Home 
Tutorials
Active Directory 
Possible Impacts when Putting Online an Old FSMO Role Holder (EN) |
When losing an FSMO
roles holder, FSMO roles hosted on the lost Domain
Controller should be seized if it will take a long time to repair its
failure or if the server can no longer be recovered. After a seizing
operation, the old FSMO roles holder should not be back online before
forcibly demoting it or re-installing its operating system. That is very
important in order to avoid major impacts on your Active
Directory Domain Services infrastructure.
This article explains the possible impacts that may occur when putting
online an old FSMO holder after seizing its FSMO roles. This is summarized in
the following table:
|
FSMO role
|
Possible impacts
|
Severity
|
Schema
Master
|
Conflicts might occur on
Active Directory Schema if two Schema Masters are trying to make updates in
the same time. That might lead to a corruption in the Active Directory
forest.
|
Critical
(*1)
|
Domain
Naming Master
|
Inconsistencies may be
identified when displaying domains managed in an Active Directory forest.
Metadata cleanup, adding and removing new Domains / Domain Controllers will
not be possible.
|
Critical
(*1)
|
PDC
Emulator
|
Password validation will
randomly succeed or fail, replication of password modifications will become
slower and time synchronization issues may occur.
|
Medium
(*2)
|
Infrastructure
Master
|
Wrong display of group
membership after updates will occur.
|
Medium
(*2)
|
RID
Master
|
Duplicated RID pools will
be assigned to Domain Controllers which will result in data corruption and
security issues because of re-use of SIDs.
|
Critical
(*1
|
|
|
(*1) A forest / Domain recovery is required to solve the issues.
(*2) No permanent damages are caused and the issues can be solved without
doing a forest / Domain recovery.
The impacts vary from an FSMO role to another but it is always not
recommended to put online an old FSMO holder after seizing its FSMO roles as
this is a high risk operation that might cause permanent or temporary
disruption on your Active Directory environment.
|
|
About Tunit
Tunit helps you plan your Microsoft systems integration and administration.
Certainly, having a good Management of your IT systems improve your Business performance while it can, when it is poorly managed, obstruct the responsiveness and efficiency of your organization. We are here to help you so do not hesitate to follow us.
View more
TUNIT © 2011 - MALEK Ahmed