A disaster recovery plan is something every organization, no matter how small, should have. It provides piece of mind to not only the business decision makers, but the IT administrators that support said organization as well. Unfortunately, not all organizations feel the same way and sometimes the perceivable cost is harder to swallow for some small businesses.
Active Directory (AD) utilizes Flexible Single Master Operations (FSMO) roles to perform a specialized set of tasks on deployed Domain Controllers (DC). Depending on the design, these roles are located on different servers and sometimes all roles run from one DC. With a successful disaster recovery plan in place, one can easily recover said AD implementation as detailed in the video below.
Those without disaster recovery plans or running all roles from one DC, while not recommended, is sometimes unavoidable in some smaller sized businesses. The major concern with running all roles off one DC is that the roles cannot be migrated to another server should said server crash. The only way to migrate these roles is by seizing the operation master roles should no disaster recovery plan exist.
This step-by-step will detail the use of ntdsutil.exe, a handy tool used to manage and maintain one’s active directory infrastructure, to seize the operation master roles.
- Begin by logging into the server in question as the domain administrator or enterprise administrator
- Right click on start button and select command prompt (admin)
- Type ntdsutil and press enter
- Next type roles and press enter
- Type connections and press enter
- Next type connect to server <FQDN of role holder>
- Type quit and enter
- In this demo, the server used holds all the roles. To seize the roles, execute following one at a time
NOTE: After entering each command, a pop up appears to confirm. Simply enter yes to continue.
seize schema master
seize naming master
seize RID master
seize infrastructure master
- Type quit to exit from ntdsutil once the last command has been entered
The operation master roles are now successfully captured.