Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller:
http://support.microsoft.com/kb/255504
And XPs and Outlook 2003 will use cached credentials and cached storage
of Outlook so even if the DC is down, Exchange is horked, even in a
single DC setting your end users aren't freaking too much.
We're starting to do more of this temp dc, move the roles, break the
connection, build a new final box, push the FSMO roles back on the new
box method down here in SBSland to keep from ripping out desktops and
user profiles. [that's just one of many KBs that are followed in the
procedure]
AD wrote:
Amy,
You will not be able to do that. Creating a new machine with the same
name and same ip will not automatically add your new server to the
domain. You will have two choices:
1. install base os and do a full system restore from the tapes of the
old server.
or
2. install base os and run dcpromo, install new DC to existing domain
and then remove old server from environment.
Good Luck
Y
------------------------------------------------------------------------
*From:* Amy Hunter
*Sent:* Tue 29/11/2005 11:46 AM
*To:* [email protected]
*Subject:* RE: [ActiveDir] FSMO role transfer
So are these FSMO roles stored in some sort of configuration partition
in AD? if not, where are they stored?
I plan to replace my DC hardware next year, as long as I bring the new
server up with the same IP/Name etc configuration etc, I won't need to
move the FSMO roles to another DC when I replace the hardware?
Sorry if these seems junior questions, this is my first job in IT (i'm
doing this for free for experience)
thank you for your help, Amy ;o)
*/"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>/*
wrote:
First, look at each role and see what it does...
Forest FSMOs
* Schema Master --> needed when updating the schema
* Domain Naming master --> needed when adding or removing domains
within the forest
Domain FSMOs
* PDC Emulator --> needed for legacy clients (NT4, W9x) when
changing passwords, used for time sync, is used for pwd checking
when a user enters an incorrect pwd at another DC, used by DFS
roots to get DFS info
* RID Master --> needed to distribute RID pools to DCs that have
exhausted their current RID pool for 50% (=250 RIDs)
* Infrastructure --> needed to update references between domains
in a forest (does not do anything in a single domain forest)
If you look at this, there is no need to first transfer the FSMO
roles to another DC, just to carry out maintenance activities. It
also depends on the FSMO role. The most used ones in your case
will be the RID and the PDC FSMO. Only if you create more than 500
security principals (users, groups and computers) during the
moment that the DC with the RID FSMO is down, you will experience
a problem on the DC that is left. If you still have legacy clients
and they want to change the password that will not be possible.
And if those clients have the DSClient installed that will not be
an issue either.
In short: leave as is. it will be OK for those 2 hours
Cheers,
jorge
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Amy Hunter
*Sent:* Tuesday, November 29, 2005 16:43
*To:* [email protected]
*Subject:* [ActiveDir] FSMO role transfer
Hi guys,
We have two DC's, one which holds the Forest FSMO roles, the other
which holds the domain FSMO roles.
I plan to take each server down at different times so that one of
the two servers can provide authentication etc while the other
gets maintained.
Initially, I was planning on moving the FSMO roles to the other DC
while maintainance work is carried out and transferring it back
once it's online again. I would then do the same for the other DC.
I was then told that you don't need to move the FSMO roles when
you perform maintenance on a DC holding the roles. Each server
will be down for about 2hrs.
Does anyone have advice for me? I would like to move the roles for
peace of mind knowing they are available, but if I don't need to
do that, I won! 't bother
Is there any recommended practice?
Amy
------------------------------------------------------------------------
To help you stay safe and secure online, we've developed the all
new *Yahoo! Security Centre*
<http://us.rd.yahoo.com/mail/uk/taglines/default/security_centre/*http://uk.security.yahoo.com/>.
This e-mail and any attachment is for authorised use by the
intended recipient(s) only. It may contain proprietary material,
confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other
party. If you are not an intended recipient then please promptly
delete this e-mail and any attachment and all copies and inform
the sender. Thank you.
------------------------------------------------------------------------
To help you stay safe and secure online, we've developed the all new
*Yahoo! Security Centre*
<http://us.rd.yahoo.com/mail/uk/taglines/default/security_centre/*http://uk.security.yahoo.com/>.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
