RID Operations Master problem

[Matt]

Hello,

Does anybody know if it's possible to make the 2nd DC become the
Operation Master for the RID (it already is the Operations Master for
the PDC and Infrastructue) when the PC which was the Operation Master
for RID is dead ?

Thanks for your help
Matt.

 

[Simon Geary]

You can use ntdsutil to seize the RID Master role. Once you do this, don't
bring the original server back online even if you get it repaired.
http://support.microsoft.com/?id=255504

 

[Herb Martin]

You can use ntdsutil to seize the RID Master role. Once you do this, don't
bring the original server back online even if you get it repaired.
http://support.microsoft.com/?id=255504

Heed Simon's warning -- you can bring it online briefly to
DCPromo it (remove AD), but do NOT be fooled by the
fact that things won't immediately fail catastrophically.

A "seized" roll holder will NEVER work correctly (over
time) and you need to "DCPromo cycle it" if you repair it
and wish it to be a DC (again.)

BTW, there are usually two more FSMO roles you didn't
mention, unless this not the first domain in a forest.

 

[Yor Suiris]

Yes, Herb is right about the other Roles. Check out MS Doc 255504 to Seize
Roles. And Doc 255690 to view the Roles. And then Doc 216498 to clean up
Your AD. And good luck.

 

[Matt]

Thanks for your answer!

I will bring back the original server, but I formated it. So in that
case I won't have any problem... right ?

Herb ! you saied that a "seized" roll holder will NEVER work correctly
over time. But if I seize the roll and then make a copy of the DC on
the new PC (that one which have been formated) and finally make that
PC become the Operation Master... will that work ?

Thanks very much for your help

 

[ptwilliams]

Once that machine is reinstalled it's a completely different machine and
will be fine. Just remember to cleanup the Active Directory if you're
unable to perform a clean demotion.

Once the role has been seized to another machine, it will work fine on the
machine that seized it.

Hope this helps

--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________

 

[Herb Martin]

Once that machine is reinstalled it's a completely different machine and
will be fine. Just remember to cleanup the Active Directory if you're
unable to perform a clean demotion.

What Paul says it correct. Once you re-install that is a "new machine"
in terms of the operating system and AD or the domain.

Hardware is not the issue -- the install of the OS is.

However, in this particulary case, even REMOVING AD and reinstalling
it (run DCPromo twice) is sufficient. You don't even have to re-install the
OS.

It's a "new DC."

I refer to this as a "DCPromo cycle".

Once the role has been seized to another machine, it will work fine on the
machine that seized it.

Yes, unless the old role holder (never re-installed nor DCPromo) is too.

 

[Matt]

Thank you guys

I did what you said.
Althought I get some errors messages when I sized the roles, everythings works !

I also had to setup the ADSIEdit to clean up the AD.

Thanks again
Matthew

 

[Clavien Matthieu]

Hello guys

I've got another type of problem now... I've probably missed to make
some changes.

I had my two DC (server1 and server2) and I change the Operations
Master RID, PDC and Infrastructure to server2.
At this moment I probably missed to make some other changes.
For some reasons, two days later I had to restart the server which was
the Operation Master and I got this message "The configuration
information describing this enterprise is not available. The server is
not operational." when I tried to open the AD Users and Computers.

Any idea ?

 

[Herb Martin]

Hello guys

I've got another type of problem now... I've probably missed to make
some changes.

I had my two DC (server1 and server2) and I change the Operations
Master RID, PDC and Infrastructure to server2.
At this moment I probably missed to make some other changes.

Did you use the GUI, or otherwise ensure that you "TRANSFERRED"
the roles?

If you used NTDSUtil to "seize" the role while the other DC was down,
then you need to REMOVE AD from the (down) old role holder and
then you can do another DCPromo to put it back.

"DCPromo cycle" is the term I coined for this action.

For some reasons, two days later I had to restart the server which was
the Operation Master and I got this message "The configuration
information describing this enterprise is not available. The server is
not operational." when I tried to open the AD Users and Computers.

The other (main) reason for such messages is that you DNS is screwed
up in some way.

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS client NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.


--
Herb Martin

Any idea ?

(e-mail address removed) (Matt) wrote in message

too.

 

[Matt]

I think I found the problem, but I don't have any clue.
I think the problem is that my new DC could not copy the global
catalog.
I seized the roles on my new DC and connect it to the old domain
controller, so I recovered the data. But every time I reboot my new DC
I lost everything !

Do you think that if I remove the global catalog on my old DC and
define my new DC as global catalog that will resolve my problem ?

Thank for your help.
Matthieu Clavien

 

[Herb Martin]

I think I found the problem, but I don't have any clue.
I think the problem is that my new DC could not copy the global
catalog.
I seized the roles on my new DC and connect it to the old domain
controller, so I recovered the data. But every time I reboot my new DC
I lost everything !

Do you think that if I remove the global catalog on my old DC and
define my new DC as global catalog that will resolve my problem ?

Just the latter -- make the New DC a GC in addition -- you can
have as many as you want.

You really need to DC(un)Promo that old DC if you truly "Seized"
the roles -- hopefully you only "transferred them.