where's the schema master?!

  • Thread starter Thread starter mischko
  • Start date Start date
M

mischko

hello!

two weeks ago i renamed a w2k3 domain. before this, i had to seperate
our w2k-child domain.
now, the w2k3 root-domain is renamed, but in the child-domain is no
schema master (and no schema-admin group ...). dns-master, pdc, rid,
infrastructure master are all here. but no schema master. and i have no
rights to seize it. has somebody any idea how to fix this? how long can
the domain be without this function?!

i don't want to make a new domain, and transfer all users, groups and
computers ... this is very laborious.

can somebody help me?

thanks, michael.
 
mischko said:
hello!

two weeks ago i renamed a w2k3 domain. before this, i had to seperate
our w2k-child domain.
Click to expand...

You cannot (successfully) prune a child domain from it's
parent domain.

They will ALWAYS be in the same forest unless you
uninstall. (With rename they may not be parent child
but they are still in the same forest.)

There is ONLY one Schema Master PER FOREST.
now, the w2k3 root-domain is renamed, but in the child-domain is no
schema master (and no schema-admin group ...).
Click to expand...

Child domains NEVER have the Schema Master UNLESS
you explicitly moved it there from the Root Forest Domain
(the default is the VERY FIRST DC of the Forest.)
dns-master, pdc, rid,
infrastructure master are all here. but no schema master. and i have no
rights to seize it. has somebody any idea how to fix this? how long can
the domain be without this function?!
Click to expand...

You should ONLY have ONE Domain Naming Master also
(for the forest.)
i don't want to make a new domain, and transfer all users, groups and
computers ... this is very laborious.
Click to expand...

There is a PDC Emul, RID and Infrastructure master in
every domain, but only one (each) Schema and Domain Naming
master PER FOREST.
 
You cannot (successfully) prune a child domain from it's
parent domain.
They will ALWAYS be in the same forest unless you
uninstall. (With rename they may not be parent child
but they are still in the same forest.)
Click to expand...
There is ONLY one Schema Master PER FOREST.
Click to expand...

i know ... what's the effect if there's no schema master. is there any
possibility to seize one?
You should ONLY have ONE Domain Naming Master also
(for the forest.)
Click to expand...

i transfered the domain naming master before i renamed the domain. in
the root domain i seized it. (but only the domain naming master - not
the schema master .... don't ask).
There is a PDC Emul, RID and Infrastructure master in
every domain, but only one (each) Schema and Domain Naming
master PER FOREST.
Click to expand...

yes, but what can i do?! making a new one?

thank you!
michael
 
mischko said:
i know ... what's the effect if there's no schema master. is there any
possibility to seize one?
Click to expand...

Your original mail certainly sounded like you expected
a schema master to be in the child domain.

Sure you can Seize the Schema Master but FIRST make
sure you don't have on already.

Roles should ALWAYS be TRANSFERRED (not Seized),
if possible, from the running role holder.

NTDSUtil (roles subarea) can transfer or seize roles.
i transfered the domain naming master before i renamed the domain. in
the root domain i seized it. (but only the domain naming master - not
the schema master .... don't ask).
Click to expand...

Seized or transferred?

You must generally REMOVE forever the original role holder
if you actually did a seize.
yes, but what can i do?! making a new one?
Click to expand...

Seize with NTDSUtil.

Key points when you work with NTDSUtil roles (or also
"metadata cleanup"):

1) You CONNECT to a RUNNING DC

2) You use the running, connected DC to seize a role,
or SELECT a down DC for metadata cleanup.
 
Hi Martin!
Seize with NTDSUtil.
Key points when you work with NTDSUtil roles (or also
"metadata cleanup"):
Click to expand...
1) You CONNECT to a RUNNING DC
Click to expand...
2) You use the running, connected DC to seize a role,
or SELECT a down DC for metadata cleanup.
Click to expand...

to seize a schema master, you need schema-admin rights. in the child
domain, there's no schema admin's group ...
 
mischko said:
Hi Martin!




to seize a schema master, you need schema-admin rights. in the child
domain, there's no schema admin's group ...
Click to expand...

There's no Schema Master either (usually).

Enterprise Admins can place someone (themselves)
in the Schema Admins group -- both groups are on the
Root Forest Domain (i.e., 1st domain in forest.)
 
Back
Top