Is it safe to seize the Schema Master FSMO Role?

C

Corbin O'Reilly

Hi everyone. OK here is the situation. One of my new clients currently has
three Windows 2000 domain controllers: Server2, Server3, and Server4. A few
years ago the domain controller that was the Schema Master, Server1, had its
hard disk fail and was completely lost. They built a new server called
Server4 and promoted it to a domain controller. The reference to Server1 is
still in Active Directory because it was not properly removed using DCPROMO.
OK this is where the problem comes in. They want to upgrade to Exchange
Server 2003. In order to add Exchange 2003 to the network, changes must be
made to the Schema. In Active Directory the long dead Server1 is still
listed as the Schema Master. My question is should I use one of the other
domain controllers to seize the Schema Master role? Is is safe to do this?
Will it cause any problems? Thanks for the help.
 
D

Doug Frisk

Corbin O'Reilly said:
Hi everyone. OK here is the situation. One of my new clients currently has
three Windows 2000 domain controllers: Server2, Server3, and Server4. A
few years ago the domain controller that was the Schema Master, Server1,
had its hard disk fail and was completely lost. They built a new server
called Server4 and promoted it to a domain controller. The reference to
Server1 is still in Active Directory because it was not properly removed
using DCPROMO.
OK this is where the problem comes in. They want to upgrade to Exchange
Server 2003. In order to add Exchange 2003 to the network, changes must be
made to the Schema. In Active Directory the long dead Server1 is still
listed as the Schema Master. My question is should I use one of the other
domain controllers to seize the Schema Master role? Is is safe to do this?
Will it cause any problems? Thanks for the help.
Click to expand...

Totally safe. No potential problems. The schema master role is simply a
flag that says which DC can update the schema.

You will probably want to clean up the metadata from server 1 though. If
the new Schema Master would want to set up replication from server 1,
forestprep will fail.
 
C

Cary Shultz [A.D. MVP]

And to do this Corbin would need to make use of ntdsutil and follow this
MSKB Article:

http://support.microsoft.com/?id=216498

Corbin, it is essential that you follow these steps to the letter. And,
please avoid the mistake that a lot of newbies make ( made it myself a long
time ago ) in that you bind ( okay, this 'term' means to 'connect to' ) to
an existing Domain Controller ( Server2, Server3 or Server4 ) and not to the
Domain Controller that you are attempting to remove ( Server1 ). A lot of
people make this mistake and are then given an error message towards the end
( as stated in the MSKB Article in both step 5 and step 15 ).

You will also want to use ADSIEdit - as mentioned in the Article. I would
suggest that you install the Support Tools - if you have not already ( I am
guessing that you have ). If you have not - or even if you have - please
make sure that you install the Support Tools from the Service Pack CD (
Support | Tools folder ). The Support Tools from the Server CD are older
versions and there were some bugs.

Oh, go ahead and install the Support Tools on all of your Servers - Domain
Controllers and Member Servers alike.

Also, take a look at repadmin /showconn and repadmin /showreps.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
H

Herb Martin

Corbin O'Reilly said:
Hi everyone. OK here is the situation. One of my new clients currently has
three Windows 2000 domain controllers: Server2, Server3, and Server4. A few
years ago the domain controller that was the Schema Master, Server1, had its
hard disk fail and was completely lost.
Click to expand...

Then it is safe to seize the roles it had.
They built a new server called
Server4 and promoted it to a domain controller. The reference to Server1 is
still in Active Directory because it was not properly removed using DCPROMO.
OK this is where the problem comes in. They want to upgrade to Exchange
Server 2003. In order to add Exchange 2003 to the network, changes must be
made to the Schema. In Active Directory the long dead Server1 is still
listed as the Schema Master. My question is should I use one of the other
domain controllers to seize the Schema Master role? Is is safe to do this?
Will it cause any problems? Thanks for the help.
Click to expand...

Never seize a role if you plan on returning (fixing etc)
the previous role holder to the net as a DC.

If you seize a role and the previous holder is returned
to the network, it needs to be "DCPromo 'cycled'"
(DCPromo to non-DC, optionally DCPromo back as a NEW DC.)

If you forego the above your AD will not fail catastrophically
but it will likely experience spurious errors that are difficult
to isolate.

But since your role holder is lost forever there is NO
problem in seizing it.

You might also remove any "dead DCs/Domains" while you
are in NTDSUtil....

Google:

[ ntdsutil "metadata cleanup" remove DC domain ]

You CONNECT to a working DC.
You SELECT a dead DC or Domain (for the working on to remove)
 
C

Corbin O'Reilly

I seized the Schema Master FSMO role and everything went fine. No problems.
Thanks again. Corbin.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event 1586 on a Domain Controller 1
Unable to seize FSMO Roles 8
seize schema master 8
FSMO (Domain Naming and Schema owner) 4
How Do I move the "DOMAIN ROLE OWNER" TO ANOTHER DC? 0
FSMO Seize with two site forrest 3
FSMO question 3
Schema, Domain Naming Master is down due to hardware failure. Implications in case I seize the roles 11

Top