Re: Demote 1st DC Error
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 02/14/05
- Next message: Allen Firouz: "RE: Exporting/Importing Users and Groups"
- Previous message: JD: "Re: Global Catalog"
- In reply to: Don Wilwol: "Re: Demote 1st DC Error"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 14 Feb 2005 21:00:26 -0000
I totally agree that it's best to move the roles manually -this way you know
exactly where they're going and are in total control. It's just there in
case you forget, or don't need to worry about it, i.e. two or three DCs in a
single site ;-)
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/ "Don Wilwol" <donwilwol@yahoo.com> wrote in message news:OaPqMoqEFHA.624@TK2MSFTNGP15.phx.gbl... That's what I like about this business, the more you learn, the more you realize how much you don't know. Maybe its because I just always transferred the roles first. That way I know where they are. I'd still suggest transferring the roles manually. It should solve the initial problem also. If the DC still can be found, then its most likely a DNS issue. thanks dw Don Wilwol Blog - http://spaces.msn.com/members/wilwol/ Web - http://capital.net/~wilwol/dw.htm DonWilwol@yahoo.com "ptwilliams" <ptw2001@hotmail.com.donotspam> wrote in message news:010CFC61-E4FF-45F1-801F-CAC65A2C9435@microsoft.com... > Hi Don, > > I'm sorry but I have to disagree. I've read that this is the case, and > I've > tested this in a Virtual environment and it *is* the case. > > When you run dcpromo on a DC that holds any FSMO roles, that DC writes to > the operation attribute "GiveAwayAllFsmoRoles" and the roles are > transferred > based on a standard DNS call. Like I said earlier, this is almost random > -but not quite -netmask ordering and round-robin play a part in this; as > does > the domain in which the DC resides (in a multi-domain scenario) and > sites -it > tries to find a DC in the same site. > > I'll back this up with a KB. > > The following paragraph is taken from this KB: > -- http://support.microsoft.com/kb/223787 > > When a domain controller is demoted, the operational attribute > "GiveAwayAllFsmoRoles" is written, which triggers the domain controller to > locate other domain controllers to offload any roles it currently owns. > Windows 2000 determines which roles the domain controller being demoted > currently owns and locates a suitable domain controller by following these > rules: > 1. Locate a server in the same site. > 2. Locate a server to which there is RPC connectivity. > 3. Use a server over an asynchronous transport (such as SMTP). > > In all transfers, if the role is a domain-specific role, the role can be > moved only to another domain controller in the same domain. Otherwise, any > domain controller in the enterprise is a candidate. > > > I've not tested this on a 2003 DC yet, but am not aware of MS changing > this > functionallity. I will be testing it soon... > > > -- > > Paul Williams > > http://www.msresource.net/ > http://forums.msresource.net/ > > > "Don Wilwol" wrote: > >> Sorry dude! >> If we are talking about the same thing........ the Microsoft Active >> Directory "FSMO roles". The Flexible Single Master Operations roles (or >> Operations masters) that are on Microsoft's Active Directory Domain >> Controllers, they have never transferred automatically. You MUST either >> transfer them or seize them. >> >> -- >> Hope it helps........... >> >> dw >> >> Don Wilwol >> http://spaces.msn.com/members/wilwol/ >> >> >> "ptwilliams" <ptw2001@hotmail.com> wrote in message >> news:u$L$HqOEFHA.228@tk2msftngp13.phx.gbl... >> > Since when do the roles not transfer automatically? Is this a bug in >> > 2003? >> > >> > The roles *do* transfer automatically, it's just that they do so in an >> > *almost* random order, and most of us recommend that you do it >> > manually. >> > >> > p.s. Nice blog!! >> > >> > >> > -- >> > >> > Paul Williams >> > >> > http://www.msresource.net/ >> > http://forums.msresource.net/ >> > >> > "Don Wilwol" <wilwol@capital.net> wrote in message >> > news:%23Cho1$HEFHA.1264@TK2MSFTNGP12.phx.gbl... >> > The roles do not transfer automatically. You must transfer the roles to >> > the >> > new server. I have an article post on my blog, or you can look in the >> > W2k3 >> > help files for step by steps to transfer the five fsmo roles. Make sure >> > DNS >> > and WINS is also not on the server you are demoting. Make sure all >> > machines >> > are pointed to a running DNS/WINS server. You should then be able to >> > demote >> > the first one. >> > >> > -- >> > Hope it helps........... >> > >> > dw >> > >> > Don Wilwol >> > http://spaces.msn.com/members/wilwol/ >> > >> > >> > "pprice" <pprice@discussions.microsoft.com> wrote in message >> > news:7853395C-3C5D-4743-A390-5632F704B66C@microsoft.com... >> >>I have just migrated from NT 4.0 domain to 2003 Server Active Directory >> >> Domain. I used an "temporary" server to establish the new domain. >> >> (installed NT server and made it the primary DC.) I then upgraded the >> >> temporary server to 2003. After it was up and funtioning properly, I >> >> added >> >> my new, permanent 2003 server to the network and added DNS and ran >> >> dcpromo. >> >> It is up and funcitoning properly. >> >> >> >> My problem is when I try to demote the "temporary" server some of the >> >> roles >> >> transfered to the permanent server, but I get an error as follows: >> >> >> >> The operation failed because: >> >> >> >> Activbe directory coul nto find another domain controller to transfer >> >> the >> >> remaining data in directory partition >> >> DC=ComainDnsZones,DC-ice_midwest,DC=com. >> >> >> >> "The specified domain either does not exits or could not be >> >> contacted." >> >> >> >> Any ideas how to resolve the issue and successfull demote the >> >> temporary >> >> CD? >> > >> > >> > >> >> >>
- Next message: Allen Firouz: "RE: Exporting/Importing Users and Groups"
- Previous message: JD: "Re: Global Catalog"
- In reply to: Don Wilwol: "Re: Demote 1st DC Error"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
