How to transfer FSMO Roles When Main Domain Controller is Down or Offline

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends will go to my channel and today in this video I'm going to show you how to transfer fsmo role when the main domain controller is down or offline so let's talk some something about fsmo roles so FS my role is the main row main fife role on which acted active forest works so so we have total 5 fsmo role which is schema master domain naming master right master PDC and such a master so as you can see in a screenshot to rule are working on a forest level and three roles are working on domain level so it means something like if you have more than two domain in a forest so you must have a raid PDC and such a my master has has on your domain level like like I have a main forest which is microsoft.com and I have to a to domain and my forest like iron dot microsoft.com and us dot microsoft.com so we we have total total to forest wise fsmo role which is schema master and domain master which is common for both the iron dot Microsoft or new us dot microsoft.com domain and we have a separate sub that read PDC an association master in both the domain like us dot microsoft.com and india dot microsoft.com so then we have totals you can say a troll and sick thing for domain for the US dot microsoft that comment three for iron rod microsoft.com so we have six domain wide ephemeral and too far astray so this is some something about as a summer roll so let's see what we have in this infrastructure so why i am going to transfer the role after summer road random main domain controller is down like if if if i have one domain country which is holding all the five role for the forest and if the main government control goes down then my active that you will not work anymore so we have to reclaim our all 5f summer role on any other domain controller so for that you must have any any additional domain controller in your infrastructure which can take over the all five roles so so here is my infrastructure which I am going to use we have total four virtual machine and this demo so first you can see this is my primary domain controller which is going to k12 DC 0 1 and my domain name is victim for soul come you go here you can see I haven't selected a clear DNS role on this server and here if we go here you can see domain controller primary terminals why it's saying domain controller I marry because if I go on command from and type let down ready after some to check there for summer role who is the owner of fsmo its net down to area for summer it will give the result who is taking care about the all five holes so you can see when to get web DC 0 1 is taking care about all five rows that's why it's saying domain controller primary here if you go here actually at kiddie answer and my second domain controller is going to get 12 DC 0 1 and in the same domain you can see it's saying system type domain controller backup because this is additional domain controller and my infrastructure this is not currently holding any role which is related to fsmo if I go on tools X here you can see if I go and change the domain controller you can see my domain controller here both the domain controller also if you go here on domain controllers you can see my do go domain controller global catalog so so we have one primary domain cater and one second you dimension and we have two windows 8 client machine here you can see when we CL - CL zero one and win at FSU CL 0 - and both add wine in my domain if you go here you can see these are join in my victory for soul by using the domain account which is user 0 1 and logging server is win - k12 this is the 1 bit because this is my primary domain controller and if you go in DNS you can see I have configure my both domain controller IP address 192.168.1.1 a.m. you can verify some here also the this machine is CL 0 2 is also join in my domain login with the domain account which is user 0 to login server is the primary domain controller and IP address digits is given here so so this is in sausage' which I am going to use in next video you can next slide you can see fsmo role quite potential and command so this is something just giving detail about the all the roles which required to be migrated when the when the primary primary server is goes down primary activity domain controller goes down so you must have credential like credential to transfer the fsmo roles or C's therefore summer rolls so if you go here you can see a domain naming master required enterprise at admin and a schema master require C schema admin rights and rest 3 require basically a domain administrative rights so if you go on first light you can see raid PDC infrastructure master is a domain wide roles that size required domain admin city and these are required for this level so here we are so we need to row migrate all the rules so before doing this my both currently my board domain controller is active and on the network so what I am going to do I'm going to just shut down my primary domain controller so seems if you have like the primary server goes down or or some some like you can say some human error or some disasters there so so anyhow your primary service goes down like you have some hardware issue you have some hard harddrive issue and your server and your primary server goes down then you have to resume all the services to your prime a secondary domain controller which is which is not holding currently a neat old fake go here and now run that down very fsmo we're able to see all the five souls are still planning on going to k12 DC 0 1 at the active directory level but the server is not anymore on a network so yeah you can see everything is still running are on like went to k12 BC 0 1 which is my primary degree in controller and due to this we we can face issue on our active that means for sexual light like some is related to client users or groups anything so so what is my task here our task is to transfer the fsmo role when main domain controller is down or offline so to do this we need to transfer all the five roles so from here this is 0 1 2 DC 0 2 so if you go on to do this I am going to use a command prompt and here we need to type and t DF util which is basically new technology right to services utility and if you go here you can always press question mark enter to check the what is all available commands so here I want to click go for roles because I want to work with fsmo role now we are at the fsmo maintenance login and now let's question mark and here you can see connection connect to a specified aqueduct a domain controller or LDS instance so I want to connect with Active Directory servers where I want to transfer also so connections and now you can see the connection and hit in question mark now you can see here connect to domain and connect to server' connect to server DNS name so I want to connect to server DC 0 to because I want to transfer everything from DC 0 1 2 DC 0 2 so type the name we need to type connect to server winged 2k12 DC 0 2 and hit enter now you can see binding to win 2k12 this is video 2 and connected to server using the credential of a local logged user so I am currently logged in by domain a main account which is which having the administrative rights or at enterprise level so if you want to check yes I have logged in with this account if I go to properties and check the member of the LC it's a administrator domain admin enterprise admin scheme admin I have all the rights required rights which I need to transfer the roles these all five roles so so now if I go here as my primary domain controller is down launched the user actually use the same computers and if I go here on victim for sole com domain and click on operation master it will give