Re: FMSO question

---

• From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
• Date: Sun, 29 Oct 2006 02:44:43 +0200

---

http://blogs.dirteam.com/blogs/jorge/archive/2006/07/18/1223.aspx


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"PRMolina" <prmolina@xxxxxxxxx> wrote in message
news:EBE21724-E099-4813-9B01-48CC85B2FD43@xxxxxxxxxxxxxxxx

Well that went easy. DC1 is completely out of the picture now, the domain
is
running on DC2. I have one more follow up question.

I plan on reinstalling DC1 as a domain controller, but I don't want to
rely
on it for anything until I am certain that the random lockups are cured -
even if it means replacing all hardware. So for now DC2 is it.

However, I shouldn't have a dc share the Infrastructure master role and
the
global catalog. Is it alright to share these roles if there is only one
dc
on the domain? Once I bring DC1 is it better to move the GC to it or keep
the GC on DC2 and just move the Infrastructure Master role to it?

"Jorge de Almeida Pinto [MVP - DS]" wrote:

I do say: "install and promote a new DC (make a GC as needed)"

you could also do a FORCE DEMOTION offline and promote after the cleanup
of
the metadata and replication of the cleanup

you cn of course try a normal demotion but I suspect that will not
succeed...


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"PRMolina" <prmolina@xxxxxxxxx> wrote in message
news:0A4D649F-0D3E-40A2-A60F-A928DDB84655@xxxxxxxxxxxxxxxx

Thanks for the help, I think I'm begining to get my head around this
one.

Jorge, when you say disconnect the promoted DC, I assume you mean the
new
DC1 I threw in the mix. Can I just pull the ethernet cable, clean and
reconnect - that doesn't seem right; I would rather not wipe and
reinstall
windows... I'm thinking I should demote it with dcpromo, then delete
it
from
AD, then when AD is clean and running on DC2 rejoin the domain and
repromote
it to be the new DC1. Does that sound reasonable?


"Jorge de Almeida Pinto [MVP - DS]" wrote:

you did not clean the AD metadata of the DC that died as you should!
just deleting the computer account is not enough
see: http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx

in your case I would:
* disconnect the promoted DC
* clean the AD metadata as needed
* seize FSMO roles as needed to another live DC
* install and promote a new DC (make a GC as needed)
* relocate the FSMO roles as needed

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"PRMolina" <prmolina@xxxxxxxxx> wrote in message
news:5477FF3F-D4F4-4996-B5E4-C98626002F46@xxxxxxxxxxxxxxxx

I have two DCs in a Win 2003 AD network, DC1 and DC2. DC1 crashed.
I
removed it from Active Directory by right clicking on it in dsa.msc
and
choosing delete. Then I rebuilt it, naming it DC1 again joined it
to
the
domain and ran dcpromo. Everything works, although its only been a
couple
of
days so give it time.
I started thinking about it, and am wondering who my FMSOs are.
Checked
system log on DC1 and sure enough got an error 16651 "The directory
service
is missing mandatory configuration information, and is unable to
determine
the ownership of floating single-master operation roles". Also
getting
some
warnings in the Directory Services logs in both servers, NTDS 1232
replication errors all relating to an inability to find the server
with
these
roles.
It looks like there are risks if you introduce into a domain two
servers
with these roles, so I would like to keep them on DC1 "just in case"
even
though it has been wiped and reinstalled. This server is still
randomly
locking up on me, more than likely a hardware problem, so I have to
consider
the possibility that it will be out of commission at some point.

Should I just go in and seize the roles onto the new unimproved DC1?

Any advice/comments/sympathetic laughter would be greatly
appreciated!

-Paul

.

---

• References:
  • Re: FMSO question
    • From: Jorge de Almeida Pinto [MVP - DS]
  • Re: FMSO question
    • From: PRMolina
  • Re: FMSO question
    • From: Jorge de Almeida Pinto [MVP - DS]
  • Re: FMSO question
    • From: PRMolina

• Prev by Date: Re: Who deleted computer object?
• Next by Date: Re: Splitting an organisation
• Previous by thread: Re: FMSO question
• Next by thread: Active Directory Exchange Extension error - the specified domain does not exist or could not be contacted
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Core servers ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... INF and RID roles for the child domain be isolated ... (microsoft.public.windows.server.active_directory) Re: Help with Journal Wrap error ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Do the D2 and just wait until the schedule opens ... (microsoft.public.win2000.active_directory) Re: Replication and Preferred Bridgehead ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... with that a DC/GC needs to replicate a NC that is not being ... (microsoft.public.windows.server.active_directory) Re: user security tab ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... (microsoft.public.win2000.active_directory) Re: FMSO question ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... DC1 I threw in the mix. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-10