What to do after seizing FSMO Role?
Tags:
- Domain
- Infrastructure
- Active Directory
-
Windows
Last response: in Windows 2000/NT
Anonymous
December 29, 2004 1:17:02 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hi,
I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
Previously another Win2k DC was physically removed from the network without
demoting with DCPromo. It appears that the Infrastructure Master was it's
only role. I've seen the documents regarding using Ntdsutil to seize FSMO
roles.
Once I've done that, is there anything else I need to do?
Also, with a single domain is there a problem with having the global catalog
DC also hold the Infrastructure Master?
It's a RAID 5 machine versus my second AD DC being a pc clone.
Thanks much,
Robert
Hi,
I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
Previously another Win2k DC was physically removed from the network without
demoting with DCPromo. It appears that the Infrastructure Master was it's
only role. I've seen the documents regarding using Ntdsutil to seize FSMO
roles.
Once I've done that, is there anything else I need to do?
Also, with a single domain is there a problem with having the global catalog
DC also hold the Infrastructure Master?
It's a RAID 5 machine versus my second AD DC being a pc clone.
Thanks much,
Robert
More about : seizing fsmo role
Anonymous
December 29, 2004 4:21:23 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Nothing further needs to be done when seizing the Infrastructure FSMO
since it maintains virtually no state.
In a single domain, the Infrastructure FSMO and GC ARE compatible when
running on the same DC.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
RHS wrote:
> Hi,
> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> Previously another Win2k DC was physically removed from the network
> without demoting with DCPromo. It appears that the Infrastructure
> Master was it's only role. I've seen the documents regarding using
> Ntdsutil to seize FSMO roles.
> Once I've done that, is there anything else I need to do?
>
> Also, with a single domain is there a problem with having the global
> catalog DC also hold the Infrastructure Master?
> It's a RAID 5 machine versus my second AD DC being a pc clone.
>
> Thanks much,
> Robert
Nothing further needs to be done when seizing the Infrastructure FSMO
since it maintains virtually no state.
In a single domain, the Infrastructure FSMO and GC ARE compatible when
running on the same DC.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
RHS wrote:
> Hi,
> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> Previously another Win2k DC was physically removed from the network
> without demoting with DCPromo. It appears that the Infrastructure
> Master was it's only role. I've seen the documents regarding using
> Ntdsutil to seize FSMO roles.
> Once I've done that, is there anything else I need to do?
>
> Also, with a single domain is there a problem with having the global
> catalog DC also hold the Infrastructure Master?
> It's a RAID 5 machine versus my second AD DC being a pc clone.
>
> Thanks much,
> Robert
Anonymous
December 29, 2004 4:21:24 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I do not plan on re-introducing the former AD DC back into the network.
Do I need to remove any references of it...e.g. AD CU /System/FRS?
Or in any other locations where it is referenced.
I'm concerned with the event viewer logs displaying unnecessary messages.
Thanks much Dean.
Robert
"Dean Wells [MVP]" wrote:
> Nothing further needs to be done when seizing the Infrastructure FSMO
> since it maintains virtually no state.
>
> In a single domain, the Infrastructure FSMO and GC ARE compatible when
> running on the same DC.
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> RHS wrote:
> > Hi,
> > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > Previously another Win2k DC was physically removed from the network
> > without demoting with DCPromo. It appears that the Infrastructure
> > Master was it's only role. I've seen the documents regarding using
> > Ntdsutil to seize FSMO roles.
> > Once I've done that, is there anything else I need to do?
> >
> > Also, with a single domain is there a problem with having the global
> > catalog DC also hold the Infrastructure Master?
> > It's a RAID 5 machine versus my second AD DC being a pc clone.
> >
> > Thanks much,
> > Robert
>
>
>
I do not plan on re-introducing the former AD DC back into the network.
Do I need to remove any references of it...e.g. AD CU /System/FRS?
Or in any other locations where it is referenced.
I'm concerned with the event viewer logs displaying unnecessary messages.
Thanks much Dean.
Robert
"Dean Wells [MVP]" wrote:
> Nothing further needs to be done when seizing the Infrastructure FSMO
> since it maintains virtually no state.
>
> In a single domain, the Infrastructure FSMO and GC ARE compatible when
> running on the same DC.
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> RHS wrote:
> > Hi,
> > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > Previously another Win2k DC was physically removed from the network
> > without demoting with DCPromo. It appears that the Infrastructure
> > Master was it's only role. I've seen the documents regarding using
> > Ntdsutil to seize FSMO roles.
> > Once I've done that, is there anything else I need to do?
> >
> > Also, with a single domain is there a problem with having the global
> > catalog DC also hold the Infrastructure Master?
> > It's a RAID 5 machine versus my second AD DC being a pc clone.
> >
> > Thanks much,
> > Robert
>
>
>
Related resources
- Is it safe to seize the Schema Master FSMO Role? - Forum
- FSMO Seize with two site forrest - Forum
- seizing master roles and GC - Forum
- FSMO Roles - Forum
- Error Transfering FSMO roles - Forum
Anonymous
December 29, 2004 4:21:25 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Yes. Find and remove all references to the former machine. You will need
to use ADSIEdit to completely remove this server. When you sieze a FSMO
role, you must ensure the old machine never comes back up without formatting
its hard drive.
Mike Ober.
"RHS" <RHS@discussions.microsoft.com> wrote in message
news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> I do not plan on re-introducing the former AD DC back into the network.
> Do I need to remove any references of it...e.g. AD CU /System/FRS?
> Or in any other locations where it is referenced.
> I'm concerned with the event viewer logs displaying unnecessary messages.
> Thanks much Dean.
>
> Robert
>
> "Dean Wells [MVP]" wrote:
>
> > Nothing further needs to be done when seizing the Infrastructure FSMO
> > since it maintains virtually no state.
> >
> > In a single domain, the Infrastructure FSMO and GC ARE compatible when
> > running on the same DC.
> >
> > --
> > Dean Wells [MVP / Directory Services]
> > MSEtechnology
> > [[ Please respond to the Newsgroup only regarding posts ]]
> > R e m o v e t h e m a s k t o s e n d e m a i l
> >
> > RHS wrote:
> > > Hi,
> > > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > > Previously another Win2k DC was physically removed from the network
> > > without demoting with DCPromo. It appears that the Infrastructure
> > > Master was it's only role. I've seen the documents regarding using
> > > Ntdsutil to seize FSMO roles.
> > > Once I've done that, is there anything else I need to do?
> > >
> > > Also, with a single domain is there a problem with having the global
> > > catalog DC also hold the Infrastructure Master?
> > > It's a RAID 5 machine versus my second AD DC being a pc clone.
> > >
> > > Thanks much,
> > > Robert
> >
> >
> >
>
Yes. Find and remove all references to the former machine. You will need
to use ADSIEdit to completely remove this server. When you sieze a FSMO
role, you must ensure the old machine never comes back up without formatting
its hard drive.
Mike Ober.
"RHS" <RHS@discussions.microsoft.com> wrote in message
news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> I do not plan on re-introducing the former AD DC back into the network.
> Do I need to remove any references of it...e.g. AD CU /System/FRS?
> Or in any other locations where it is referenced.
> I'm concerned with the event viewer logs displaying unnecessary messages.
> Thanks much Dean.
>
> Robert
>
> "Dean Wells [MVP]" wrote:
>
> > Nothing further needs to be done when seizing the Infrastructure FSMO
> > since it maintains virtually no state.
> >
> > In a single domain, the Infrastructure FSMO and GC ARE compatible when
> > running on the same DC.
> >
> > --
> > Dean Wells [MVP / Directory Services]
> > MSEtechnology
> > [[ Please respond to the Newsgroup only regarding posts ]]
> > R e m o v e t h e m a s k t o s e n d e m a i l
> >
> > RHS wrote:
> > > Hi,
> > > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > > Previously another Win2k DC was physically removed from the network
> > > without demoting with DCPromo. It appears that the Infrastructure
> > > Master was it's only role. I've seen the documents regarding using
> > > Ntdsutil to seize FSMO roles.
> > > Once I've done that, is there anything else I need to do?
> > >
> > > Also, with a single domain is there a problem with having the global
> > > catalog DC also hold the Infrastructure Master?
> > > It's a RAID 5 machine versus my second AD DC being a pc clone.
> > >
> > > Thanks much,
> > > Robert
> >
> >
> >
>
Anonymous
December 29, 2004 4:21:26 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
That former server will never be on the network again (already formatted).
How risky is it to run ADSIEdit? Is it really necessary?
MS documentation (Q283595) claims that it is run when you want to return a
DC that previously owned one or more roles of the operations master to the
same network without causing conflict with any new role holder of the
operations master.
This server will never, ever be returned to the network.
"Michael D. Ober" wrote:
> Yes. Find and remove all references to the former machine. You will need
> to use ADSIEdit to completely remove this server. When you sieze a FSMO
> role, you must ensure the old machine never comes back up without formatting
> its hard drive.
>
> Mike Ober.
>
> "RHS" <RHS@discussions.microsoft.com> wrote in message
> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> > I do not plan on re-introducing the former AD DC back into the network.
> > Do I need to remove any references of it...e.g. AD CU /System/FRS?
> > Or in any other locations where it is referenced.
> > I'm concerned with the event viewer logs displaying unnecessary messages.
> > Thanks much Dean.
> >
> > Robert
> >
> > "Dean Wells [MVP]" wrote:
> >
> > > Nothing further needs to be done when seizing the Infrastructure FSMO
> > > since it maintains virtually no state.
> > >
> > > In a single domain, the Infrastructure FSMO and GC ARE compatible when
> > > running on the same DC.
> > >
> > > --
> > > Dean Wells [MVP / Directory Services]
> > > MSEtechnology
> > > [[ Please respond to the Newsgroup only regarding posts ]]
> > > R e m o v e t h e m a s k t o s e n d e m a i l
> > >
> > > RHS wrote:
> > > > Hi,
> > > > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > > > Previously another Win2k DC was physically removed from the network
> > > > without demoting with DCPromo. It appears that the Infrastructure
> > > > Master was it's only role. I've seen the documents regarding using
> > > > Ntdsutil to seize FSMO roles.
> > > > Once I've done that, is there anything else I need to do?
> > > >
> > > > Also, with a single domain is there a problem with having the global
> > > > catalog DC also hold the Infrastructure Master?