you error at all the three roles because we are currently not connected to our primary domain cutter which is into k12 - TC 0 1 in my case so let's wait for it and see what's giving the information about the operations master roles so it will take some time because the primary domain controller is not available so it will take time to read the information because there was no response for DC 0 1 now you can see it's giving Heather everywhere on droid page you see infrastructure on all the rules so what we need to do we need to see the role and transfer so what is basically a difference between seizing and transferring the role now if I go here and we need to like go to outside of this and now if you go here on fsmo maintenance and click you can see we have two options the first option is saying to cease the roles and second is transfer route so what is basically difference between seizing the role and transferring the route so basically seizing the roles we can do this seizing for fsmo role when the our primary domain controller is not available so you can see here over over right infrastructure road on connected server override PDC role on connected server so basically we are connected to our window k12 DC 0 2 and I am going to overwrite the information in my acted acted to use to to assign the role to connected server and transfer you can see here at simple transferring role from one domain control to another domain controller so let's close it close everything and one more time check this atom abscess query fsmo to check the role status so now I have to transfer the roll one by one so the first roll which I am going to transfer is and such a chip master roll so let's type sees things first so section master hit it there and here we have some warning are you sure one-to-one server this to see the intrasexual roll with the average value yes I want so click yes and this will take some time here you can see attempting safe transfer to infrastructure after similar fold before seizing so it will take some time and also this this page will give you some address will see once it's done so please wait for the or server to see is the roll and transfer the roll from the pin to get word gc0 one hour our primary domain controller to secondary domain cutter which is going to get 12 TC 0 - so wait for it so you can see now we have some wording but such actual master role has been changed to win to get roldy c02 and basically you always receive this type of masses when seizing the role so let's check by in Adam query fsmo that we have transferred the role successfully as for structure master role so wait for it and now you can see here we have infrastructure master role running on winter control GC 0 - the same way and going to cancel another role which is domain naming master so type the naming cease naming master hit enter yes I want to do this so in same way we need to transfer all the five roles from our server to secondary server so wait for it so now you can see naming master is also transfer going to k12 and now it's time to transfer the PDC so I'm going to seize PDC as I want to see this role and here you can check the roles information now you can see we had domain naming master and in such a master role is running on winter guitar - TC 0 - so wait for PDC - this is and attempting to save transfer PDC F is enough so paid is is moved nice time to move the rate so cease raid master hit enter yes I want to see the rule Knights moving the red master role so red is also transferred so now finally we need to transfer the schema master role so now you can see all the four role is working on running on went to get well - DC 0 1 so let's transfer the last role so we need to type the C's schema master and this is the final role we which we need to transfer or C's from window couture DC 0 1 which is powered off now to running domain controller additional domain controller which is basically existing as a backup and now it's it will work as a primary domain controller so we'll see that also so wait for this so now everything is transferred let's verify the final time so now we have all the FS m o5 role is relying on when to get 12 DC 0 2 which is our backup server and let's the first this begin for to check the details are so selected or not that's now you can see it's domain controller and saying primary terminal server because we have transferred all the active directory roles on to a domain controller roles to this server only so the check base so now you can see if I restart the our client machine you are still able to see that logon server is the primary domain gun to a existing primary domain controller which is then took it while DC 0 to because we have still domain information DNS address is like trying to map with the old one so let's check once then we can modify a few settings and we are good to go so machine is rebooted go here login still it's log log and survive into controlled DC 0 1 let's also verify from refreshing the busy info will see information is replicated or not so so now you can see if I click on apply still it's saying login server went to get well this is r1 because in domain controller we have a still DNS information which is connected with all domain controller so here I am going to chain the our DNS setting for client machine so let's remove this and make this a primary oops we need to apply this so remove this and apply ok and now if i refresh the setting you can see this DNS update update is done but it's still it's getting the DNA login server has been took at all DC 0 so what I'm going to do on a DNS on my DNS server go here and I don't want the old server anymore so I want to delete this entry for DC 0 1 from my domain controller Deana so everything's fine and now restart this over oh sorry this client machine to check the data information coming on no not and login server is getting changed or not and same I want to go on change the IP address here or just go and update so on client 1 I have changed the domain cárdenas IP address on this I have not changed address like DNS address so just run the again begin phone my - and you can see it's still not fetching the dc2 address so we need to change the DNS address on this machine also so go here and these are basically not a local administrator that is asking for the credential so remove this check the new setting is coming so but the blogging server is still this is gonna do so let's verify on our win date - cl1 first so I'm going to log in and now you can see the login server has been changed and the DNS address is also updated on we need CL one two and same I am going to do here and just reboot this machine IP this configuration is done so wait for machine to restart let's log into Winx - CL zero - now you can see the login server is changed on my second client machine as well as so this is all about like transferring therefore summer rolls when the main domain controller is down or offline so thank you for watching and please subscribe me for more videos and if you have any query any question related to this please post me on my given mail IDs thank you once again bye bye

Info

Channel: Labs Hands On

Views: 25,738

Rating: 4.8767123 out of 5

Keywords: seize fsmo roles, seize fsmo roles 2012 r2 ntdsutil, seize fsmo roles 2016, seize fsmo roles from dead domain controller, seize fsmo roles server 2012, 5 fsmo roles, fsmo role check, fsmo role explained, fsmo role holders command line, fsmo role in active directory, fsmo role seize, fsmo role seize and transfer, fsmo role transfer, fsmo roles 2012, fsmo roles 2012 r2, fsmo roles query, fsmo roles transfer dc to adc, what is fsmo role, fsmo roles

Id: Do_ScAZReiE

Channel Id: undefined

Length: 24min 0sec (1440 seconds)

Published: Thu Jun 22 2017