Suppose the Primary DC has gone down due to some hardware failure and you are having a hard time managing the AD from a ADC, then try following the steps given below to seize the roles to the ADC.
Try following procedure to make the Additional domain controller a Primary domain controller,
Enabling the global catalog - Active Directory Sites and Services, select the Data Centers on which you want to enable the GC, then in the details pane, right-click NTDS Settings, and then click Properties and select GC.
Seizing FSMO roles (Flexible Single Master of Operation) -
The five FSMO roles are:
Schema master - Forest-wide and one per forest.
Domain naming master - Forest-wide and one per forest.
RID master - Domain-specific and one for each domain.
PDC - PDC Emulator is domain-specific and one for each domain.
Infrastructure master - Domain-specific and one for each domain.
Once you seize the roles, after the Primary DC come online, you can not transfer back the below roles, you will have to reinstall the OS
Schema - Original must be reinstalled
Domain Naming - Original must be reinstalled
RID - Original must be reinstalled
PDC Emulator Can transfer back to original
Infrastructure Can transfer back to original
Next, to perform this operation you should be part of Enterprise admin
Now to seize these roles using NTDSutil, follow the below steps,
Open command prompt on the ADC,
Type ntdsutil
ntdsutil: Type Roles, you will get a prompt as
fsmo maintenance: Now type connections, you will get a prompt as
server connections: connect to server <ADC>, as this is your ADC, enter your ADC netbios name.
once the connection is established then press q, then you will come back to
fsmo maintenance: now enter the below commands
Seize domain naming master
Seize infrastructure master
Seize PDC
Seize RID master
Seize schema master
You will receive a warning window asking if you want to perform the seize. Click on Yes.
Important Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.
You can repeat the above steps on a different DC to seize the IM role,
check whether all the roles are seized properly,
Now,
Cleanup Active Directory metadata
the ADC should also be running DNS server or you have other issues to address.
No comments:
Post a Comment