Also see: http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx
from: http://support.microsoft.com/?id=255504 A domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems. Cheers, jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AdamT Sent: donderdag 11 januari 2007 14:12 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Seized Roles - Flatten DC? Dear collective, I am at a site where somebody has panicked, and all 5 roles have been seized in the last month, and have then been transferred back to the DCs they were previously on. I had thought that certain roles (RID, Schema and possibly Domain Naming) being seized meant you had to wipe the DCs, and re-install Windows before you could use them again. Problem is - I can't find anything on technet to back this up. Best I can find is an article saying that seizing the RID is a 'drastic measure'. Can anyone point me towards something which says, ideally - "If you seize role X, you MUST do Y, or the rivers will turn to blood, you will be visited by a plague of locusts and your firstborn will be killed". Thanks in advance, -- AdamT "A casual stroll through the lunatic asylum shows that faith does not prove anything." - Nietzsche List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
