vineri, 8 ianuarie 2016

Seizing FSMO Roles

In case of disaster or DC failure how can I transfer (seize) FSMO Roles from one DC to another?
The five FSMO roles are:
Schema master – Forest-wide and one per forest.
Domain naming master – Forest-wide and one per forest.
RID master – Domain-specific and one for each domain.
PDC – PDC Emulator is domain-specific and one for each domain.
Infrastructure master – Domain-specific and one for each domain.
If a DC become unreliable, try to get it back online and transfer the FSMO roles to a reliable DC. If is not possible seize FSMO role if original holder is not connected to network. After seize a FSMO role never connect original server to network.
What will happen if you do not preform seize in time? Well…depends:
FSMO Role: Schema Master – you will not be able to extend schema. Usually in short term nobody will notice a missing of Schema Master.
FSMO Role: Domain Naming – if you do not need to add or remove a DC, you will not miss this role
FSMO Role: RID – is possible to have on existing DC enough unused RIDs to last sometime, unless you are create many objects in AD (users, computers)
FSMO Role: PDC Emulator – you will miss this role very soon. There will be no time synchronization in the domain, you will have problem to change or troubleshoot group policies and password changes.
FSMO Role: Infrastructure – if you have multiple domains group membership may be incomplete.

Moving roles using Ntdsutil:
(using Ntdsutil utility incorrectly can damage your AD)
1. On any domain controller, run command prompt as admin and start Ntdsutil
2. Type: roles and press ENTER
3. Type connections, and press ENTER
4. Type connect to server <servername>, where <servername> is the name of domain controller you want to use, and press ENTER
5. Type q and press ENTER
6. Type seize <role>, where <role> is the role you want to seize. For example seize PDC
        Options for roles are:
-   Seize domain naming master (if you are using windows server 208 and 2012 use seize naming master otherwise you will get an error message)
-  Seize infrastructure master
-  Seize PDC
-  Seize RID master
-  Seize Schema master

During seizure of the relative ID (RID) operations master role, the current role holder attempts to synchronize with its replication partners. If it cannot establish a connection with a replication partner during the seizure operation, it displays a warning and asks for confirmation that you want the seizure of the role to proceed. Click Yes to proceed.

Publicat de la

Niciun comentariu:

Trimiteți un comentariu

Abonați-vă la: Postare comentarii (Atom)

Popular Posts