> > > > It's a RAID 5 machine versus my second AD DC being a pc clone.
> > > >
> > > > Thanks much,
> > > > Robert
> > >
> > >
> > >
> >
>
>
>
>
That former server will never be on the network again (already formatted).
How risky is it to run ADSIEdit? Is it really necessary?
MS documentation (Q283595) claims that it is run when you want to return a
DC that previously owned one or more roles of the operations master to the
same network without causing conflict with any new role holder of the
operations master.
This server will never, ever be returned to the network.
"Michael D. Ober" wrote:
> Yes. Find and remove all references to the former machine. You will need
> to use ADSIEdit to completely remove this server. When you sieze a FSMO
> role, you must ensure the old machine never comes back up without formatting
> its hard drive.
>
> Mike Ober.
>
> "RHS" <RHS@discussions.microsoft.com> wrote in message
> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> > I do not plan on re-introducing the former AD DC back into the network.
> > Do I need to remove any references of it...e.g. AD CU /System/FRS?
> > Or in any other locations where it is referenced.
> > I'm concerned with the event viewer logs displaying unnecessary messages.
> > Thanks much Dean.
> >
> > Robert
> >
> > "Dean Wells [MVP]" wrote:
> >
> > > Nothing further needs to be done when seizing the Infrastructure FSMO
> > > since it maintains virtually no state.
> > >
> > > In a single domain, the Infrastructure FSMO and GC ARE compatible when
> > > running on the same DC.
> > >
> > > --
> > > Dean Wells [MVP / Directory Services]
> > > MSEtechnology
> > > [[ Please respond to the Newsgroup only regarding posts ]]
> > > R e m o v e t h e m a s k t o s e n d e m a i l
> > >
> > > RHS wrote:
> > > > Hi,
> > > > I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> > > > Previously another Win2k DC was physically removed from the network
> > > > without demoting with DCPromo. It appears that the Infrastructure
> > > > Master was it's only role. I've seen the documents regarding using
> > > > Ntdsutil to seize FSMO roles.
> > > > Once I've done that, is there anything else I need to do?
> > > >
> > > > Also, with a single domain is there a problem with having the global
> > > > catalog DC also hold the Infrastructure Master?
> > > > It's a RAID 5 machine versus my second AD DC being a pc clone.
> > > >
> > > > Thanks much,
> > > > Robert
> > >
> > >
> > >
> >
>
>
>
>
Anonymous
December 29, 2004 6:11:18 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Great point, I neglected to mention the process of metadata cleanup. My
comment regarding the IM simply meant that the FSMO role itself imposes
no additional requirements once seized.
I would recommend the use of NTDSUTIL over ADSIEDIT since, although it
is cumbersome, it ensures that the task at hand is completed correctly
(including FRS state).
With regard to the statement: "you must ensure the old machine never
comes back up without formatting its hard drive", this is FSMO specific
and does not apply here. The IM, as I said, maintains virtually no
state and as such can be brought back on line (where possible) without
any cause for concern ... assuming other non-related factors are a
non-issue, factors such as downtime not exceeding tombstone lifetime.
Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
introduce the concept of INITSYNC; a requirement that must be met by all
DCs holding FSMO roles. This requirement prevents a DC in possession of
a FSMO role from offering any service at boot time bound to that role
until it has completed a full replication cycle with one of its direct
replication partners. This technique helps to ensure that 2 DCs do not
service the same FSMO role (the assumption being that the DC from which
the old FSMO replicates will already be aware that the role has moved
and will inform the old FSMO of this fact before it begins to offer
those services).
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Michael D. Ober wrote:
> Yes. Find and remove all references to the former machine. You will
> need to use ADSIEdit to completely remove this server. When you
> sieze a FSMO role, you must ensure the old machine never comes back
> up without formatting its hard drive.
>
> Mike Ober.
>
> "RHS" <RHS@discussions.microsoft.com> wrote in message
> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
>> I do not plan on re-introducing the former AD DC back into the
>> network. Do I need to remove any references of it...e.g. AD CU
>> /System/FRS?
>> Or in any other locations where it is referenced.
>> I'm concerned with the event viewer logs displaying unnecessary
>> messages. Thanks much Dean.
>>
>> Robert
>>
>> "Dean Wells [MVP]" wrote:
>>
>>> Nothing further needs to be done when seizing the Infrastructure
>>> FSMO since it maintains virtually no state.
>>>
>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
>>> when running on the same DC.
>>>
>>> --
>>> Dean Wells [MVP / Directory Services]
>>> MSEtechnology
>>> [[ Please respond to the Newsgroup only regarding posts ]]
>>> R e m o v e t h e m a s k t o s e n d e m a i l
>>>
>>> RHS wrote:
>>>> Hi,
>>>> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
>>>> Previously another Win2k DC was physically removed from the network
>>>> without demoting with DCPromo. It appears that the Infrastructure
>>>> Master was it's only role. I've seen the documents regarding using
>>>> Ntdsutil to seize FSMO roles.
>>>> Once I've done that, is there anything else I need to do?
>>>>
>>>> Also, with a single domain is there a problem with having the
>>>> global catalog DC also hold the Infrastructure Master?
>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
>>>>
>>>> Thanks much,
>>>> Robert
Great point, I neglected to mention the process of metadata cleanup. My
comment regarding the IM simply meant that the FSMO role itself imposes
no additional requirements once seized.
I would recommend the use of NTDSUTIL over ADSIEDIT since, although it
is cumbersome, it ensures that the task at hand is completed correctly
(including FRS state).
With regard to the statement: "you must ensure the old machine never
comes back up without formatting its hard drive", this is FSMO specific
and does not apply here. The IM, as I said, maintains virtually no
state and as such can be brought back on line (where possible) without
any cause for concern ... assuming other non-related factors are a
non-issue, factors such as downtime not exceeding tombstone lifetime.
Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
introduce the concept of INITSYNC; a requirement that must be met by all
DCs holding FSMO roles. This requirement prevents a DC in possession of
a FSMO role from offering any service at boot time bound to that role
until it has completed a full replication cycle with one of its direct
replication partners. This technique helps to ensure that 2 DCs do not
service the same FSMO role (the assumption being that the DC from which
the old FSMO replicates will already be aware that the role has moved
and will inform the old FSMO of this fact before it begins to offer
those services).
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Michael D. Ober wrote:
> Yes. Find and remove all references to the former machine. You will
> need to use ADSIEdit to completely remove this server. When you
> sieze a FSMO role, you must ensure the old machine never comes back
> up without formatting its hard drive.
>
> Mike Ober.
>
> "RHS" <RHS@discussions.microsoft.com> wrote in message
> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
>> I do not plan on re-introducing the former AD DC back into the
>> network. Do I need to remove any references of it...e.g. AD CU
>> /System/FRS?
>> Or in any other locations where it is referenced.
>> I'm concerned with the event viewer logs displaying unnecessary
>> messages. Thanks much Dean.
>>
>> Robert
>>
>> "Dean Wells [MVP]" wrote:
>>
>>> Nothing further needs to be done when seizing the Infrastructure
>>> FSMO since it maintains virtually no state.
>>>
>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
>>> when running on the same DC.
>>>
>>> --
>>> Dean Wells [MVP / Directory Services]
>>> MSEtechnology
>>> [[ Please respond to the Newsgroup only regarding posts ]]
>>> R e m o v e t h e m a s k t o s e n d e m a i l
>>>
>>> RHS wrote:
>>>> Hi,
>>>> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
>>>> Previously another Win2k DC was physically removed from the network
>>>> without demoting with DCPromo. It appears that the Infrastructure
>>>> Master was it's only role. I've seen the documents regarding using
>>>> Ntdsutil to seize FSMO roles.
>>>> Once I've done that, is there anything else I need to do?
>>>>
>>>> Also, with a single domain is there a problem with having the
>>>> global catalog DC also hold the Infrastructure Master?
>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
>>>>
>>>> Thanks much,
>>>> Robert
Anonymous
December 29, 2004 6:11:19 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
If I have this straight, I seize the role first, then run NTDSutil metadata
cleanup.
Then I remove any references of the former DC from AD Users and Computers,
etc...
Thanks much Dean.
"Dean Wells [MVP]" wrote:
> Great point, I neglected to mention the process of metadata cleanup. My
> comment regarding the IM simply meant that the FSMO role itself imposes
> no additional requirements once seized.
>
> I would recommend the use of NTDSUTIL over ADSIEDIT since, although it
> is cumbersome, it ensures that the task at hand is completed correctly
> (including FRS state).
>
> With regard to the statement: "you must ensure the old machine never
> comes back up without formatting its hard drive", this is FSMO specific
> and does not apply here. The IM, as I said, maintains virtually no
> state and as such can be brought back on line (where possible) without
> any cause for concern ... assuming other non-related factors are a
> non-issue, factors such as downtime not exceeding tombstone lifetime.
>
> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
> introduce the concept of INITSYNC; a requirement that must be met by all
> DCs holding FSMO roles. This requirement prevents a DC in possession of
> a FSMO role from offering any service at boot time bound to that role
> until it has completed a full replication cycle with one of its direct
> replication partners. This technique helps to ensure that 2 DCs do not
> service the same FSMO role (the assumption being that the DC from which
> the old FSMO replicates will already be aware that the role has moved
> and will inform the old FSMO of this fact before it begins to offer
> those services).
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> Michael D. Ober wrote:
> > Yes. Find and remove all references to the former machine. You will
> > need to use ADSIEdit to completely remove this server. When you
> > sieze a FSMO role, you must ensure the old machine never comes back
> > up without formatting its hard drive.
> >
> > Mike Ober.
> >
> > "RHS" <RHS@discussions.microsoft.com> wrote in message
> > news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> >> I do not plan on re-introducing the former AD DC back into the
> >> network. Do I need to remove any references of it...e.g. AD CU
> >> /System/FRS?
> >> Or in any other locations where it is referenced.
> >> I'm concerned with the event viewer logs displaying unnecessary
> >> messages. Thanks much Dean.
> >>
> >> Robert
> >>
> >> "Dean Wells [MVP]" wrote:
> >>
> >>> Nothing further needs to be done when seizing the Infrastructure
> >>> FSMO since it maintains virtually no state.
> >>>
> >>> In a single domain, the Infrastructure FSMO and GC ARE compatible
> >>> when running on the same DC.
