RE: [ActiveDir] Moving Schema Master (continued...)
Have you tried standing up a server in the DMZ next to the Schema Master Server (IE. New server in the DMZ). Then transfer the FSMO role to new server. Just an Idea, Todd -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:46 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Moving Schema Master (continued...) Greetings All If you have been following this thread, you know that I am having problems moving the Schema Master role from a server sitting in my DMZ to one sitting in trusted. I have opened up all ports between these two servers, and I am still getting the same error; current FSMO could not be contacted. I am really at a loss! I can't seize the role as the server currently acting as the Schema Master is also an Exchange server, and is hosting IIS. It is not a server that I can take offline and rebuild. I have verified that all requisite rights are in place, I have verified replication, I even called the mfgr. (Netscreen) of the firewall to verify that I did indeed have all ports open. I can't take this server offline to bring it inside, and I don't have a system that I can use as a "swing" server as Roger suggested. Is there anything else that may be preventing me from doing this? I am really getting frustrated! (And behind schedule...) TIA for any help. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
Wish I could.. Roger had the same idea, placing a server in the DMZ, moving the role, then bringing the server inside to transfer it to a trusted DC. He called it a "swing" server. Great idea, but I don't have another box to do that with. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:33 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) Have you tried standing up a server in the DMZ next to the Schema Master Server (IE. New server in the DMZ). Then transfer the FSMO role to new server. Just an Idea, Todd -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:46 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Moving Schema Master (continued...) Greetings All If you have been following this thread, you know that I am having problems moving the Schema Master role from a server sitting in my DMZ to one sitting in trusted. I have opened up all ports between these two servers, and I am still getting the same error; current FSMO could not be contacted. I am really at a loss! I can't seize the role as the server currently acting as the Schema Master is also an Exchange server, and is hosting IIS. It is not a server that I can take offline and rebuild. I have verified that all requisite rights are in place, I have verified replication, I even called the mfgr. (Netscreen) of the firewall to verify that I did indeed have all ports open. I can't take this server offline to bring it inside, and I don't have a system that I can use as a "swing" server as Roger suggested. Is there anything else that may be preventing me from doing this? I am really getting frustrated! (And behind schedule...) TIA for any help. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
Maybe a VMWare virtual machine? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ** > > Wish I could.. Roger had the same idea, placing a server in > the DMZ, moving the role, then bringing the server inside to > transfer it to a trusted DC. He called it a "swing" server. > Great idea, but I don't have another box to do that with. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
Don't you have a desktop PC that you could temporarily use? If not, you might want to consider moving your internal DC into the DMZ long enough to move the FSMO instead of the other way around. Kenneth W. (Ken) Adams, MCSA, MCSE -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Wish I could.. Roger had the same idea, placing a server in the DMZ, moving the role, then bringing the server inside to transfer it to a trusted DC. He called it a "swing" server. Great idea, but I don't have another box to do that with. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:33 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) Have you tried standing up a server in the DMZ next to the Schema Master Server (IE. New server in the DMZ). Then transfer the FSMO role to new server. Just an Idea, Todd -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:46 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Moving Schema Master (continued...) Greetings All If you have been following this thread, you know that I am having problems moving the Schema Master role from a server sitting in my DMZ to one sitting in trusted. I have opened up all ports between these two servers, and I am still getting the same error; current FSMO could not be contacted. I am really at a loss! I can't seize the role as the server currently acting as the Schema Master is also an Exchange server, and is hosting IIS. It is not a server that I can take offline and rebuild. I have verified that all requisite rights are in place, I have verified replication, I even called the mfgr. (Netscreen) of the firewall to verify that I did indeed have all ports open. I can't take this server offline to bring it inside, and I don't have a system that I can use as a "swing" server as Roger suggested. Is there anything else that may be preventing me from doing this? I am really getting frustrated! (And behind schedule...) TIA for any help. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
