how to convert additional domain to primary domain
controller on windows 2003 server
- 1 Answers
- 11187 Views
- I also Faced
- E-Mail Answers
Answer Posted / md.khalid
Foremost - clarity: In an Active Directory forest, where you
have several domain controllers, but one primary domain
controller (PDC) - you may think that you must RESTORE or
recover this PDC to salvage the domain. In other words, if
the PDC fails - is all lost? Nope, not at all. Unless you do
not have backup domain controllers. If you do not - then
reading the rest of this is moot - but if you do, then read on.
When you promote additional servers on your domain, and make
them member DC's in the same forest, then your domain
details are available to you - and you simply need to
transfer the Operation Master role to another DC - but
before doing that - there are the FSMO's - yea, something
hardly anyone knows about: FSMO = Flexible Single Master
Operation - something your PDC or master of operations -
manages. If a PDC - and Global Catalog for that matter -
goes offline, a backup DC will generally pickup and juggle
traffic for the PDC. But what happens if the PDC crashes
altogether, and you need to basically assign a member backup
DC the PDC role?
FSMO must be transferred to a backup DC before that DC can
assume the Master of Operations role. This is done at the
command-line level, and you must be careful before you make
this call - ONLY do this if you are sure you cannot recover
the original PDC because once you do this - you cannot later
recover the PDC and bring it online. It cannot be added back
into the forest at all.
So, the FSMO roles and how we transfer these. In a word, you
cannot simply transfer the FSMO roles because the PDC is off
line and not available to authorize the transfer. However,
you 'can' SEIZE the FSMO roles from the original PDC - even
with the machine offl line.
Caution: Using the Ntdsutil utility incorrectly may result
in partial or complete loss of Active Directory functionality.
Open a CMD prompt on the backup DC you want to perform this
on. At the command-line prompt, type Ntdsutil and press <Enter>.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS>ntdsutil
ntdsutil:
At this prompt, type roles and press <Enter>:
ntdsutil: roles
fsmo maintenance:
Now type connections and press <Enter>:
fsmo maintenance: connections
server connections:
Now type connect to servername <serverName> where
<serverName> is the name of the backup DC you are working
on, and press <Enter>:
server connections: connect to servername hamddc02
Connected to hamdc02 using credentials of locally logged on
user.
server connections:
At the server connections prompt type q and press <Enter>:
server connections: q
fsmo maintenance:
Now we are going to SEIZE the FSMO roles we want. NOTE: Out
of the 5 FSMO roles, we are NOT going to seize the
Infrastructure Master. We do not want to put the
Infrastructure Master (IM) role on the same domain
controller as the Global Catalog server. If the
Infrastructure Master runs on a GC server it will stop
updating object information because it does not contain any
references to objects that it does not hold. This is because
a GC server holds a partial replica of every object in the
forest. For now, we'll seize the following:
Seize domain naming master
Seize PDC
Seize RID master
Seize schema master
We do this by typig the line shown above. For example, to
seize the domain naming master, type seize domain naming
master and press <Enter>
You will receive a Windows dialog prompting to confirm this
move - click <Yes> and then you'll see the attempt to safely
transfer the FSMO role, a failure message, and then it will
seize the role, assigning it to the backup DC you specified
when you connected to the server above.
Once you have completed this for the 4 roles, type Quit to
exit the utility, then Exit to return to Windows.
From the Start menu, select Run and enter dsa.msc and press
<Enter>.
On the domain that is displayed, right click and select
Operations Masters. You should now see that this backup
domain controller (HAMDC02 in this case) is not the
Operations master.
From here you simply re-create the failed domain controller,
and promote it - joining it to this existing forest.
Hopefully others will find this useful.
| Is This Answer Correct ? | 4 Yes | 1 No |
Post New Answer View All Answers
What is UPS (Uninterruptible Power Supply)
Are the addresses, the bindings, the contracts unique between services?
what is windows backup and type of windows backup
Explain session variables?
While server generating the patches . that time server pull or push the resources?
Provide some Vlookup Examples?
What are microsoft tools?
Why dint delete the index.bat file in system?
Is microsoft defender free?
Can you delete a microsoft account?
How do you know if you have a microsoft account?
please explain what are the main server roles for system admin ? what is the way to access the active directory services sitting on the client place as a client?
Do you know about dll hell? Explain it?
Can you explain about namespace?
How to use script on Domain ?