> >>>
> >>> --
> >>> Dean Wells [MVP / Directory Services]
> >>> MSEtechnology
> >>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>> R e m o v e t h e m a s k t o s e n d e m a i l
> >>>
> >>> RHS wrote:
> >>>> Hi,
> >>>> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> >>>> Previously another Win2k DC was physically removed from the network
> >>>> without demoting with DCPromo. It appears that the Infrastructure
> >>>> Master was it's only role. I've seen the documents regarding using
> >>>> Ntdsutil to seize FSMO roles.
> >>>> Once I've done that, is there anything else I need to do?
> >>>>
> >>>> Also, with a single domain is there a problem with having the
> >>>> global catalog DC also hold the Infrastructure Master?
> >>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
> >>>>
> >>>> Thanks much,
> >>>> Robert
>
>
>
If I have this straight, I seize the role first, then run NTDSutil metadata
cleanup.
Then I remove any references of the former DC from AD Users and Computers,
etc...
Thanks much Dean.
"Dean Wells [MVP]" wrote:
> Great point, I neglected to mention the process of metadata cleanup. My
> comment regarding the IM simply meant that the FSMO role itself imposes
> no additional requirements once seized.
>
> I would recommend the use of NTDSUTIL over ADSIEDIT since, although it
> is cumbersome, it ensures that the task at hand is completed correctly
> (including FRS state).
>
> With regard to the statement: "you must ensure the old machine never
> comes back up without formatting its hard drive", this is FSMO specific
> and does not apply here. The IM, as I said, maintains virtually no
> state and as such can be brought back on line (where possible) without
> any cause for concern ... assuming other non-related factors are a
> non-issue, factors such as downtime not exceeding tombstone lifetime.
>
> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
> introduce the concept of INITSYNC; a requirement that must be met by all
> DCs holding FSMO roles. This requirement prevents a DC in possession of
> a FSMO role from offering any service at boot time bound to that role
> until it has completed a full replication cycle with one of its direct
> replication partners. This technique helps to ensure that 2 DCs do not
> service the same FSMO role (the assumption being that the DC from which
> the old FSMO replicates will already be aware that the role has moved
> and will inform the old FSMO of this fact before it begins to offer
> those services).
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> Michael D. Ober wrote:
> > Yes. Find and remove all references to the former machine. You will
> > need to use ADSIEdit to completely remove this server. When you
> > sieze a FSMO role, you must ensure the old machine never comes back
> > up without formatting its hard drive.
> >
> > Mike Ober.
> >
> > "RHS" <RHS@discussions.microsoft.com> wrote in message
> > news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> >> I do not plan on re-introducing the former AD DC back into the
> >> network. Do I need to remove any references of it...e.g. AD CU
> >> /System/FRS?
> >> Or in any other locations where it is referenced.
> >> I'm concerned with the event viewer logs displaying unnecessary
> >> messages. Thanks much Dean.
> >>
> >> Robert
> >>
> >> "Dean Wells [MVP]" wrote:
> >>
> >>> Nothing further needs to be done when seizing the Infrastructure
> >>> FSMO since it maintains virtually no state.
> >>>
> >>> In a single domain, the Infrastructure FSMO and GC ARE compatible
> >>> when running on the same DC.
> >>>
> >>> --
> >>> Dean Wells [MVP / Directory Services]
> >>> MSEtechnology
> >>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>> R e m o v e t h e m a s k t o s e n d e m a i l
> >>>
> >>> RHS wrote:
> >>>> Hi,
> >>>> I've got a single domain, two Win2k DC's mixed with some NT BDC,s.
> >>>> Previously another Win2k DC was physically removed from the network
> >>>> without demoting with DCPromo. It appears that the Infrastructure
> >>>> Master was it's only role. I've seen the documents regarding using
> >>>> Ntdsutil to seize FSMO roles.
> >>>> Once I've done that, is there anything else I need to do?
> >>>>
> >>>> Also, with a single domain is there a problem with having the
> >>>> global catalog DC also hold the Infrastructure Master?
> >>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
> >>>>
> >>>> Thanks much,
> >>>> Robert
>
>
>
Anonymous
December 29, 2004 7:33:46 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
That will do ...
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
RHS wrote:
> If I have this straight, I seize the role first, then run NTDSutil
> metadata cleanup.
> Then I remove any references of the former DC from AD Users and
> Computers, etc...
>
> Thanks much Dean.
>
>
> "Dean Wells [MVP]" wrote:
>
>> Great point, I neglected to mention the process of metadata cleanup.
>> My comment regarding the IM simply meant that the FSMO role itself
>> imposes no additional requirements once seized.
>>
>> I would recommend the use of NTDSUTIL over ADSIEDIT since, although
>> it is cumbersome, it ensures that the task at hand is completed
>> correctly (including FRS state).
>>
>> With regard to the statement: "you must ensure the old machine never
>> comes back up without formatting its hard drive", this is FSMO
>> specific and does not apply here. The IM, as I said, maintains
>> virtually no state and as such can be brought back on line (where
>> possible) without any cause for concern ... assuming other
>> non-related factors are a non-issue, factors such as downtime not
>> exceeding tombstone lifetime.
>>
>> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
>> introduce the concept of INITSYNC; a requirement that must be met by
>> all DCs holding FSMO roles. This requirement prevents a DC in
>> possession of a FSMO role from offering any service at boot time
>> bound to that role until it has completed a full replication cycle
>> with one of its direct replication partners. This technique helps
>> to ensure that 2 DCs do not service the same FSMO role (the
>> assumption being that the DC from which the old FSMO replicates will
>> already be aware that the role has moved and will inform the old
>> FSMO of this fact before it begins to offer those services).
>>
>> --
>> Dean Wells [MVP / Directory Services]
>> MSEtechnology
>> [[ Please respond to the Newsgroup only regarding posts ]]
>> R e m o v e t h e m a s k t o s e n d e m a i l
>>
>> Michael D. Ober wrote:
>>> Yes. Find and remove all references to the former machine. You
>>> will need to use ADSIEdit to completely remove this server. When
>>> you sieze a FSMO role, you must ensure the old machine never comes
>>> back up without formatting its hard drive.
>>>
>>> Mike Ober.
>>>
>>> "RHS" <RHS@discussions.microsoft.com> wrote in message
>>> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
>>>> I do not plan on re-introducing the former AD DC back into the
>>>> network. Do I need to remove any references of it...e.g. AD CU
>>>> /System/FRS?
>>>> Or in any other locations where it is referenced.
>>>> I'm concerned with the event viewer logs displaying unnecessary
>>>> messages. Thanks much Dean.
>>>>
>>>> Robert
>>>>
>>>> "Dean Wells [MVP]" wrote:
>>>>
>>>>> Nothing further needs to be done when seizing the Infrastructure
>>>>> FSMO since it maintains virtually no state.
>>>>>
>>>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
>>>>> when running on the same DC.
>>>>>
>>>>> --
>>>>> Dean Wells [MVP / Directory Services]
>>>>> MSEtechnology
>>>>> [[ Please respond to the Newsgroup only regarding posts ]]
>>>>> R e m o v e t h e m a s k t o s e n d e m a i l
>>>>>
>>>>> RHS wrote:
>>>>>> Hi,
>>>>>> I've got a single domain, two Win2k DC's mixed with some NT
>>>>>> BDC,s. Previously another Win2k DC was physically removed from
>>>>>> the network without demoting with DCPromo. It appears that the
>>>>>> Infrastructure Master was it's only role. I've seen the
>>>>>> documents regarding using Ntdsutil to seize FSMO roles.
>>>>>> Once I've done that, is there anything else I need to do?
>>>>>>
>>>>>> Also, with a single domain is there a problem with having the
>>>>>> global catalog DC also hold the Infrastructure Master?
>>>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
>>>>>>
>>>>>> Thanks much,
>>>>>> Robert
That will do ...
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
RHS wrote:
> If I have this straight, I seize the role first, then run NTDSutil
> metadata cleanup.
> Then I remove any references of the former DC from AD Users and
> Computers, etc...
>
> Thanks much Dean.
>
>
> "Dean Wells [MVP]" wrote:
>
>> Great point, I neglected to mention the process of metadata cleanup.
>> My comment regarding the IM simply meant that the FSMO role itself
>> imposes no additional requirements once seized.
>>
>> I would recommend the use of NTDSUTIL over ADSIEDIT since, although
>> it is cumbersome, it ensures that the task at hand is completed
>> correctly (including FRS state).
>>
>> With regard to the statement: "you must ensure the old machine never
>> comes back up without formatting its hard drive", this is FSMO
>> specific and does not apply here. The IM, as I said, maintains
>> virtually no state and as such can be brought back on line (where
>> possible) without any cause for concern ... assuming other
>> non-related factors are a non-issue, factors such as downtime not
>> exceeding tombstone lifetime.
>>
>> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
>> introduce the concept of INITSYNC; a requirement that must be met by
>> all DCs holding FSMO roles. This requirement prevents a DC in
>> possession of a FSMO role from offering any service at boot time
>> bound to that role until it has completed a full replication cycle
>> with one of its direct replication partners. This technique helps
>> to ensure that 2 DCs do not service the same FSMO role (the
>> assumption being that the DC from which the old FSMO replicates will
>> already be aware that the role has moved and will inform the old
>> FSMO of this fact before it begins to offer those services).
>>
>> --
>> Dean Wells [MVP / Directory Services]
>> MSEtechnology
>> [[ Please respond to the Newsgroup only regarding posts ]]
>> R e m o v e t h e m a s k t o s e n d e m a i l
>>
>> Michael D. Ober wrote:
>>> Yes. Find and remove all references to the former machine. You
>>> will need to use ADSIEdit to completely remove this server. When
>>> you sieze a FSMO role, you must ensure the old machine never comes
>>> back up without formatting its hard drive.
>>>
>>> Mike Ober.
>>>
>>> "RHS" <RHS@discussions.microsoft.com> wrote in message
>>> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
>>>> I do not plan on re-introducing the former AD DC back into the
>>>> network. Do I need to remove any references of it...e.g. AD CU
>>>> /System/FRS?
>>>> Or in any other locations where it is referenced.
>>>> I'm concerned with the event viewer logs displaying unnecessary
>>>> messages. Thanks much Dean.
