Sunday, May 17, 2015

Can You Promote a DC With the RID Master Offline?

While in a 70-411 class, the question came up "What would happen if you tried to promote a member server to a Domain Controller while the RID Master FSMO (Flexible Single Master Operations) role holder was offline?". We tossed around the thought for a few minutes, but could not come up with a definite answer. At that point, I declared "Experiment time!", and made the decision to explore this once I got home to my lab.

At times like this, I am glad I keep a few virtual machines (VMs) ready to go. It really helps to speed up the process of running tests such as these.

Here is the configuration of the environment and task list that I used for this test.
  • All servers are running Windows Server 2012 R2 Datacenter
  • Server1 - First installed DC - DNS & GC installed
  • Server2 - Third installed DC - DNS & GC installed
  • Server3 - Second installed DC - DNS & GC installed
  • Server4 - Standalone server
  • Ran all Windows updates on the three DCs
  • Transferred the RID Master role from Server1 to Server3 using Active Directory Users and Computers
  • Verified the transfer of the RID Master role using netdom query fsmo
  • Shut down Server3 (RID Master)
  • Added the Active Directory Domain Services role to Server4
  • Changed the client DNS on Server 4 to point to Server1 (I've been caught enough times with failed attempts at promotion due to mis-configured DNS that I know to change this before promotion)
  • Launched the AD Configuration Wizard
  • After working through the wizard, it failed on the "Prerequisites Check" page due to the RID Master being unavailable.
  • Powered up Server3
  • Reran the prerequisites check
  • At this point, I could successfully promote Server4 to a DC.
So, long story short, a Domain Controller promotion will fail the prerequisites check if you try to perform the operation while the domain RID Master is offline or otherwise unavailable. The specific error displayed is "Verification of prerequisites for Domain Controller promotion failed. You cannot install an additional domain controller at this time because the RID master <server name> is offline.".


Have a great week everyone!






4 comments:

  1. Thats good, what happens if the RID went up in smoke??#

    ReplyDelete
  2. Good question. In that case, you'll need another functional domain controller so that you can seize the role. If your original RID master, 410-SERVER3-GUI was offline, with no hope of recovery, you can enter the following from a PowerShell prompt on a functional domain controller:

    Move-ADDirectoryServerOperationMasterRole -Identity 410-SERVER3-GUI.contoso.com -OperationMasterRole RIDMaster -Force

    There are a few more details on another blog article I wrote, under the section "Seizing a role from another Domain Controller"
    http://ourtwocents-david.blogspot.ca/2014/11/mcse-studying-week-25.html

    In addition, there is a good TechNet article on the subject:
    https://technet.microsoft.com/en-us/library/cc816779(v=ws.10).aspx

    ReplyDelete