Seizing FSMO Roles

This is not something that recently happened, but I do feel compelled to share this tale. Long before I was in charge of our Domain, we had an outside company set things up. We had a Windows 2000 Mixed Mode Domain with 2 domain controllers. It is a fairly simple setup. Well, some time last year we purchased the CALs for Windows 2003 and 2 new servers to replace our aging 2000 server domain controllers.

During the process, I intended to replace one server at a time, I had a plan all laid out. I first wrote my login script to replace the Static DNS entry for the first DC on all the computers in the domain with the new DC replacing it. I then transfered the FSMOs on the first DC to the second DC. I then ran ADPREP and then I hit a snag! Basically, the error kept telling me the following:

The schema master did not complete a replication cycle after the last reboot. The schema master must complete at least one replication cycle before the schema can be extended.
[User Action]
Verify that the schema master is connected to the network and can communicate with other domain controllers. Use the Sites and Services snap-in to replicate between the schema operations master and at least one replication partner. After replication has succeeded, run adprep again.


Well, after some quick attempts to correct the issue, I decided to run DCDIGAG. It was then that I noticed that while the GUI showed the current server held all the FSMO Roles, the DCDIAG showed that an unknown SID held the forest-wide roles. So, I instantly inquired to another techie about this. I asked if this server had been replaced before and then I was told that it had crashed before and they just reinstalled Server 2000 and Promoted it using the same Computer named and IP, obviously with a different SID!

There was a little bit of panic for a second, but then I figured it was time to run NTDSUTIL to seize the roles. I know it can be a dangerous process but I knew this situation called for it. After the roles were seized the ADPREP worked beautifully and my migration was flawless from there.

I just wanted to share this real life experience with seizing roles. I’ve done the MS exams, read a ton of Study guides and set up labs at home, but studying for the exams and applying the knowledge in a real life setting are far different.


Comments are closed.