Great point, I neglected to mention the process of metadata cleanup.
My comment regarding the IM simply meant that the FSMO role itself
imposes no additional requirements once seized.
I would recommend the use of NTDSUTIL over ADSIEDIT since, although
it is cumbersome, it ensures that the task at hand is completed
correctly (including FRS state).
With regard to the statement: "you must ensure the old machine never
comes back up without formatting its hard drive", this is FSMO
specific and does not apply here. The IM, as I said, maintains
virtually no state and as such can be brought back on line (where
possible) without any cause for concern ... assuming other
non-related factors are a non-issue, factors such as downtime not
exceeding tombstone lifetime.
Note that Windows 2000 SP?(something, 2 I think) and Windows 2003
introduce the concept of INITSYNC; a requirement that must be met by
all DCs holding FSMO roles. This requirement prevents a DC in
possession of a FSMO role from offering any service at boot time
bound to that role until it has completed a full replication cycle
with one of its direct replication partners. This technique helps
to ensure that 2 DCs do not service the same FSMO role (the
assumption being that the DC from which the old FSMO replicates will
already be aware that the role has moved and will inform the old
FSMO of this fact before it begins to offer those services).
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Yes. Find and remove all references to the former machine. You
will need to use ADSIEdit to completely remove this server. When
you sieze a FSMO role, you must ensure the old machine never comes
back up without formatting its hard drive.
Mike Ober.
I do not plan on re-introducing the former AD DC back into the
network. Do I need to remove any references of it...e.g. AD CU
/System/FRS?
Or in any other locations where it is referenced.
I'm concerned with the event viewer logs displaying unnecessary
messages. Thanks much Dean.
Robert
:
Nothing further needs to be done when seizing the Infrastructure
FSMO since it maintains virtually no state.
In a single domain, the Infrastructure FSMO and GC ARE compatible
when running on the same DC.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
RHS wrote:
Hi,
I've got a single domain, two Win2k DC's mixed with some NT
BDC,s. Previously another Win2k DC was physically removed from
the network without demoting with DCPromo. It appears that the
Infrastructure Master was it's only role. I've seen the
documents regarding using Ntdsutil to seize FSMO roles.
Once I've done that, is there anything else I need to do?
Also, with a single domain is there a problem with having the
global catalog DC also hold the Infrastructure Master?
It's a RAID 5 machine versus my second AD DC being a pc clone.
Thanks much,
Robert