Step-By-Step: Seizing the Operation Master Roles in Windows Server 2012 R2

  • Article

A disaster recovery plan is something every organization, no matter how small, should have. It provides piece of mind to not only the business decision makers, but the IT administrators that support said organization as well.  Unfortunately, not all organizations feel the same way and sometimes the perceivable cost is harder to swallow for some small businesses.

Active Directory (AD) utilizes Flexible Single Master Operations (FSMO) roles to perform a specialized set of tasks on deployed Domain Controllers (DC). Depending on the design, these roles are  located on different servers and sometimes all roles run from one DC. With a successful disaster recovery plan in place, one can easily recover said AD implementation as detailed in the video below.

 

Those without disaster recovery plans or running all roles from one DC, while not recommended, is sometimes unavoidable in some smaller sized businesses. The major concern with running all roles off one DC is that the roles cannot be migrated to another server should said server crash. The only way to migrate these roles is by seizing the operation master roles should no disaster recovery plan exist.

This step-by-step will detail the use of ntdsutil.exe, a handy tool used to manage and maintain one’s active directory infrastructure, to seize the operation master roles.

  1. Begin by logging into the server in question as the domain administrator or enterprise administrator
     
  2. Right click on start button and select command prompt (admin)
      
    seize1
     
  3. Type ntdsutil and press enter
     
    seize2
     
  4. Next type roles and press enter
     
    seize3
     
  5. Type connections and press enter
     
    seize4
     
  6. Next type connect to server <FQDN of role holder>
      
    seize5
     
  7. Type quit and enter
     
    seize6
     
  8. In this demo, the server used holds all the roles. To seize the roles, execute following one at a time
     
    NOTE: After entering each command, a pop up appears to confirm. Simply enter yes to continue.
     
    seize schema master
     
    seize7
     
    seize naming master
     
    seize8
     
    seize RID master
     
    seize9
     
    seize PDC
     
    seize10
     
    seize infrastructure master
     
    seize11
     
  9. Type quit to exit from ntdsutil once the last command has been entered
     
    seize12
     

The operation master roles are now successfully captured.