VirtualPC Baby! It rocks, in some ways... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Charlie Kaiser [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:39 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Maybe a VMWare virtual machine? > > ** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 985 0975 x5083 > ** > > > > Wish I could.. Roger had the same idea, placing a server in > > the DMZ, moving the role, then bringing the server inside to > > transfer it to a trusted DC. He called it a "swing" server. > > Great idea, but I don't have another box to do that with. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
Hm Not a bad idea shipmate. -Original Message- From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 6:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Don't you have a desktop PC that you could temporarily use? If not, you might want to consider moving your internal DC into the DMZ long enough to move the FSMO instead of the other way around. Kenneth W. (Ken) Adams, MCSA, MCSE -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Wish I could.. Roger had the same idea, placing a server in the DMZ, moving the role, then bringing the server inside to transfer it to a trusted DC. He called it a "swing" server. Great idea, but I don't have another box to do that with. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:33 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) Have you tried standing up a server in the DMZ next to the Schema Master Server (IE. New server in the DMZ). Then transfer the FSMO role to new server. Just an Idea, Todd -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:46 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Moving Schema Master (continued...) Greetings All If you have been following this thread, you know that I am having problems moving the Schema Master role from a server sitting in my DMZ to one sitting in trusted. I have opened up all ports between these two servers, and I am still getting the same error; current FSMO could not be contacted. I am really at a loss! I can't seize the role as the server currently acting as the Schema Master is also an Exchange server, and is hosting IIS. It is not a server that I can take offline and rebuild. I have verified that all requisite rights are in place, I have verified replication, I even called the mfgr. (Netscreen) of the firewall to verify that I did indeed have all ports open. I can't take this server offline to bring it inside, and I don't have a system that I can use as a "swing" server as Roger suggested. Is there anything else that may be preventing me from doing this? I am really getting frustrated! (And behind schedule...) TIA for any help. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ > long enough > to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to > a trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the > Schema Master > Server (IE. New server in the DMZ). Then transfer the FSMO > role to new > server. > > Just an Idea, > > Todd > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Moving Schema Master (continued...) > > > Greetings All > > If you have been following this thread, you know that I am having > problems > moving the Schema Master role from a server sitting in my DMZ to one > sitting > in trusted. I have opened up all ports between these two > servers, and I > am > still getting the same error; current FSMO could not be > contacted. I am > really at a loss! I can't seize the role as the server > currently acting > as > the Schema Master is also an Exchange server, and is > hosting IIS. It is not a server that I can take offline and rebuild. > > I have verified that all requisite rights are in place, I > have verified > replication, I even called the mfgr. (Netscreen) of the firewall to > verify > that I did indeed have all ports open. I can't take this > server offline > to > bring it inside, and I don't have a system that I can use as a "swing" > server as Roger suggested. Is there anything else that may be > preventing > me > from doing this? I am really getting frustrated! (And behind > schedule...) > > TIA for any help. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Moving Schema Master (continued...)
I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ > long enough > to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to > a trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -----Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the > Schema Master > Server (IE. New server in the DMZ). Then transfer the FSMO > role to new > server. > > Just an Idea, > > Todd > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Moving Schema Master (continued...) > > > Greetings All > > If you have been following this thread, you know that I am having > problems > moving the Schema Master role from a server sitting in my DMZ to one > sitting > in trusted. I have opened up all ports between these two > servers, and I > am > still getting the same error; current FSMO could not be > contacted. I am > really at a loss! I can't seize the role as the server > currently acting > as > the Schema Master is also an Exchange server, and is > hosting IIS. It is not a server that I can take offline and rebuild. > > I have verified that all requisite rights are in place, I > have verified > replication, I even called the mfgr. (Netscreen) of the firewall to > verify > that I did indeed have all ports open. I can't take this > server offline > to > bring it inside, and I don't have a system that I can use as a "swing" > server as Roger suggested. Is there anything else that may be > preventing > me > from doing this? I am really getting frustrated! (And behind > schedule...) > > TIA for any help. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : >
RE: [ActiveDir] Moving Schema Master (continued...)
Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ long > enough to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to a > trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -----Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the Schema > Master Server (IE. New server in the DMZ). Then transfer the FSMO > role to new server. > > Just an Idea, > > Todd > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Moving Schema Master (continued...) > > > Greetings All > > If you have been following this thread, you know that I am having > problems moving the Schema Master role from a server sitting in my DMZ > to one sitting in trusted. I have opened up all ports between these > two servers, and I am still getting the same error; current FSMO could > not be contacted. I am really at a loss! I can't seize the role as the > server currently acting as the Schema Master is also an Exc
RE: [ActiveDir] Moving Schema Master (continued...)
Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ long > enough to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to a > trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the Schema > Master Server (IE. New server in the DMZ). Then transfer the FSMO > role to new server. > > Just an Idea, > > Todd > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) >
RE: [ActiveDir] Moving Schema Master (continued...)
Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ long > enough to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to a > trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -----Original Message----- > From: Myrick, Todd (NIH/CIT)
RE: [ActiveDir] Moving Schema Master (continued...)
Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL
RE: [ActiveDir] Moving Schema Master (continued...)
I just did that, it was very easy. Just put in the Exchange 2003 CD and use the install wizard to run /forestprep and /domainprep. -Original Message- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 9:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hm Not a bad idea shipmate. > > -Original Message- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ long > enough to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -Original Message- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I co
RE: [ActiveDir] Moving Schema Master (continued...)
I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this:
RE: [ActiveDir] Moving Schema Master (continued...)
>From what I gather if you have run a dcdiag on the server not in the DMZ and it returns that it does not know of a schema master role holder that would mean that for some reason the AD has somehow seen that the old schema role holder as a stale record and therefore deleted it from the metabase. So, the answer is yes, you should be able to seize the role with the internal DC if there aren't existing role holders. Please anyone feel free to correct me if I'm wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (co
RE: [ActiveDir] Moving Schema Master (continued...)
Should I demote the DMZ server first? I have to tell you, the thought of doing either (demoting, or seizing the roles) scares the you know what out of me because that server is so important to this organization. Any down time while I recover the thing will be a very_bad_thing. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) >From what I gather if you have run a dcdiag on the server not in the DMZ and it returns that it does not know of a schema master role holder that would mean that for some reason the AD has somehow seen that the old schema role holder as a stale record and therefore deleted it from the metabase. So, the answer is yes, you should be able to seize the role with the internal DC if there aren't existing role holders. Please anyone feel free to correct me if I'm wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -
RE: [ActiveDir] Moving Schema Master (continued...)
I would suggest doing a bit of homework first then :-) I am going on theory at this point. Anything could potentially happen and unfortunately I think it will be very difficult to regenerate this situation in a testing environment due to its nature. I would research ntdsutil to see the potential impact of deleting an existing role holder and demoting the dc aftewards before doing anything eventhough the existing role holder is not communicating with the AD. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Should I demote the DMZ server first? I have to tell you, the thought of doing either (demoting, or seizing the roles) scares the you know what out of me because that server is so important to this organization. Any down time while I recover the thing will be a very_bad_thing. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) >From what I gather if you have run a dcdiag on the server not in the >DMZ and it returns that it does not know of a schema master role holder that would mean that for some reason the AD has somehow seen that the old schema role holder as a stale record and therefore deleted it from the metabase. So, the answer is yes, you should be able to seize the role with the internal DC if there aren't existing role holders. Please anyone feel free to correct me if I'm wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTE
RE: [ActiveDir] Moving Schema Master (continued...)
