How do you do....it? Thread, Primary DC (FSMO) Fails... what do you do? in Technical; Hi all,
Currently looking into our disaster recovery plan and, just so I am clear in my head, in the ...
22nd October 2012, 11:23 AM #1
- Rep Power
Primary DC (FSMO) Fails... what do you do?
Currently looking into our disaster recovery plan and, just so I am clear in my head, in the unlikely event our FSMO dies would the following get us up and running with minimum fuss and downtime:
- Log on to our second DC, seize FSMO roles and setup DHCP (already has DNS)
- Rebuild failed FSMO server, patch, install software, connect up SAN drives, setup shares
- Run DCPromo on rebuilt server
- Transfer back FSMO (if necessary)
Not that I would want to do it but it doesn't seem to bad really - days work tops (most of which is patching)... or am I missing bits? We have backups in place etc. using DPM but as we are still running 2003 on our DCs until next summer BMR is out of the question so I am considering what-if scenarios (actually the above probably looks more appealing to me than a BMR, I would worry about replication being out of sync if the PDC was rebuilt).
Last edited by CyBeRkId2002; 22nd October 2012 at 11:24 AM.
22nd October 2012, 11:40 AM #2
Rebuilt the PDC Emulator at last place in about 4 hours between 2 of us from a fresh install including rebuilding the RAID. That included restoring all the users data and shares that were on the PDC emulator. We had never done it before and had to find out how to seize the neccesary roles etc and then putting them back on the rebuilt server.
Must admit it actually done us a favour as was causing all sorts of grief :-), regulary running out of c drive space and causing replication issues.
Last edited by Davit2005; 22nd October 2012 at 11:41 AM.
23rd October 2012, 02:58 PM #3
- Rep Power
I would also make sure to follow best practice, when seizing the role, make sure the server is rebuilt with a different IP\name. In most cases this shouldn't be necessary but it's advised to have a "clean" install.
In some cases you can have a server failure and still be able to move the roles over cleanly. In this case I'd happily keep the same name/ip if the server is rebuilt
23rd October 2012, 03:00 PM #4
Or restore from backup??
We've done a DR test in the past at a primary we look after with ~300GB of data and a DC restored in a few hours.
23rd October 2012, 03:05 PM #5
- Rep Power
If you only have 1 DC in your environment, then sure a restore from backup is the way to go. However if you have multiple DC's and to the best of your knowledge replication is working. Then I would never try a restore, and always go for a rebuild and repromo.
This is unless your backup happened to be minutes before the failure - otherwise you'll have no end of users moaning that their passwords are no longer working, the people who manage your accounts wondering where their days work has gone.
23rd October 2012, 03:30 PM #6
- Rep Power
Do do an non authoritative restore and you would avoid that!
23rd October 2012, 03:35 PM #7
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
If it is possible, fix the broken domain controller that is assigned the FSMO roles.
23rd October 2012, 03:36 PM #8
Split your DHCP scope 80%/20% across your two DCs. That way if one server goes down the other will still be available to dish out IPs. Saves you from a whole lot of pain if the IPs start expiring but you haven't yet sorted out your DC loss (or if the DC goes down over the weekend).
Last Post: 16th November 2006, 09:10 PM
By tickmike in forum General Chat
Last Post: 7th September 2006, 01:14 PM
By ajbritton in forum Windows
Last Post: 24th March 2006, 05:58 PM
By tarquel in forum Hardware
Last Post: 11th November 2005, 02:35 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)