how to convert additional domain to primary domain
controller on windows 2003 server
- 1 Answers
- 11026 Views
- I also Faced
- E-Mail Answers
Answer Posted / md.khalid
Foremost - clarity: In an Active Directory forest, where you
have several domain controllers, but one primary domain
controller (PDC) - you may think that you must RESTORE or
recover this PDC to salvage the domain. In other words, if
the PDC fails - is all lost? Nope, not at all. Unless you do
not have backup domain controllers. If you do not - then
reading the rest of this is moot - but if you do, then read on.
When you promote additional servers on your domain, and make
them member DC's in the same forest, then your domain
details are available to you - and you simply need to
transfer the Operation Master role to another DC - but
before doing that - there are the FSMO's - yea, something
hardly anyone knows about: FSMO = Flexible Single Master
Operation - something your PDC or master of operations -
manages. If a PDC - and Global Catalog for that matter -
goes offline, a backup DC will generally pickup and juggle
traffic for the PDC. But what happens if the PDC crashes
altogether, and you need to basically assign a member backup
DC the PDC role?
FSMO must be transferred to a backup DC before that DC can
assume the Master of Operations role. This is done at the
command-line level, and you must be careful before you make
this call - ONLY do this if you are sure you cannot recover
the original PDC because once you do this - you cannot later
recover the PDC and bring it online. It cannot be added back
into the forest at all.
So, the FSMO roles and how we transfer these. In a word, you
cannot simply transfer the FSMO roles because the PDC is off
line and not available to authorize the transfer. However,
you 'can' SEIZE the FSMO roles from the original PDC - even
with the machine offl line.
Caution: Using the Ntdsutil utility incorrectly may result
in partial or complete loss of Active Directory functionality.
Open a CMD prompt on the backup DC you want to perform this
on. At the command-line prompt, type Ntdsutil and press <Enter>.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS>ntdsutil
ntdsutil:
At this prompt, type roles and press <Enter>:
ntdsutil: roles
fsmo maintenance:
Now type connections and press <Enter>:
fsmo maintenance: connections
server connections:
Now type connect to servername <serverName> where
<serverName> is the name of the backup DC you are working
on, and press <Enter>:
server connections: connect to servername hamddc02
Connected to hamdc02 using credentials of locally logged on
user.
server connections:
At the server connections prompt type q and press <Enter>:
server connections: q
fsmo maintenance:
Now we are going to SEIZE the FSMO roles we want. NOTE: Out
of the 5 FSMO roles, we are NOT going to seize the
Infrastructure Master. We do not want to put the
Infrastructure Master (IM) role on the same domain
controller as the Global Catalog server. If the
Infrastructure Master runs on a GC server it will stop
updating object information because it does not contain any
references to objects that it does not hold. This is because
a GC server holds a partial replica of every object in the
forest. For now, we'll seize the following:
Seize domain naming master
Seize PDC
Seize RID master
Seize schema master
We do this by typig the line shown above. For example, to
seize the domain naming master, type seize domain naming
master and press <Enter>
You will receive a Windows dialog prompting to confirm this
move - click <Yes> and then you'll see the attempt to safely
transfer the FSMO role, a failure message, and then it will
seize the role, assigning it to the backup DC you specified
when you connected to the server above.
Once you have completed this for the 4 roles, type Quit to
exit the utility, then Exit to return to Windows.
From the Start menu, select Run and enter dsa.msc and press
<Enter>.
On the domain that is displayed, right click and select
Operations Masters. You should now see that this backup
domain controller (HAMDC02 in this case) is not the
Operations master.
From here you simply re-create the failed domain controller,
and promote it - joining it to this existing forest.
Hopefully others will find this useful.
| Is This Answer Correct ? | 4 Yes | 1 No |
Post New Answer View All Answers
How does xaml relate to business process modeling languages (ebxml business process, bpml)? : xaml
How do I get my microsoft store back?
What are the new features in visual studio 2017?
Is mcafee owned by microsoft?
Explain difference between dim object as object and dim obj as myform?
How Many Instances Of A Role Should Be Deployed To Satisfy Azure Sla (service Level Agreement) ? And What's The Benefit Of Azure Sla?
What is Ethernet Address ?
Can I delete old microsoft visual c++ files?
how to connect oracle databse in excel.pls provide me steps.
Will xaml replace other programming languages like c# and vb? : xaml
What are the most popular microsoft products?
What is refactoring?
active directory
What is architecture explorer in visual studio?
How do I stop microsoft error reporting?