>>>>
>>>> Robert
>>>>
>>>> "Dean Wells [MVP]" wrote:
>>>>
>>>>> Nothing further needs to be done when seizing the Infrastructure
>>>>> FSMO since it maintains virtually no state.
>>>>>
>>>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
>>>>> when running on the same DC.
>>>>>
>>>>> --
>>>>> Dean Wells [MVP / Directory Services]
>>>>> MSEtechnology
>>>>> [[ Please respond to the Newsgroup only regarding posts ]]
>>>>> R e m o v e t h e m a s k t o s e n d e m a i l
>>>>>
>>>>> RHS wrote:
>>>>>> Hi,
>>>>>> I've got a single domain, two Win2k DC's mixed with some NT
>>>>>> BDC,s. Previously another Win2k DC was physically removed from
>>>>>> the network without demoting with DCPromo. It appears that the
>>>>>> Infrastructure Master was it's only role. I've seen the
>>>>>> documents regarding using Ntdsutil to seize FSMO roles.
>>>>>> Once I've done that, is there anything else I need to do?
>>>>>>
>>>>>> Also, with a single domain is there a problem with having the
>>>>>> global catalog DC also hold the Infrastructure Master?
>>>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
>>>>>>
>>>>>> Thanks much,
>>>>>> Robert
Anonymous
December 29, 2004 7:33:47 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Thanks Dean, appreciate it.
Robert
"Dean Wells [MVP]" wrote:
> That will do ...
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> RHS wrote:
> > If I have this straight, I seize the role first, then run NTDSutil
> > metadata cleanup.
> > Then I remove any references of the former DC from AD Users and
> > Computers, etc...
> >
> > Thanks much Dean.
> >
> >
> > "Dean Wells [MVP]" wrote:
> >
> >> Great point, I neglected to mention the process of metadata cleanup.
> >> My comment regarding the IM simply meant that the FSMO role itself
> >> imposes no additional requirements once seized.
> >>
> >> I would recommend the use of NTDSUTIL over ADSIEDIT since, although
> >> it is cumbersome, it ensures that the task at hand is completed
> >> correctly (including FRS state).
> >>
> >> With regard to the statement: "you must ensure the old machine never
> >> comes back up without formatting its hard drive", this is FSMO
> >> specific and does not apply here. The IM, as I said, maintains
> >> virtually no state and as such can be brought back on line (where
> >> possible) without any cause for concern ... assuming other
> >> non-related factors are a non-issue, factors such as downtime not
> >> exceeding tombstone lifetime.
> >>
> >> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
> >> introduce the concept of INITSYNC; a requirement that must be met by
> >> all DCs holding FSMO roles. This requirement prevents a DC in
> >> possession of a FSMO role from offering any service at boot time
> >> bound to that role until it has completed a full replication cycle
> >> with one of its direct replication partners. This technique helps
> >> to ensure that 2 DCs do not service the same FSMO role (the
> >> assumption being that the DC from which the old FSMO replicates will
> >> already be aware that the role has moved and will inform the old
> >> FSMO of this fact before it begins to offer those services).
> >>
> >> --
> >> Dean Wells [MVP / Directory Services]
> >> MSEtechnology
> >> [[ Please respond to the Newsgroup only regarding posts ]]
> >> R e m o v e t h e m a s k t o s e n d e m a i l
> >>
> >> Michael D. Ober wrote:
> >>> Yes. Find and remove all references to the former machine. You
> >>> will need to use ADSIEdit to completely remove this server. When
> >>> you sieze a FSMO role, you must ensure the old machine never comes
> >>> back up without formatting its hard drive.
> >>>
> >>> Mike Ober.
> >>>
> >>> "RHS" <RHS@discussions.microsoft.com> wrote in message
> >>> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> >>>> I do not plan on re-introducing the former AD DC back into the
> >>>> network. Do I need to remove any references of it...e.g. AD CU
> >>>> /System/FRS?
> >>>> Or in any other locations where it is referenced.
> >>>> I'm concerned with the event viewer logs displaying unnecessary
> >>>> messages. Thanks much Dean.
> >>>>
> >>>> Robert
> >>>>
> >>>> "Dean Wells [MVP]" wrote:
> >>>>
> >>>>> Nothing further needs to be done when seizing the Infrastructure
> >>>>> FSMO since it maintains virtually no state.
> >>>>>
> >>>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
> >>>>> when running on the same DC.
> >>>>>
> >>>>> --
> >>>>> Dean Wells [MVP / Directory Services]
> >>>>> MSEtechnology
> >>>>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>>>> R e m o v e t h e m a s k t o s e n d e m a i l
> >>>>>
> >>>>> RHS wrote:
> >>>>>> Hi,
> >>>>>> I've got a single domain, two Win2k DC's mixed with some NT
> >>>>>> BDC,s. Previously another Win2k DC was physically removed from
> >>>>>> the network without demoting with DCPromo. It appears that the
> >>>>>> Infrastructure Master was it's only role. I've seen the
> >>>>>> documents regarding using Ntdsutil to seize FSMO roles.
> >>>>>> Once I've done that, is there anything else I need to do?
> >>>>>>
> >>>>>> Also, with a single domain is there a problem with having the
> >>>>>> global catalog DC also hold the Infrastructure Master?
