Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 15:59:31 -0600
"kj" <kj@xxxxxxxxxxx> wrote in message
news:uomMZ5mEHHA.1304@xxxxxxxxxxxxxxxxxxxxxxx
It is a bad idea, no dispute there. But returning DC's with different
seized FSMO's represent different risks. From my research and lab testing
PDCe's are minimal risk. RID Masters such an excessive risk that I would
NEVER do it to a domain I intended to keep in production.
We agree in general here.
BTW, once brought back on to the network likely any damage has already
been done.
Actually not. Even the RID master is not likely giving out
(and even less likely duplicating) RIDs immediately since
each DC has a cache of several hundred. (Could vary
in a giant domain however.)
Either reformat and rebuild from scratch or dcpromo /foreceremoval while
OFF the network (&do metadata cleanup).
Reformatting is totally unnecessary here and generally
poor advice.
The DCPromo cycle is sufficient for ALL DC purposes
which is the only issue here.
Better to seize the other roles and do the /forceremoval
as you suggest -- while keeping the old role holder offline.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
--
/kj
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:e7pFNtmEHHA.4380@xxxxxxxxxxxxxxxxxxxxxxx
It's a bad idea, and a strong case can be made that
it should NEVER be brought back onto the network.
If you DO (and I am not necessarily recommending
this) bring it only, do so ONLY to perform the DCPromo
to make it a non-DC.
"Phillip" <Phillip@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C866DB54-BD06-4FE0-B6AB-497289137F00@xxxxxxxxxxxxxxxx
FSMO transfer question
I have a Native Mode Window 2003 AD (no service pack) network and while
on
vacation the domain controller that holds all of my FSMO roles
experienced a
hardware failure. This server also hosted my DHCP server. Folks DHCP
registrations started to time out so only the PDCe role was transferred
to
another domain controller so DHCP could be installed and authorized on
the
Domain Controller that still worked.
[PDC Emulator has nothing to do with being a
DHCP server, so the above 'reason' ("so...") makes
little sense however.]
My question is:
Now that the hardware has been fixed on the failed server can I turn it
back
on and will it sync with the domain controller which now has the PDCe
role?
No, one of them (the original) must be DCPromo
'cycled' (to non-DC and back.)
Or
Do I have to seize the rest of the FSMO roles to the box the PDCe was
moved
to, re-install windows on the box that is now fixed and join it back to
the
domain and finally promote it to a DC?
You do NOT need to re-install. Just seize the roles
and DCPromo the former role holder.
Optionally (if you like to live dangerously): Bring it
online, do the DCPromo to remove the DC as a DC
and transfer the roles.
The two "masters" will NOT play well on the net
together -- it will generally not give you immediate
and catastrophic problems so you may run into people
who naively tell you that "I did this and it's ok" so
don't believe them.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- Follow-Ups:
- References:
- Prev by Date: Preparing Network Connections... forever
- Next by Date: Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Previous by thread: Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Next by thread: Re: FSMO - can I turn on a DC after its PDCe role has been seized?
- Index(es):
Relevant Pages
|