Thanks again Michael. I will research this, thoroughly! In the meantime, before I do anything else, I am going to get the most comprehensive back-up of that server that I can possibly obtain tonight. Tomorrow, I will plunge into action. Doing what, I don't know yet. But I have to bust a move and make something happen. Worse case, I have the weekend to recover. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I would suggest doing a bit of homework first then :-) I am going on theory at this point. Anything could potentially happen and unfortunately I think it will be very difficult to regenerate this situation in a testing environment due to its nature. I would research ntdsutil to see the potential impact of deleting an existing role holder and demoting the dc aftewards before doing anything eventhough the existing role holder is not communicating with the AD. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Should I demote the DMZ server first? I have to tell you, the thought of doing either (demoting, or seizing the roles) scares the you know what out of me because that server is so important to this organization. Any down time while I recover the thing will be a very_bad_thing. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) >From what I gather if you have run a dcdiag on the server not in the >DMZ and it returns that it does not know of a schema master role holder that would mean that for some reason the AD has somehow seen that the old schema role holder as a stale record and therefore deleted it from the metabase. So, the answer is yes, you should be able to seize the role with the internal DC if there aren't existing role holders. Please anyone feel free to correct me if I'm wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itself. Once you have done that it all depends on how you expect to migrate the data between the existing Exchange Server and the new Exchange server for your next hurtle? I'm sorry Frank. I don't mean to pry the subject, but where do you plan on finding the system to run the new Exchange server without taking down the existing server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think? -Original
RE: [ActiveDir] Moving Schema Master (continued...)
Not sure how reassuring this will be. But, been there, done that, as I'm sure many people in this field have :-) Of course, not for this exact situation. My second day on the job (just happened to be a Friday) the companies primary Exchange servers' hard drives died, and they just happened to be in a RAID 0. Which mean basically meant no more Exchange server. Thankfully the data was stored on the second array which was in a RAID 1. So I spent the weekend day and night rebuilding the Exchange server and Monday morning it was like nothing happened. Of course, I hadn't gotten much sleep so I don't remember much of what happened aftewards. I was very relaxed however :-) Sadly there is no exaggeration. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 2:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Thanks again Michael. I will research this, thoroughly! In the meantime, before I do anything else, I am going to get the most comprehensive back-up of that server that I can possibly obtain tonight. Tomorrow, I will plunge into action. Doing what, I don't know yet. But I have to bust a move and make something happen. Worse case, I have the weekend to recover. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I would suggest doing a bit of homework first then :-) I am going on theory at this point. Anything could potentially happen and unfortunately I think it will be very difficult to regenerate this situation in a testing environment due to its nature. I would research ntdsutil to see the potential impact of deleting an existing role holder and demoting the dc aftewards before doing anything eventhough the existing role holder is not communicating with the AD. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 2:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Should I demote the DMZ server first? I have to tell you, the thought of doing either (demoting, or seizing the roles) scares the you know what out of me because that server is so important to this organization. Any down time while I recover the thing will be a very_bad_thing. -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) >From what I gather if you have run a dcdiag on the server not in the >DMZ and it returns that it does not know of a schema master role holder that would mean that for some reason the AD has somehow seen that the old schema role holder as a stale record and therefore deleted it from the metabase. So, the answer is yes, you should be able to seize the role with the internal DC if there aren't existing role holders. Please anyone feel free to correct me if I'm wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I have a new HP Prolient coming in, supposed to be here within the next couple of days. That will be a new DC/File server. I want to introduce that into the domain first. I will transfer all services and what-not off the existing file server, wipe it, and install it into the network as a 2003 stand-alone server. This will be the new 2003 Exchange server. Once the Exchange move is completed, and all other services are moved from the 2000 DC currently in the DMZ, I will remove it from the AD, wipe it, and install 2003 on it to act as an internal apps server. There are more servers than this in the loop, but I've only covered it from a DC perspective. Now, just so I understand, you're saying that I should be able to seize the schema master role on the internal 2000 DC without it adversely affecting the server in the DMZ because that server thinks it's been deleted anyway? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Okay I would say your first step would be to seize the Schema Master role to the DC on the Internal network before considering anything else. All the while leaving the Exchange server running in the DMZ, it wont do much harm that hasn't already been done by it being there. Meaning, if the metabase already shows that the record has been deleted than it seems the server doesn't "know" it's a role holder to anything else but itse