Seizing the DC roles in the case the main DC fails

From Apoyar Wiki
Jump to navigation Jump to search

Seizing the DC roles in the case the main DC fails


DC1 – Hyper V1

DC2 – Hyper V2

We have disaster recovery windows 10 VM, if management or DC fails, still we have access to disaster VM

- DC1 and DC2 have all same settings

- They are replicated every 15 minutes

- Every DC or domain has server which holds FSMO roles


FSMO Role


- Are special roles with which only one server can work

- We can move FSMO roles overs server or seize it

Tasks we can do with FSMO role

- Join/Remove server to/from domain

- To create subdomain

- To edit group policy

We can move FSMO roles overs server or seize it


To find out which server is holding FSMO roles, use below two command in Powershell on either DC1 or DC2

Get-ADForest wg.local | ft DomainNamingMaster, SchemaMaster Get-ADDomain wg.local | ft InfrastructureMaster, PDCEmulator, RIDMaster

To move FSMO master roles over the server, use below command in poweshell on DC2, Ex. Moving from DC2 to DC1

Move-ADDirectoryServerOperationMasterRole -Identity "DC1" –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster

We have to wait for 15 minutes to move all FSMO roles.

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Seizing_the_DC_roles_in_the_case_the_main_DC_fails&oldid=232