FSMO Seize with two site forrest

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I had to Seize FSMO roles (all 5 Schema, Domain, rid...) on two site, two
domain forrest (both domain on own site). Unfortunately the sub-domain
doesn't seem to know anything about the seizing, DC's still try to contact
the old Schema and Domain masters!

I've checked DNS entries, and tried to start manually replication. Checked
replication paths, nothing works. I get an "access denied" on many
occasiosions (but not always) when I try to connect to fileshares on the
main domain (from the sub domain).

Any Idea how I can get the subdomain to regonize the new Schema/domain
master.

Thanks for any pointers,

Kalervo

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It's difficult to understand what you wrote. Do you have 2 sites, 2 domains
and 2 forrests with trusts between the forrests, or one forrest with 2
domains?
Assuming you only have 1 forrest, if the old DC was a FRS master, you may
need to tell the new DC to take on this role. See MS KB 316790. What happens
when you try to change the forrest roles after connecting to a DC in the
second domain?

"Kalervo Tapola" wrote:

> I had to Seize FSMO roles (all 5 Schema, Domain, rid...) on two site, two
> domain forrest (both domain on own site). Unfortunately the sub-domain
> doesn't seem to know anything about the seizing, DC's still try to contact
> the old Schema and Domain masters!
>
> I've checked DNS entries, and tried to start manually replication. Checked
> replication paths, nothing works. I get an "access denied" on many
> occasiosions (but not always) when I try to connect to fileshares on the
> main domain (from the sub domain).
>
> Any Idea how I can get the subdomain to regonize the new Schema/domain
> master.
>
> Thanks for any pointers,
>
> Kalervo
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi..

Have you checked the Schema and Config NCs on the sub-domain DCs to
see if they have the new FSMO entries ??

Gary Simmons

gsimmons.uk@gmail.com

On Tue, 4 Jan 2005 00:02:52 +0100, "Kalervo Tapola"
<kalervo@tapola.de> wrote:

>I had to Seize FSMO roles (all 5 Schema, Domain, rid...) on two site, two
>domain forrest (both domain on own site). Unfortunately the sub-domain
>doesn't seem to know anything about the seizing, DC's still try to contact
>the old Schema and Domain masters!
>
>I've checked DNS entries, and tried to start manually replication. Checked
>replication paths, nothing works. I get an "access denied" on many
>occasiosions (but not always) when I try to connect to fileshares on the
>main domain (from the sub domain).
>
>Any Idea how I can get the subdomain to regonize the new Schema/domain
>master.
>
>Thanks for any pointers,
>
>Kalervo
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Kalervo,

Es tut mir leid, aber es ist doch ein bischen schwer zu verstehen was Du
meinst!

There are five FSMO Roles: two are Forest-wide and three are Domain-wide.
So, if.....

you have one domain and two Sites ( as configured in the Active Directory
Sites and Services MMC ) the you will have only five roles. Can you
determine which DC holds which role? For each of the five roles? You can
install the Support Tools from the MS Web Site or from the Windows 2000
Service Pack CD-Media and run - from a command line - netdom query fsmo or
you can use replmon. Do this on each Domain Controller. You might also
want to run dcdiag /v and netdiag /v to see what else might be going on!
Also, are there any entries in the Event logs?

you have two domains and two Sites then you will have eight roles ( the two
that are Forest Wide - the two you have mentioned - and three from both of
the Domains - so you would have PDC Emulator from Domain1 and PDC Emulator
from Domain2, etc. ). Again, install the Support Tools and use netdom query
fsmo ( or replmon ) on each Domain Controller. Also, run dcdiag /v and
netdiag /v on all DCs. Again, any entries in the Event logs?

When you did the seize procedure, how did you do it? I am assuming with
ntdsutil ( the only way that I know.... ). Did you remove the DC that held
these roles from the Domain/Forest? Did you clean up the metadata? When
you seize roles from a Domain Controller that particular Domain Controller
can never come back to the network. Otherwise you will have a bunch of
'weirdness'.

What happens if you run repadmin /showreps and repadmin /showconn from each
DC ( this is part of the Support Tools )?

Also, have you given enough time for replication? There are two types:
intra-site and inter-site replication. Intra is relatively quick and Inter
is relatively slow. So, if you checked three minutes after you did this
procedure you might not have given enough time. Especially if inter-site
replication is involved.....

HTH,

Cary

"Kalervo Tapola" <kalervo@tapola.de> wrote in message
news:OEv%23ehe8EHA.1300@TK2MSFTNGP14.phx.gbl...
>I had to Seize FSMO roles (all 5 Schema, Domain, rid...) on two site, two
>domain forrest (both domain on own site). Unfortunately the sub-domain
>doesn't seem to know anything about the seizing, DC's still try to contact
>the old Schema and Domain masters!
>
> I've checked DNS entries, and tried to start manually replication. Checked
> replication paths, nothing works. I get an "access denied" on many
> occasiosions (but not always) when I try to connect to fileshares on the
> main domain (from the sub domain).
>
> Any Idea how I can get the subdomain to regonize the new Schema/domain
> master.
>
> Thanks for any pointers,
>
> Kalervo
>