Home

Tutorials

Active Directory

Possible Impacts when Putting Online an Old FSMO Role Holder (EN)

When losing an FSMO roles holder, FSMO roles hosted on the lost Domain Controller should be seized if it will take a long time to repair its failure or if the server can no longer be recovered. After a seizing operation, the old FSMO roles holder should not be back online before forcibly demoting it or re-installing its operating system. That is very important in order to avoid major impacts on your Active Directory Domain Services infrastructure.

This article explains the possible impacts that may occur when putting online an old FSMO holder after seizing its FSMO roles. This is summarized in the following table:

FSMO role	Possible impacts	Severity
Schema Master	Conflicts might occur on Active Directory Schema if two Schema Masters are trying to make updates in the same time. That might lead to a corruption in the Active Directory forest.	Critical (*1)
Domain Naming Master	Inconsistencies may be identified when displaying domains managed in an Active Directory forest. Metadata cleanup, adding and removing new Domains / Domain Controllers will not be possible.	Critical (*1)
PDC Emulator	Password validation will randomly succeed or fail, replication of password modifications will become slower and time synchronization issues may occur.	Medium (*2)
Infrastructure Master	Wrong display of group membership after updates will occur.	Medium (*2)
RID Master	Duplicated RID pools will be assigned to Domain Controllers which will result in data corruption and security issues because of re-use of SIDs.	Critical (*1

(*1) A forest / Domain recovery is required to solve the issues.

(*2) No permanent damages are caused and the issues can be solved without doing a forest / Domain recovery.

The impacts vary from an FSMO role to another but it is always not recommended to put online an old FSMO holder after seizing its FSMO roles as this is a high risk operation that might cause permanent or temporary disruption on your Active Directory environment.

The latest tutorials

22/06/2017 Comment afficher les comptes authentifiés sur un RODC (FR)

15/06/2017 How to copy SMSTS.log when a Task Sequence fails (EN)

14/06/2017 Hyper-V and Router Guard Feature (EN)

13/06/2017 How to Prevent Rogue DHCP Servers on your Network (EN)

About Tunit

Tunit helps you plan your Microsoft systems integration and administration.

Certainly, having a good Management of your IT systems improve your Business performance while it can, when it is poorly managed, obstruct the responsiveness and efficiency of your organization. We are here to help you so do not hesitate to follow us.

View more