The tools used to transfer the operations masters’ roles are listed below, by role:
- PDC Emulator – Active Directory Users and Computers
- RID Master – Active Directory Users and Computers
- Infrastructure Master – Active Directory Users and Computers
- Domain Naming Master – Active Directory Domains and Trusts
- Schema Master – Active Directory Schema Snap-in. (this will not be viewable by default, and must be registered. From the run command, issue the following command, and the snap-in will be available: regsvr32.exe schmmgmt.dll
You should also be aware of which users have the ability to change operations masters roles by default (controlled via permissions):
PDC Emulator – Domain Admins
RID Master – Domain Admins
Infrastructure Master – Domain Admins
Domain Naming Master – Enterprise Admins
Schema Master – Schema Admins
If a domain controller that holds an operations master role becomes permanently unavailable (equipment failure and cannot be restored from backup, for example), you can take the step of seizing the role it holds. In order to seize a role, you should ensure that the former role owner is disconnected from the network, and proceed with the transfer process. You will receive a warning message stating that a regular transfer is not possible, but continuing will allow you to seize the role.
It is also possible to seize an operations master role by using the ntdsutil tool. The following steps outline the process:
- Run ntdsutil.exe
- From the prompt, type roles
- At the fsmo maintenance prompt, type connections
- At the server connections prompt, type connect to server, followed by the FQDN of the server.
- Type quit at the server connections prompt.
- At the fsmo maintenance prompt, type one of the following:
- Seize PDC
- Seize RID master
- Seize infrastructure master
- Seize domain naming master
- Seize schema master
- Type quit at the fsmo maintenance prompt
- Type quit at the ntdsutil prompt
Just for the sake of knowing, ‘fsmo’ stands for Flexible Single Master Operation.
