Question

Locked

Primary Domain Controller

By radish31 ·
My PDC has took a dive. DNS and Active Directory are not working properly. I tried using ntdsutil to transfer the FSMO roles to anthother DC. However when working on the PDC I receive an error that the PDC can not be contacted. Would I be better off to dcpromo and demote to a member server? With DNS messed up will the roles transfer to the backup DC?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Transfer Domain-Specific Fizz-mo(FSMO) roles

by Ekline In reply to Primary Domain Controller

This was a copy and paste from another site since I didn't feel like retyping it all myself from 70-294: Server 2003 Actived Directory Infrastructure...

Credit goes to:
http://www.petri.co.il/transferring_fsmo_roles.htm


To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:

Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.

If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.

Select the domain controller that will be the new role holder, the target, and press OK.

Right-click the Active Directory Users and Computers icon again and press Operation Masters.

Select the appropriate tab for the role you wish to transfer and press the Change button.

Press OK to confirm the change.

Press OK all the way out.

Collapse -

Reply

by radish31 In reply to Transfer Domain-Specific ...

Thanks for the reply. I may have not been clear. When I do this I receive a message that says "The current FSMO holder can not be contacted." I receive a similiar error using the command line. Was wondering if using dcpromo to demote would successfully transfer the FSMO to another DC?

Collapse -

if successful, dcpromo demote does transfer FSMO roles

by Churdoo In reply to Reply

Using DCPROMO to demote, will transfer the FSMO roles to another DC, but if you're getting this error while working from what you're calling the PDC and trying to transfer roles, then you'll likely get this or a similar error while trying to demote and the demote may not proceed.

What do you mean the PDC took a dive, is it offline completely? DNS and AD not working properly, what makes you say this? Symptoms? Do you know exactly where each of the FSMO roles are? Are they all on what you're calling your PDC? Have you compared the AD on the other DC to be sure that it appears to be up to date and functioning properly? Have you run DCDIAG?

To "transfer" roles requires that the current role holder and new role holder are online and working and replicating properly. If your "PDC" took a dive as you say, then graceful transfer may not be possible and graceful demote may not work either. In this case, you may have to "dcpromo /forceremoval" and SEIZE the roles on the remaining DC using ntdsutil

Check this article, it may clear some things up: http://support.microsoft.com/kb/255504

If you're at the point where you think that demoting the "pdc" is the answer, then first try the demote, and if the demote errors out and does not finish, then you'll have to demote using "dcpromo /forceremoval", but before doing this, you want to be sure that the other DC is healthy with up to date AD. Once the first DC is demoted, then you can seize the roles from the other DC (don't forget global catalog), do metadata cleanup, and if the original DC is otherwise working properly, then try to re-promote the original DC.

Post back more questions if necessary.

Collapse -

Churdoo is correct

by CG IT In reply to if successful, dcpromo de ...

however, if your domain controller that crashed also is the DNS server, and you don't have a secondary DNS server with also can provide name resolution, then Active Directory will not work. Without a functioning active directory, you can seize roles for a domain.

Get Active Directory functioning properly first before you try to seize roles.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums