Standby Operation Master

[Biker Z via WinServerKB.com]

I have 5 DC, in a single domain, abc.com. 3 of the DC are onsite and 2 are on
another location connecting via T1. Only one DC has all the Operation Master
roles, and Global Catalog is enable on all 5 DC. Can someone please explain
or point me to some resources that can tell me step by step instructions to
setup a Standby Operation Master?

Thanks all.

 

[Tomasz Onyszko]

I have 5 DC, in a single domain, abc.com. 3 of the DC are onsite and 2 are on
another location connecting via T1. Only one DC has all the Operation Master
roles, and Global Catalog is enable on all 5 DC. Can someone please explain
or point me to some resources that can tell me step by step instructions to
setup a Standby Operation Master?

There is no possibility to have standby operation master - when DC which
is holding one of FSMO roles fail You have to transfer or seize this
role to another DC. Procedure how to transfer FSMO role is described in
this KB:
http://support.microsoft.com/kb/255504

 

[Guest]

No reason for a standby Operations Master..
If you want to transfer the role to another server you can use ntdsutil to
do so.
Also, if you lose your operations master..you can use ntdsutil to seize the
operation master role to another dc.

You can't have two operations masters in a domain.

 

[Biker Z via WinServerKB.com]

Thanks for the information. That means there is no Standby Operation Master
correct? I was under the impression that you can have two FISMO roles DC. One
more question as I was reading Microsoft determine seizing the operation
master role to another DC is a drastic measure and could hose the AD. Did
anyone went through that procedure and what kind of risk is involve?
My operation master just died, some how I was able to pull the raid
controller and disk and attached toa different server and trasnfer the role.
I was planning seizing the DC but after reading the warning I didn't go
through that procedure.
Just wonderding if anyone had any major issues.

No reason for a standby Operations Master..
If you want to transfer the role to another server you can use ntdsutil to
do so.
Also, if you lose your operations master..you can use ntdsutil to seize the
operation master role to another dc.

You can't have two operations masters in a domain.

I have 5 DC, in a single domain, abc.com. 3 of the DC are onsite and 2 are on
another location connecting via T1. Only one DC has all the Operation Master

[quoted text clipped - 3 lines]

Thanks all.

 

[Tomasz Onyszko]

Thanks for the information. That means there is no Standby Operation Master
correct? I was under the impression that you can have two FISMO roles DC. One
more question as I was reading Microsoft determine seizing the operation
master role to another DC is a drastic measure and could hose the AD. Did
anyone went through that procedure and what kind of risk is involve?
My operation master just died, some how I was able to pull the raid
controller and disk and attached toa different server and trasnfer the role.
I was planning seizing the DC but after reading the warning I didn't go
through that procedure.
Just wonderding if anyone had any major issues.

Seize is a hard operation because You assume that Your DC holding this
role will never be on-line. I've done this operation several times
almost without an issue. Most of the issues is caused by failed DNS
lookup or similar issues

 

[Guest]

I have the same scenario as biker z but i have a ? is it safe to say that you
can transfer roles without seizing them from a dc that is no longer operable

 

[Tomasz Onyszko]

I have the same scenario as biker z but i have a ? is it safe to say that you
can transfer roles without seizing them from a dc that is no longer operable

If this DC which is no longer operable can't be brought back on-line
form backup or through any other repair in its original state You should
seize the role - not transfer it.

Transferring the role is an operation in which synchronization of some
data between the former and new FSMO role holder occurs. When one of
this DCs is not accessible this operation can't be performed correctly.

I think this KB should explain this topic a little for You:
http://support.microsoft.com/kb/223787/

 

[Biker Z via WinServerKB.com]

All

Thanks for your help. I just transfer role to my new DC and everything is
running great. One question i used Ntdsutil.exe to transfer the roles (via
command line) but when I was checking on the GUI it was still pointing to the
same role. I didn't know where to check if the operation is successful or not
and I didn't know any logs that I can monitor for such role transfer
operation. After an hr I went to GUI and then transfer the role and that
worked right away. Has anyone done the role transfer via command line and
any failure or success?

Thanks for the information. That means there is no Standby Operation Master
correct? I was under the impression that you can have two FISMO roles DC. One

[quoted text clipped - 6 lines]

through that procedure.
Just wonderding if anyone had any major issues.

Seize is a hard operation because You assume that Your DC holding this
role will never be on-line. I've done this operation several times
almost without an issue. Most of the issues is caused by failed DNS
lookup or similar issues

 

[Cary Shultz [A.D. MVP]]

Biker Z,

This is a pretty clear situation. There can be only one Domain Controller
per Domain that can hold any of the Domain-wide FSMO Roles ( PDC Emulator,
Infrastructure Master and RID Master ) at a time and there can be only one
Domain Controller per Forest that can hold either of the Forest-wide FSMO
Roles ( Schema Master and Domain Naming Master ).

Stated the other way around, the FSMO Role can be held by only one Domain
Controller at a time.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com