
Frank suggested, you can use that all powerful utility ntdsutil.

I myself prefer ntdsutil but this is a command-line interface ( CLI ) tool
that is a bit hard to understand at first. It is also very powerful and you
must exercise caution when using it. Not necessarily for beginners ( and I
am not saying that you are a beginner! ). Frank was correct in suggesting
that the command should be 'transfer'. There are two possibilities when you
use ntdsutil: transfer and seize. You really do not want to mess around
with the seize command. You would use the seize command only in the event
that the DC that held a role or roles dies a most ungraceful death.
Assuming in that case that you were not be able to transfer the role(s) to
another Domain Controller. So, you have to grab them! And forcefully, at
that. The DC that died can not ever come back to the Domain if you use the
seize command. Otherwise you will have two DCs that 'think' that they hold
the same FSMO Role ( not a pretty picture ).

If you are going to use the MMCs then you would use the Active Directory
Users and Computers MMC to transfer the three Domain-wide FSMO Roles ( PDC
Emulator, RID Master and Infrastructure Master ) and you would use the
Active Directory Domains and Trusts MMC to transfer the Forest-wide Role of
Domain Naming Master. Both of the MMCs are readily available. However, to
transfer the other Forest-wide FSMO Role ( Schema Master ) you have to jump
through a couple of hoops to get the Schema MMC. And this is built that way
so that not just anyone can get to it. You can do a lot of damage!

Here is the MSKB Article on how to use the MMCs to transfer the FSMO Roles:

http://support.microsoft.com/?id=255690

And it is a good idea to actually be doing this from the DC to which you
want to transfer the Roles. So, if you have DC01 and DC02 and DC01 holds
all of the Roles but you want DC02 to hold them all simply log on to DC02
and open up the various MMCs and go for it!

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Paul,

Very nice!

Cary

Here's a similar article with lots of nice pictures ;-)
-- http://www.msresource.net/content/view/28/47/


There's also a couple of links to other articles and KBs on the subject.


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Mike,

There are actually two ways of transferring any of the five FSMO Roles
between Domain Controllers. You can use the GUI ( the various MMCs ) or, as
Frank suggested, you can use that all powerful utility ntdsutil.

I myself prefer ntdsutil but this is a command-line interface ( CLI ) tool
that is a bit hard to understand at first. It is also very powerful and you
must exercise caution when using it. Not necessarily for beginners ( and I
am not saying that you are a beginner! ). Frank was correct in suggesting
that the command should be 'transfer'. There are two possibilities when you
use ntdsutil: transfer and seize. You really do not want to mess around
with the seize command. You would use the seize command only in the event
that the DC that held a role or roles dies a most ungraceful death.
Assuming in that case that you were not be able to transfer the role(s) to
another Domain Controller. So, you have to grab them! And forcefully, at
that. The DC that died can not ever come back to the Domain if you use the
seize command. Otherwise you will have two DCs that 'think' that they hold
the same FSMO Role ( not a pretty picture ).

If you are going to use the MMCs then you would use the Active Directory
Users and Computers MMC to transfer the three Domain-wide FSMO Roles ( PDC
Emulator, RID Master and Infrastructure Master ) and you would use the
Active Directory Domains and Trusts MMC to transfer the Forest-wide Role of
Domain Naming Master. Both of the MMCs are readily available. However, to
transfer the other Forest-wide FSMO Role ( Schema Master ) you have to jump
through a couple of hoops to get the Schema MMC. And this is built that way
so that not just anyone can get to it. You can do a lot of damage!

Here is the MSKB Article on how to use the MMCs to transfer the FSMO Roles:

http://support.microsoft.com/?id=255690

And it is a good idea to actually be doing this from the DC to which you
want to transfer the Roles. So, if you have DC01 and DC02 and DC01 holds
all of the Roles but you want DC02 to hold them all simply log on to DC02
and open up the various MMCs and go for it!

HTH,

Cary



std

 

[ptwilliams]

Thanks!! : )



--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Paul,

Very nice!

Cary