How to upgrade secondary AD to primary AD
Hi, Actually we have post the question on forum under exchange server 2010, however we still waiting feedback for Microsoft expertise. Let me summarize again the problem we facing now: We have 2 AD server, 2 mailstore, 2 cas and 2 hub. Currently, our primary AD crash and we do not have any backup. We thinking of convert secondary AD to become primary AD and setup another new AD. Our plan was having 2 AD server to load balance the traffic. We found that all the FSMO role Schema, Domain naming, RID, PDC and Infrastructure are running at primary AD. We unable to migrate FSMO to new server as the primary server was crash. Is it possible we can convert secondary AD to primary AD? Please advice! Thanks!
July 26th, 2011 4:57am

Shirobb109, There is no such thing a primary and secondary AD. If you had 2 Domain Controllers in Active Directory and the one with all FSMO-Roles failed, you must Seize all FSMO roles to the DC you have left See the section "Seize FSMO Roles" This is more a Active Directory problem and Exchange, so it would have been better to post your questions at http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads :Martina Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 5:42am

Hi Martina, All the FSMO roles are sitting on the first DC was crash, thats why we can not transfer it out to another DC server. We do not have backup as well. Our Global catalog running on both DC, if we run the command below at another DC server, whats is the impact? Seize domain naming master seize infrastructure master seize PDC seize RID master seize schema master Please advice,
July 26th, 2011 6:08am

Hi Shirobb10 There should be no problem seizing the FSMO roles from the Domain Controller that was holding all the roles. Infact, seizing the roles is a step that is specifically set for the following situations The current role holder is experiencing an operational error that prevents an FSMO-dependent operation from completing successfully and that role cannot be transferred A domain controller that owns an FSMO role is force-demoted by using the dcpromo /forceremoval command The operating system on the computer that originally owned a specific role no longer exists or has been reinstalled Yours appears to be the first scenario The only pre-requisite is that you do not seize the roles whilst the FSMo role holder is online (transfer instead) and that once the FMSO roles have been seized, you do not bring the fomer FSMO role holder back online. You will need to demote the server first (whilst it is offline) and then join it back to the domain as a member server, if you want it back on your network. Follow these steps to seize the role on your currently active Domain Controller To seize the FSMO roles by using the Ntdsutil utility, follow these steps: Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred. Click Start, click Run, type ntdsutil in the Open box, and then click OK. Type roles, and then press ENTER. Type connections, and then press ENTER. Type connect to server <var>servername</var>, and then press ENTER, where <var>servername</var> is the name of the domain controller that you want to assign the FSMO role to. At the server connections prompt, type q, and then press ENTER. Type seize <var>role</var>, where <var>role</var> is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to thentdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility. For more information that maybe relevant see the following KB Article http://support.microsoft.com/kb/255504 Regards
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 6:25am

I can tell by your question that you didn´t read the information Notes in the KB <COPY> Under typical conditions, all five roles must be assigned to “live” domain controllers in the forest. If a domain controller that owns a FSMO role is taken out of service before its roles are transferred, you must seize all roles to an appropriate and healthy domain controller. We recommend that you only seize all roles when the other domain controller is not returning to the domain. If it is possible, fix the broken domain controller that is assigned the FSMO roles. You should determine which roles are to be on which remaining domain controllers so that all five roles are assigned to a single domain controller. <\COPY> Just remember that the brooken DC should never ever be brought back "to life" after this without a reinstallation. And I dont think I have to tell you that you need to backup Active Directory! :) Happy seizing, the commands looks good. :MartinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
July 26th, 2011 6:27am

Thanks Martina & Maestro your information was very helpful. I managed to run the command Seize for 4 roles at my DC. However, I can not seize domain naming master to my ad2, it return with Invalid Syntax. FYI, I login using the administrator to run the following command. fsmo maintenance: seize Domain naming master Error parsing Input - Invalid Syntax. C:\>netdom query fsmo Schema master MSG-AD2 Domain naming master MSG-AD1 PDC MSG-AD2 RID pool manager MSG-AD2 Infrastructure master MSG-AD2 The command completed successfully. Please advice!
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 12:05am

Hey Guys, I manage to seize all my fsmo roles to new DC, realize that the command seize domain naming master is for window 2003 and my server are running on window 2008. I have using the command seize naming master instead. Thank you!
July 27th, 2011 12:17am

That was good news shiroob10, Thanks for the update! :MartinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question.
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 2:09am

Hi Martina, Sorry, forgot to ask, as we have migrate all FSMO role to another DC, What are the setting we need to change for the rest of the exchange servers such as CAS, HUB, MAILSTORE? Any others configuration we need to change at exchange servers? we need to make sure all the AD server are able to point to the new DC and not point to the old DC (which already crash) Please advise!
August 1st, 2011 12:33am

Hi Shirobb10, Nice to hear from you again! From an Exchange point of view, just make sure that it doesn´t have the failed server in it´s DNS-Settings. Look for EventID: 2080 in the Application Log and you will see what Domain Controller the Exchange Server knows about and will use. You should completly remove the failed Domain Controller from Active Directory so follow the steps in this guide to start with Remove a demoted or failed DC from Active Directory using Ntdsutil.exe ...and dont´t forget to remove all entries in DNS for the failed server. Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2011 1:39am

Hi Martina, Thanks for the guideline given. I have try the URL for step to remove a demoted or failed DC from AD using ntdsutil. We realize it doesn't apply to our demoted DC as the server already bring down. We can not connect to that DC thats the reason why we can not remove it from AD. From the Event 2080 we received the return as mention below: MSG-AD1 CDG 1 0 0 1 0 0 0 0 0 MSG-AD2 CDG 1 7 7 1 0 1 1 7 1
August 1st, 2011 10:00pm

Hi Shirobb10, The guide do apply so read the instructions again. HINT: Read step 4 extra carefully (=you should connect to server MSG-AD2 CDG and remove MSG-AD1 CDG) When you read EventID 2080... Was the two servers in In-Site or was one Out-Of Site? Exchange needs a Global Catalog Server to "talk to" in the AD Site where is self belongs to. Run: Get-Exchangeserver | Ft Name,Site ...it will tell you if the Exchange servers belogs to different AD-Sites Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 1:38am

Thanks Martina, it work!! I have successfully remove demoted DC from AD2. Now the event ID 2080 only show one server: MSG-AD2 CDG 1 7 7 1 0 1 1 7 1 Since we have remove demoted DC, can we re-build the DC with same hostname and IP address? Would it be have any conflict?
August 3rd, 2011 4:16am

Hi Shirobb10, This is still a Forum for Exchange Questions.. :) But Ok, here´s my thoughts of what you should do Delete the Computer Account for MSG-AD1 CDG Make sure that you don´t have any records left for in in DNS Check in Sites and Servies...remote the computer is you haven´t done so already Install So yes, you can rebuild the server with the same name and IP. For Active Directory Questions, post here http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads Good Luck and don´t forget to backup your servers!! Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2011 1:45pm

Thanks Martina! Thanks for answering my question even I have post at wrong forum.
August 3rd, 2011 9:43pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics