Re: What to do after seizing FSMO Role?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: RHS (RHS_at_discussions.microsoft.com)
Date: 12/29/04 

Date: Wed, 29 Dec 2004 14:31:04 -0800

Thanks Dean, appreciate it.

Robert

"Dean Wells [MVP]" wrote:

> That will do ...
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> RHS wrote:
> > If I have this straight, I seize the role first, then run NTDSutil
> > metadata cleanup.
> > Then I remove any references of the former DC from AD Users and
> > Computers, etc...
> >
> > Thanks much Dean.
> >
> >
> > "Dean Wells [MVP]" wrote:
> >
> >> Great point, I neglected to mention the process of metadata cleanup.
> >> My comment regarding the IM simply meant that the FSMO role itself
> >> imposes no additional requirements once seized.
> >>
> >> I would recommend the use of NTDSUTIL over ADSIEDIT since, although
> >> it is cumbersome, it ensures that the task at hand is completed
> >> correctly (including FRS state).
> >>
> >> With regard to the statement: "you must ensure the old machine never
> >> comes back up without formatting its hard drive", this is FSMO
> >> specific and does not apply here. The IM, as I said, maintains
> >> virtually no state and as such can be brought back on line (where
> >> possible) without any cause for concern ... assuming other
> >> non-related factors are a non-issue, factors such as downtime not
> >> exceeding tombstone lifetime.
> >>
> >> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
> >> introduce the concept of INITSYNC; a requirement that must be met by
> >> all DCs holding FSMO roles. This requirement prevents a DC in
> >> possession of a FSMO role from offering any service at boot time
> >> bound to that role until it has completed a full replication cycle
> >> with one of its direct replication partners. This technique helps
> >> to ensure that 2 DCs do not service the same FSMO role (the
> >> assumption being that the DC from which the old FSMO replicates will
> >> already be aware that the role has moved and will inform the old
> >> FSMO of this fact before it begins to offer those services).
> >>
> >> --
> >> Dean Wells [MVP / Directory Services]
> >> MSEtechnology
> >> [[ Please respond to the Newsgroup only regarding posts ]]
> >> R e m o v e t h e m a s k t o s e n d e m a i l
> >>
> >> Michael D. Ober wrote:
> >>> Yes. Find and remove all references to the former machine. You
> >>> will need to use ADSIEdit to completely remove this server. When
> >>> you sieze a FSMO role, you must ensure the old machine never comes
> >>> back up without formatting its hard drive.
> >>>
> >>> Mike Ober.
> >>>
> >>> "RHS" <RHS@discussions.microsoft.com> wrote in message
> >>> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> >>>> I do not plan on re-introducing the former AD DC back into the
> >>>> network. Do I need to remove any references of it...e.g. AD CU
> >>>> /System/FRS?
> >>>> Or in any other locations where it is referenced.
> >>>> I'm concerned with the event viewer logs displaying unnecessary
> >>>> messages. Thanks much Dean.
> >>>>
> >>>> Robert
> >>>>
> >>>> "Dean Wells [MVP]" wrote:
> >>>>
> >>>>> Nothing further needs to be done when seizing the Infrastructure
> >>>>> FSMO since it maintains virtually no state.
> >>>>>
> >>>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
> >>>>> when running on the same DC.
> >>>>>
> >>>>> --
> >>>>> Dean Wells [MVP / Directory Services]
> >>>>> MSEtechnology
> >>>>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>>>> R e m o v e t h e m a s k t o s e n d e m a i l
> >>>>>
> >>>>> RHS wrote:
> >>>>>> Hi,
> >>>>>> I've got a single domain, two Win2k DC's mixed with some NT
> >>>>>> BDC,s. Previously another Win2k DC was physically removed from
> >>>>>> the network without demoting with DCPromo. It appears that the
> >>>>>> Infrastructure Master was it's only role. I've seen the
> >>>>>> documents regarding using Ntdsutil to seize FSMO roles.
> >>>>>> Once I've done that, is there anything else I need to do?
> >>>>>>
> >>>>>> Also, with a single domain is there a problem with having the
> >>>>>> global catalog DC also hold the Infrastructure Master?
> >>>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
> >>>>>>
> >>>>>> Thanks much,
> >>>>>> Robert
>
>
>

Relevant Pages

  • Re: Why Do Rererences Get Switched?
    ... Browse for your project file for you Data Transfer DLL project file. ... "Robert W." ... I've re-read your first sentence 3 times but don't understand the wording. ... Properties there's a section entitled References Path. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Why Do Rererences Get Switched?
    ... I got over a 1,000 warning ... Desktop references both DataTransfer and DataObjects. ... "Robert W." ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: XP and Pair Programming
    ... >Robert C. Martin wrote: ... >> You might start with Appendix B, and then follow the references. ... "The aim of science is not to open the door to infinite wisdom, ...
    (comp.object)
  • Re: Why Do Rererences Get Switched?
    ... you'll always use the latest copy of the DLL. ... "Robert W." ... Properties there's a section entitled References Path. ... code of DataTransfer. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Why Do Rererences Get Switched?
    ... "Robert W." ... about various system items being defined in multiple places. ... Desktop references both DataTransfer and DataObjects. ...
    (microsoft.public.dotnet.languages.csharp)