+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Primary DC (FSMO) Fails... what do you do? in Technical; Hi all, Currently looking into our disaster recovery plan and, just so I am clear in my head, in the ...
  1. #1

    Join Date
    Sep 2008
    Posts
    132
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    14

    Primary DC (FSMO) Fails... what do you do?

    Hi all,

    Currently looking into our disaster recovery plan and, just so I am clear in my head, in the unlikely event our FSMO dies would the following get us up and running with minimum fuss and downtime:

    • Log on to our second DC, seize FSMO roles and setup DHCP (already has DNS)
    • Rebuild failed FSMO server, patch, install software, connect up SAN drives, setup shares
    • Run DCPromo on rebuilt server
    • Transfer back FSMO (if necessary)


    Not that I would want to do it but it doesn't seem to bad really - days work tops (most of which is patching)... or am I missing bits? We have backups in place etc. using DPM but as we are still running 2003 on our DCs until next summer BMR is out of the question so I am considering what-if scenarios (actually the above probably looks more appealing to me than a BMR, I would worry about replication being out of sync if the PDC was rebuilt).

    Michael
    Last edited by CyBeRkId2002; 22nd October 2012 at 11:24 AM.

  2. #2

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    860
    Thank Post
    191
    Thanked 71 Times in 66 Posts
    Rep Power
    50
    Rebuilt the PDC Emulator at last place in about 4 hours between 2 of us from a fresh install including rebuilding the RAID. That included restoring all the users data and shares that were on the PDC emulator. We had never done it before and had to find out how to seize the neccesary roles etc and then putting them back on the rebuilt server.

    Must admit it actually done us a favour as was causing all sorts of grief :-), regulary running out of c drive space and causing replication issues.
    Last edited by Davit2005; 22nd October 2012 at 11:41 AM.

  3. #3

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    I would also make sure to follow best practice, when seizing the role, make sure the server is rebuilt with a different IP\name. In most cases this shouldn't be necessary but it's advised to have a "clean" install.

    In some cases you can have a server failure and still be able to move the roles over cleanly. In this case I'd happily keep the same name/ip if the server is rebuilt

  4. #4
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,212
    Thank Post
    138
    Thanked 346 Times in 292 Posts
    Rep Power
    90
    Or restore from backup??

    We've done a DR test in the past at a primary we look after with ~300GB of data and a DC restored in a few hours.

  5. #5

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    If you only have 1 DC in your environment, then sure a restore from backup is the way to go. However if you have multiple DC's and to the best of your knowledge replication is working. Then I would never try a restore, and always go for a rebuild and repromo.

    This is unless your backup happened to be minutes before the failure - otherwise you'll have no end of users moaning that their passwords are no longer working, the people who manage your accounts wondering where their days work has gone.

  6. #6

    Join Date
    Feb 2008
    Posts
    107
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    15
    Do do an non authoritative restore and you would avoid that!

  7. #7
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,212
    Thank Post
    138
    Thanked 346 Times in 292 Posts
    Rep Power
    90
    Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

    If it is possible, fix the broken domain controller that is assigned the FSMO roles.

  8. #8

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    Split your DHCP scope 80%/20% across your two DCs. That way if one server goes down the other will still be available to dish out IPs. Saves you from a whole lot of pain if the IPs start expiring but you haven't yet sorted out your DC loss (or if the DC goes down over the weekend).

SHARE:
+ Post New Thread

Similar Threads

  1. IE7 GPO Configuration - what do you do?
    By mark in forum Windows
    Replies: 1
    Last Post: 16th November 2006, 09:10 PM
  2. Replies: 14
    Last Post: 7th September 2006, 01:14 PM
  3. Sophos on-acces settings - what do you do?
    By ajbritton in forum Windows
    Replies: 7
    Last Post: 24th March 2006, 05:58 PM
  4. Old hardware - what do you do with it?
    By tarquel in forum Hardware
    Replies: 24
    Last Post: 11th November 2005, 02:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •