Moving the Global Catalogue & Domain master roles

[shakamon]

This one has me worried a bit, Microsoft has one of those special notes on the side of this saying this is very intense on your systems. I need to move the Global Catalogue, Domain master roles, RID master roles, Site Master roles, and one other role from an older piece of hardware to a new piece that has Win2k Server installed already. I will install AD. Then I really am stuck. Has anyone attempted this?, any body have some good steps/precautions to take? I dont think I am quite sure how to move this. Unfortunately my company no longer pays for training. Books and this forum are my only guide, so far a couple of ya really helped me get things straight. I think I am really going to need somebody to explain a step by step because the MOC book is vague and we are talking about all my user/group accouts etc. Shakamon
"Only the dead fish follow the stream"

 

[anuabhi]

Hi,

I just had this problem. One of my co-workers abruptly took the operations master server off and I was not able to install the Exchange 2000 as it needed the schema master which was taken off. So I brought the server back online and transfered all the roles from that server to a more secure server. It took at least 2 hours on my network to get the things replicated and bring the AD to a healthy state. But it was just a matter of being patient and let the changes replicate. I started with transfering the Naming Server from "AD Domain and Trust" snap in and then transfered the PDC, RID and Infrasturcture Master roles from "AD users and computers" snapin. Then I moved to make this controller my Schema Master and don't forget that this server has to be global catalog server too. May be it took so long to replicate on my network was because we still have mixed win2000 and nt domain controlers so the things are not that stable. But it worked for us great.

 

[shakamon]

I was able to actually do it in a test environment...hardest thing was to load the Adminpak to get the schema snap in, which requires uninstalling the admin tools then reinstalling, cannot just install over it. Now correct me if I am wrong. My global catalogue cannot reside on that new server I transfer those roles to , correct, where should that Global catalogue server sit?
Shakamon
"Only the dead fish follow the stream"

 

[donnie4564]

There is a difference in taking the fsmo role from a dc and changing the role.

PDC, RID, and Infrastructure masters can be changed from AD users and computers right click AD users and computers and choose all task then operation masters

Global Catalog server can be changed by Opening sites and services double click sites, double click site name, double click servers, double click your server, click your server, right click NTDS settings, properties, place a check in global catalog.

An alternate way to get the Schema snap-in is register a dll. open run, type regsvr32 schmmgmt.dll

To change the Schema Master role use AD schema snapin Right click the ad schema choose operation master.

Domain Naming Master: from domains and trust right click domains and trust choose operation master.

 

[peterve]

you can do these things with ntdsutil as well... --------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------

 

[shakamon]

So what do I do with the global catalogue server roles, should I have it on another system??? Shakamon
"Only the dead fish follow the stream"

 

[mwatson]

I have just had the problem of moving the fsmo roles to a test server, formatting c on our main server and transferring them back. These are the steps I followed.
The steps I haven't included are setting up the 'new' server with ADS, DNS. Getting DNS right is critical.
I then reversed everything to change everything back.

fileserver_1 = Our main server
Test2000 = New Server
Hope this helps.

DNS
Check DNS settings on fileserver_1 and document Check look-ups to show correct servers.
Check DNS is installed on Test2000
Go to Active Directory System and Services on fileserver and force replication to Test2000.
Set up WINS and DHCP. (Check scope of fileserver_1)
Change preferred DNS Server on both to Test2000.

From command prompt do the following on both Servers.
„h Ipconfig /registerdns
„h Net stop netlogon & net start net logon

DNS should be populated on both server in AD in zones.

Changing FSMO Roles
Done on Fileserver
„h RID
„h PDC Emulator
„h Infrastructure
„h Schema
„h Domain Name

AD Users: Click on Zone and Right Click on Operations Master
Change RIS, PDC and Infrastructure to point at Test2000 Server NOT Fileserver_1

Change Domain naming by going to AD Names and Trusts and right click the top item and click on Operation Master.

„h Domain Naming must be a Global Catalog Server.

Change Schema

From command prompt: regsrv32 schmmgmt.dll
MMC

Use Snap in Tool to add Active Directory Schema
Right Click Active Directory Schema and make sure it is looking at the correct computer.

Reinstall WINS on Test2000 server.

DHCP

Need to transfer DHCP Database from fileserver to Test2000 server.
Install DHCP on Test2000 server.
Right click on Server Authorities and refresh. When the option says Configure options say configure these later. DO NOT ACTIVATE.

Stop DHCP Server on both servers.
Copy fileserver_1 c:\winnt\system\dhcp directory to same place on Test2000 server
Start DHCP Server on Test2000 Server, Authorise, and Refresh and activate scope.

Test DHCP on a client. Release lease on IP and renew lease.

„h Ipconfig /release
„h Ipconfig /renew.

 

[shakamon]

Thanks folks, but I doidnt go into the command line, I connected to a domain controller that I was moving to. CLicked Operations Master for all the roles (RID, PDC, etc)clicked change, then selected the other server. I checked on the other server and it had assumed all of those roles and I checked thru AD. Am I missing something by doing it that way? The above post looks like when you seize the roles, but dont you dont that if the physical machine will never be brought online again. Kinda of confused on that. And if I have 2 dc's, one ( new server)will have DNS, DHCP, AD, and all those master roles, and print server (low print volume). The other DC (older system)the global catalogue, secondary DNS, DHCP and WINS. Does that seem to be a decent setup? Shakamon
"Only the dead fish follow the stream"

 

[shakamon]

FYI when I installed the admin pack, it seemed to hose my existing DNS settings, I had to reinstall it. I think it was becasue I had to unistall and reinstall admin tools. the DNS got dissassociated. Also quick note, the AD monitor is a great tool I discovered when I wanted to confirm those domain master, RID, etc roles. Thing is now, I have no replication going, but more and more its pointing to DNS and my above problem. I will get it somehow... Shakamon
"Only the dead fish follow the stream"