Re: backup FSMO roles

Jorge, I appreciate your time and patience with this. I can find no
one that will discuss it other than to say "that's not supported".

KB875495 really only says that whatever backup/restore you use must
be active directory aware, which NTBackup is. On identical hardware
this KB article and others to me says what I propose is valid.

I have a controlled environment, and I trust the only person that
would be dealing with a restore (myself). It seems in such an event, it
is easier to be careful with the details of what I suggest, than it is
to go through seizing the roles on another DC, and forceably demoting
the original before bringing it back up.

It seems either way you must be careful, so why not choose the simpler
of the two? It even seems that 2003 SP1 introduced some additional
safeguards for dealing with USN Rollback's and such.

I can't justify why imaging + system state wouldn't work in a
controlled environment if you know what you're doing. You really have
to know what you are doing to forceably demote a domain controller and
clean up it's references, as you do for seizing FSMO roles.

I also assume this discussion has been had in Altiris True Image and
Symantec's Ghost support sites as well, which I may try to take a look
at.


Again, thank you for your comments.



"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in
news:uCVlhQb6HHA.5740@xxxxxxxxxxxxxxxxxxxx:

The KB 875495 explains why you shouldn't use these methods to bk the
AD. The problem is that with imaging the AD has no way to see that a
restore was made (unless you do it manually,and you must know what
you're doing otherwise you can be very sorry, no need to do invent
when you can have a safe solution).

Any DC can by FSMO owner at any given time, that's the bewety of
multimaster replication.
If a given DC (FSMO owner) fails for some reason and it's
unrecoverable for some reason, you have the option to seixe the
role(s) to another DC (careful if you seize roles, the failed DC must
not be connected again to the forest or you may end up with a broken
forest, to connect the failed DC again to the forest you must manually
remove AD from that DC).


.

Relevant Pages

  • Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
    ... configuration should work, and would be supported, with communication between different Forest Primary Sites across forest boundaries without trusts, without IBCM and without Native Mode- PKI, although there is still a huge question mark in my opinion because Microsoft seems to have conflicting documentation on exactly what is supported when it comes to Forest to Forest communications. ... They also agreed with me that the best way to implement this is with IBCM, which my client is not agreeable to. ... distribution points are in that domain, and your clients are in Forest2/DomainB, you would create the network access account in DomainA. ... But you might have to do some global/local/universal group things to make sure the DomainA\network access account had permissions on the dps in X and Y. Note that having an additional distribution point in Forest2/DomainB is not supported, because we don't support distribution points across forest boundaries unless they are supporting Internet-based clients. ...
    (microsoft.public.sms.setup)
  • Re: Hn Gibraltar
    ... that I support the AAH!" ... for the origins of bipedalism and have agreed that wading in water can ... Tobias 1995 ³We were all profoundly and unutterably wrong! ... such vines hang from forest trees and would not be ...
    (sci.anthropology.paleo)
  • Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
    ... I called MS presales support and discovered that the ... different Forest Primary Sites across forest boundaries without trusts, ... you would create the network access account in DomainA. ... untrusted domains in theis organization is Internet-Based Client ...
    (microsoft.public.sms.setup)
  • RE: Sharepoint Integration
    ... A suggestion would be to contact Microsoft Product Support Services via ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... <intend to set up another autonomous A/D Resource forest for ...
    (microsoft.public.exchange.admin)
  • No explanations will be french yellow bathrooms.
    ... Just frightening off a volunteer in support of the forest is too ... How does Murad worry so like, ... sorts as usual our shopkeeper after we support in connection with it. ...
    (sci.crypt)