Re: Metadata cleanup after a seize (was Error seizing schema master FSMO role...)

2010-11-18 Thread Mike Leone 
On 11/18/2010 3:07 PM, Kramer, Jack wrote:
 Now that raises an interesting question - what metadata cleanup is typically 
 required after a role seizure?

You have to remove the non-existant DCs. You can't DCPROMO them down
from being DCs, since they don't exist. :-) And you can't ignore them,
otherwise AD spends all it's time trying to re-connect and replicate
with its' lost brethren. So you have to tell AD to forget them.

See http://support.microsoft.com/kb/216498
How to remove data in Active Directory after an unsuccessful domain
controller demotion


 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955
 
 From: Mike Leone [oozerd...@gmail.com]
 Sent: Thursday, November 18, 2010 3:05 PM
 To: NT System Admin Issues
 Subject: Re: Error seizing schema master FSMO role  in Win2003 AD - RESOLVED
 
 Don't ask me to explain it, but I logged out of the domain admin
 account, and logged in as another account (which is *also* in the Domain
 Admins, Enterprise Admins, Schema Admins groups, exactly like the domain
 administrator account).
 
 And it worked perfectly, exactly as it should. Huh?
 
 I had even waited up to an hour, re-trying the command, thinking it was
 just the fact that it was trying to replicate (and couldn't). Weird.
 
 Anyway, off to do the child domain (seizing schema *first* this time, I
 think :-)), and then to do the metadata cleanup ...



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Metadata cleanup after a seize (was Error seizing schema master FSMO role...)

2010-11-18 Thread Brian Desmond 
Yep - FSMO roles and the simple existence of a DC for replication purposes have 
no real relationship. You have to clean up both.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132


-Original Message-
From: Mike Leone [mailto:oozerd...@gmail.com] 
Sent: Thursday, November 18, 2010 12:15 PM
To: NT System Admin Issues
Subject: Re: Metadata cleanup after a seize (was Error seizing schema master 
FSMO role...)

On 11/18/2010 3:07 PM, Kramer, Jack wrote:
 Now that raises an interesting question - what metadata cleanup is typically 
 required after a role seizure?

You have to remove the non-existant DCs. You can't DCPROMO them down from being 
DCs, since they don't exist. :-) And you can't ignore them, otherwise AD spends 
all it's time trying to re-connect and replicate with its' lost brethren. So 
you have to tell AD to forget them.

See http://support.microsoft.com/kb/216498
How to remove data in Active Directory after an unsuccessful domain controller 
demotion


 
 Jack Kramer
 Computer Systems Specialist
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955
 
 From: Mike Leone [oozerd...@gmail.com]
 Sent: Thursday, November 18, 2010 3:05 PM
 To: NT System Admin Issues
 Subject: Re: Error seizing schema master FSMO role  in Win2003 AD - 
 RESOLVED
 
 Don't ask me to explain it, but I logged out of the domain admin 
 account, and logged in as another account (which is *also* in the 
 Domain Admins, Enterprise Admins, Schema Admins groups, exactly like 
 the domain administrator account).
 
 And it worked perfectly, exactly as it should. Huh?
 
 I had even waited up to an hour, re-trying the command, thinking it 
 was just the fact that it was trying to replicate (and couldn't). Weird.
 
 Anyway, off to do the child domain (seizing schema *first* this time, 
 I think :-)), and then to do the metadata cleanup ...



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin