Why do you need FSMO roles to start a DC? Cheers Ken
From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Saturday, 17 May 2008 6:10 AM To: NT System Admin Issues Subject: RE: Missing dedicated forest root DC IIRC, it will need to hold the FSMO roles (you can seize them once it's isolated in the lab using NTDSUTIL, MS Article 324801) as well as DNS (make sure it's only pointing to itself for DNS). It will bark about not being able to contact the other DCs after you isolate it, so remove them from DNS and from AD (following MS Article 216498). Good luck, Don Guyer Systems Engineer Information Services Department Prudential Fox Roach/ Trident 431 W. Lancaster Avenue Devon, PA 19333 Ph: (610) 993-3299 Fax: (610) 650-5306 www.prufoxroach.com<blocked::blocked::http://www.prufoxroach.com/> [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ________________________________ From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:24 PM To: NT System Admin Issues Subject: RE: Missing dedicated forest root DC Well, you need to start by troubleshooting: a) What services didn't start (e.g. you need NetLogon, Kerberos Key Distribution Centre, DNS etc) b) Why they didn't start Cheers Ken From: RM [mailto:[EMAIL PROTECTED] Sent: Friday, 16 May 2008 11:20 AM To: NT System Admin Issues Subject: RE: Missing dedicated forest root DC The single dc that we restored in the dr lab was indeed a gc. However, nothing came up. Dns wouldn't even start. Dns is on all of our dc's. RM ________________________________ From: Ken Schaefer <[EMAIL PROTECTED]> Sent: Thursday, May 15, 2008 5:55 PM To: NT System Admin Issues <[email protected]> Subject: RE: Missing dedicated forest root DC Not enough information. Where is your DNS? Do you have an entry for a GC that points to your remaining DC? You need a GC to populate Universal Group membership (or you need Universal Group membership caching enabled). No GC = no logon (except using cached credentials) Cheers Ken From: RM [mailto:[EMAIL PROTECTED] Sent: Friday, 16 May 2008 10:26 AM To: NT System Admin Issues Subject: Missing dedicated forest root DC Guys, quick question... We're doing a mock disaster recovery here. Can we spin up a child dc without also spinning up a DFR dc and get it to work well enough to start AD, authenticate users, etc? We've tried it already and it hasn't worked so far. I suspect it's due to the lack of an accessible _msdcs zone. Thanks! This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. It may contain information protected by state and federal privacy and intellectual property laws. If you have received this email in error please notify the sender immediately and delete this e-mail from your system. If you are not the named addressee you should not disseminate, distribute or copy this e-mail, and you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
