Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 14:52:32 -0700
It is a bad idea, no dispute there. But returning DC's with different seized
FSMO's represent different risks. From my research and lab testing PDCe's
are minimal risk. RID Masters such an excessive risk that I would NEVER do
it to a domain I intended to keep in production.
BTW, once brought back on to the network likely any damage has already been
done. Either reformat and rebuild from scratch or dcpromo /foreceremoval
while OFF the network (&do metadata cleanup).
--
/kj
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:e7pFNtmEHHA.4380@xxxxxxxxxxxxxxxxxxxxxxx
It's a bad idea, and a strong case can be made that
it should NEVER be brought back onto the network.
If you DO (and I am not necessarily recommending
this) bring it only, do so ONLY to perform the DCPromo
to make it a non-DC.
"Phillip" <Phillip@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C866DB54-BD06-4FE0-B6AB-497289137F00@xxxxxxxxxxxxxxxx
FSMO transfer question
I have a Native Mode Window 2003 AD (no service pack) network and while
on
vacation the domain controller that holds all of my FSMO roles
experienced a
hardware failure. This server also hosted my DHCP server. Folks DHCP
registrations started to time out so only the PDCe role was transferred
to
another domain controller so DHCP could be installed and authorized on
the
Domain Controller that still worked.
[PDC Emulator has nothing to do with being a
DHCP server, so the above 'reason' ("so...") makes
little sense however.]
My question is:
Now that the hardware has been fixed on the failed server can I turn it
back
on and will it sync with the domain controller which now has the PDCe
role?
No, one of them (the original) must be DCPromo
'cycled' (to non-DC and back.)
Or
Do I have to seize the rest of the FSMO roles to the box the PDCe was
moved
to, re-install windows on the box that is now fixed and join it back to
the
domain and finally promote it to a DC?
You do NOT need to re-install. Just seize the roles
and DCPromo the former role holder.
Optionally (if you like to live dangerously): Bring it
online, do the DCPromo to remove the DC as a DC
and transfer the roles.
The two "masters" will NOT play well on the net
together -- it will generally not give you immediate
and catastrophic problems so you may run into people
who naively tell you that "I did this and it's ok" so
don't believe them.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- Follow-Ups:
- Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- From: Herb Martin
- Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- References:
- Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- From: Herb Martin
- Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Prev by Date: Re: Question about multiple sites for DR
- Next by Date: Re: LastLogon updatable?
- Previous by thread: Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Next by thread: Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Index(es):
Relevant Pages
|