> >>>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
> >>>>>>
> >>>>>> Thanks much,
> >>>>>> Robert
>
>
>
Thanks Dean, appreciate it.
Robert
"Dean Wells [MVP]" wrote:
> That will do ...
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> RHS wrote:
> > If I have this straight, I seize the role first, then run NTDSutil
> > metadata cleanup.
> > Then I remove any references of the former DC from AD Users and
> > Computers, etc...
> >
> > Thanks much Dean.
> >
> >
> > "Dean Wells [MVP]" wrote:
> >
> >> Great point, I neglected to mention the process of metadata cleanup.
> >> My comment regarding the IM simply meant that the FSMO role itself
> >> imposes no additional requirements once seized.
> >>
> >> I would recommend the use of NTDSUTIL over ADSIEDIT since, although
> >> it is cumbersome, it ensures that the task at hand is completed
> >> correctly (including FRS state).
> >>
> >> With regard to the statement: "you must ensure the old machine never
> >> comes back up without formatting its hard drive", this is FSMO
> >> specific and does not apply here. The IM, as I said, maintains
> >> virtually no state and as such can be brought back on line (where
> >> possible) without any cause for concern ... assuming other
> >> non-related factors are a non-issue, factors such as downtime not
> >> exceeding tombstone lifetime.
> >>
> >> Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
> >> introduce the concept of INITSYNC; a requirement that must be met by
> >> all DCs holding FSMO roles. This requirement prevents a DC in
> >> possession of a FSMO role from offering any service at boot time
> >> bound to that role until it has completed a full replication cycle
> >> with one of its direct replication partners. This technique helps
> >> to ensure that 2 DCs do not service the same FSMO role (the
> >> assumption being that the DC from which the old FSMO replicates will
> >> already be aware that the role has moved and will inform the old
> >> FSMO of this fact before it begins to offer those services).
> >>
> >> --
> >> Dean Wells [MVP / Directory Services]
> >> MSEtechnology
> >> [[ Please respond to the Newsgroup only regarding posts ]]
> >> R e m o v e t h e m a s k t o s e n d e m a i l
> >>
> >> Michael D. Ober wrote:
> >>> Yes. Find and remove all references to the former machine. You
> >>> will need to use ADSIEdit to completely remove this server. When
> >>> you sieze a FSMO role, you must ensure the old machine never comes
> >>> back up without formatting its hard drive.
> >>>
> >>> Mike Ober.
> >>>
> >>> "RHS" <RHS@discussions.microsoft.com> wrote in message
> >>> news:25369FD9-D392-49D9-B4E7-2567A1175FEC@microsoft.com...
> >>>> I do not plan on re-introducing the former AD DC back into the
> >>>> network. Do I need to remove any references of it...e.g. AD CU
> >>>> /System/FRS?
> >>>> Or in any other locations where it is referenced.
> >>>> I'm concerned with the event viewer logs displaying unnecessary
> >>>> messages. Thanks much Dean.
> >>>>
> >>>> Robert
> >>>>
> >>>> "Dean Wells [MVP]" wrote:
> >>>>
> >>>>> Nothing further needs to be done when seizing the Infrastructure
> >>>>> FSMO since it maintains virtually no state.
> >>>>>
> >>>>> In a single domain, the Infrastructure FSMO and GC ARE compatible
> >>>>> when running on the same DC.
> >>>>>
> >>>>> --
> >>>>> Dean Wells [MVP / Directory Services]
> >>>>> MSEtechnology
> >>>>> [[ Please respond to the Newsgroup only regarding posts ]]
> >>>>> R e m o v e t h e m a s k t o s e n d e m a i l
> >>>>>
> >>>>> RHS wrote:
> >>>>>> Hi,
> >>>>>> I've got a single domain, two Win2k DC's mixed with some NT
> >>>>>> BDC,s. Previously another Win2k DC was physically removed from
> >>>>>> the network without demoting with DCPromo. It appears that the
> >>>>>> Infrastructure Master was it's only role. I've seen the
> >>>>>> documents regarding using Ntdsutil to seize FSMO roles.
> >>>>>> Once I've done that, is there anything else I need to do?
> >>>>>>
> >>>>>> Also, with a single domain is there a problem with having the
> >>>>>> global catalog DC also hold the Infrastructure Master?
> >>>>>> It's a RAID 5 machine versus my second AD DC being a pc clone.
> >>>>>>
> >>>>>> Thanks much,
> >>>>>> Robert
>
>
>
Related resources
- moving fsmo roles Forum
- FSMO ROLES Forum
- Problem in Moving FSMO Roles Forum
- Moved fsmo roles to different server Forum
- Possible FSMO roles error. Please help !?! Forum
- SolvedIs vram affected by resolution?, when playing a game what role does vram play? Forum
- What Role Does Transistor Count Play? Forum
- SolvedWhat is the role for cpu in gaming Forum
- What tech-related role best describes you? Forum
- What plays a major role connection of two WANs? Forum
- What role should I grant for server reboot only Forum
- What Role Will You Play In A HL2 Movie? Forum
- Whats the role of processor, ram and rom in a mobile phone? Forum
- Solvedwhat to do after installing ram Forum
- SolvedSo, what comes after Devil's Canyon? Forum
- More resources
!