how to convert additional domain to primary domain
controller on windows 2003 server



how to convert additional domain to primary domain controller on windows 2003 server..

Answer / md.khalid

Foremost - clarity: In an Active Directory forest, where you
have several domain controllers, but one primary domain
controller (PDC) - you may think that you must RESTORE or
recover this PDC to salvage the domain. In other words, if
the PDC fails - is all lost? Nope, not at all. Unless you do
not have backup domain controllers. If you do not - then
reading the rest of this is moot - but if you do, then read on.

When you promote additional servers on your domain, and make
them member DC's in the same forest, then your domain
details are available to you - and you simply need to
transfer the Operation Master role to another DC - but
before doing that - there are the FSMO's - yea, something
hardly anyone knows about: FSMO = Flexible Single Master
Operation - something your PDC or master of operations -
manages. If a PDC - and Global Catalog for that matter -
goes offline, a backup DC will generally pickup and juggle
traffic for the PDC. But what happens if the PDC crashes
altogether, and you need to basically assign a member backup
DC the PDC role?

FSMO must be transferred to a backup DC before that DC can
assume the Master of Operations role. This is done at the
command-line level, and you must be careful before you make
this call - ONLY do this if you are sure you cannot recover
the original PDC because once you do this - you cannot later
recover the PDC and bring it online. It cannot be added back
into the forest at all.

So, the FSMO roles and how we transfer these. In a word, you
cannot simply transfer the FSMO roles because the PDC is off
line and not available to authorize the transfer. However,
you 'can' SEIZE the FSMO roles from the original PDC - even
with the machine offl line.

Caution: Using the Ntdsutil utility incorrectly may result
in partial or complete loss of Active Directory functionality.

Open a CMD prompt on the backup DC you want to perform this
on. At the command-line prompt, type Ntdsutil and press <Enter>.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS>ntdsutil
ntdsutil:

At this prompt, type roles and press <Enter>:

ntdsutil: roles
fsmo maintenance:

Now type connections and press <Enter>:

fsmo maintenance: connections
server connections:

Now type connect to servername <serverName> where
<serverName> is the name of the backup DC you are working
on, and press <Enter>:

server connections: connect to servername hamddc02

Connected to hamdc02 using credentials of locally logged on
user.
server connections:

At the server connections prompt type q and press <Enter>:

server connections: q
fsmo maintenance:

Now we are going to SEIZE the FSMO roles we want. NOTE: Out
of the 5 FSMO roles, we are NOT going to seize the
Infrastructure Master. We do not want to put the
Infrastructure Master (IM) role on the same domain
controller as the Global Catalog server. If the
Infrastructure Master runs on a GC server it will stop
updating object information because it does not contain any
references to objects that it does not hold. This is because
a GC server holds a partial replica of every object in the
forest. For now, we'll seize the following:

Seize domain naming master
Seize PDC
Seize RID master
Seize schema master

We do this by typig the line shown above. For example, to
seize the domain naming master, type seize domain naming
master and press <Enter>

You will receive a Windows dialog prompting to confirm this
move - click <Yes> and then you'll see the attempt to safely
transfer the FSMO role, a failure message, and then it will
seize the role, assigning it to the backup DC you specified
when you connected to the server above.

Once you have completed this for the 4 roles, type Quit to
exit the utility, then Exit to return to Windows.

From the Start menu, select Run and enter dsa.msc and press
<Enter>.

On the domain that is displayed, right click and select
Operations Masters. You should now see that this backup
domain controller (HAMDC02 in this case) is not the
Operations master.

From here you simply re-create the failed domain controller,
and promote it - joining it to this existing forest.

Hopefully others will find this useful.

Is This Answer Correct ?    4 Yes 1 No

Post New Answer

More Microsoft Related AllOther Interview Questions

What is raid-10 ? and how it will work?

0 Answers   HP,


Using APIPA (Automatic Private Internet Protocol Address) a network can be formed or no?

1 Answers  


Shortcut keys for debugging in visual studio?

0 Answers  


What is Domain ?

1 Answers  


How do I access my microsoft account?

0 Answers  






What is Unallocated Space ?

0 Answers   Baidu, CMS,


i face a big prob in ms outlook 2k3 when i send a mail to others person but when go to sent itms there not show cc & To format whats prob how to trouble it?Plz reply hurry

4 Answers  


Why user and kernel mode are good designed operating system?

0 Answers  


Why do we need xaml? : xaml

0 Answers  


Will xaml replace other programming languages like c# and vb? : xaml

0 Answers  


How do I turn off microsoft telemetry compatibility?

0 Answers  


How to remotely administer ms iis?

0 Answers  


Categories