FSMO (Flexible Single Master Operations)
This page will advise you what to do if you lose the Domain Controller holding one of the FSMO roles. I will also cover the implications of having more than one FSMO master for the same role.
If you have lost your FSMO master then I have a troubleshooting section, and a separate page on transferring FSMO roles.
Incidentally, the modern tendency is to use the term Operation Masters, whereas in Windows 2000, FSMO was the term of choice. Topics for FSMO
‡
Of the 5 roles, this is the role that you will miss the soonest.
Not only with NT 4.0 BDC's complain, but also there will be no time
synchronization. Another problem is that you probably will not be able
to change or troubleshoot group policies as the default setting is for the
PDC emulator also to be the group policy master.
Implications for Duplicates
If the old PDC emulator returns, then it is not as serious as duplicates with some of the other roles. Quickly seize PDC role from another machine.
One Domain Controller is responsible for giving all the rest of the
Domain Controllers a pack of unique numbers so that no two new objects have
the same GUID (Globally Unique Identifier).
If you lose the RID master the chances are good that the existing Domain
Controllers will have enough unused RIDs to last a week or so do not be in a
hurry to seize.
Implications for Duplicates
You must not allow two RID masters, as the possibility of two objects
with the same RID would be disastrous. So if the original is
found it must be reformatted and reinstalled before re-joining the forest.
The consequence for a missing Infrastructure master is that group
memberships may be incomplete. If you only have one domain, then there
will be no impact as the Infrastructure Master is responsible for updating
your user's membership in other domains in the forest.
Implications for Duplicates
No damage occurs if the old Infrastructure master returns, just check out
the Roles and decide which machine should hold the role.
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's
just the start;
LANSurveyor can
create an inventory of the hardware and software
of your machines and network devices. Other neat features include dynamic
update for when you add new devices to your network. I also love the ability to export
the diagrams
to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will
find a device on your network that you had forgotten about, or someone else
installed without you realizing!
Download a Free Trial of LANSurveyor
If you lose the Schema Master, then long term it is serious because you
cannot install Exchange 2003 or extend the schema. However, short term
no-one will notice a missing Schema Master, so try and repair the old one
rather than seize the role.
Implications for Duplicates
You must not allow two Schema Masters, so if the original is found or
repaired, it must be completely rebuilt rather than allowed into the forest.
This is a forest wide role that is responsible for adding child domains
and new trees. Unless you are going to run DCPROMO, then you
will not miss this FSMO role, so wait rather than seize the role.
Implications for Duplicates
You must not allow the original Domain Naming Master to return, rebuild
before you let the machine back in the forest.
Symptoms of FSMO Problems I find that the first sign of a problem with a FSMO is that Active Directory Users and Computers is slow to
initialize. Moreover, if you try to even view Group Policies, you get an error such as: Inaccessible GPO - Access Denied or
Failed to open the Group Policy Object. You may not have
appropriate rights. The cause of these symptoms is that the FSMO master holding the PDC emulator is unavailable. Fingers crossed it's a temporary problem, however the problem persists then you
need to investigate which Domain Controller holds, or held the PDC emulator role. Troubleshooting ToolkitDCDiag - Not only does DCDiag have a routing to check the FSMOs but it also
provides information on Active Directory replication. As ever with troubleshooting, you want to get to the root cause not merely treat one of the symptoms. NetDOM - It's a close call
whether to run NetDOM before or after DCDiag, the answer partly depends on whether NetDom is already installed or if you need to get it from the Windows Server 2003 Support tools. From the command
line type netdom query fsmo. You should see a list of the of the 5 roles with the corresponding Domain Controller. DNS - Excuse what may seem like a digression, but it never ceases to
amaze me how often faulty DNS configuration is the source of an Active Directory problem. Therefore, head for the DNS snap-in and observe that all settings are as expected. Remember the
Monitor to tab. Make sure that each DNS server is registering itself and registering with other DNS Servers. DCPROMO - Rather drastic, but sometimes just running this program to demote
a Domain Controller creates error messages, which are handy additional sources of information. If there are no error messages, you may just choose to cancel. However, if you go ahead and run DCPROMO to demote a domain controller, watch out for a check
box that says 'This is the last domain controller in the domain'. If that
box is UNchecked the wizard will
automatically move any FSMO roles to another domain controller. NTDSUTIL - Powerful Command Line tool, note the Seize verb See here for more about
transferring FSMO roles with NTDSUTIL.
 More Information. As an MCT trainer, I can thoroughly endorse TrainSignal because they
deliver practical hands on training. In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module,
for example File Server or go for a combination of modules.
See more about Windows 2003 training here
See Also● FSMO Roles ● FSMO Advice ● FSMO
Transfer |
The extra features you get in your eBook
include: lots of examples on 'How to ...'. New pages
with deployment recommendations. Detailed instructions and screen shots showing the menus to
configure.
