When testing any program that works with Active Directory, sometimes it is useful to know how to transfer roles between Domain Controllers. The objective of this article is not to explain the roles themselves, but to show how to transfer them. The roles I´ll be using are:
Intersite Topology Generator (ISTG)
- Schema Master
- Domain naming Master
- Infrastructure Master
- Relative ID Master (RID Master)
- PDC emulator
You can read about them here and here.
So, let´s see what is this all about.
Requirements (This requirements are just an example. The methods described here also apply to other environments):
A Windows Server 2008 machine holding a domain (if you don´t know how to set up an Active Directory domain, you can check this).
A Windows Server 2008 machine as a second Domain Controller.
To transfer the ISTG role:
1. Make sure that you have administrator privileges. Go to one of the Domain Controllers (DC) and go to Start>Run>Type ADSIEDIT.msc and press Enter.
2. Right click ADSI edit>Connect to...
3. In Connection Point, select "Select a well known Naming Context", and select "Configuration". Press Ok.
4. Expand "Configuration [main Domain Controller]">"CN=Configuration,DC=yourDomain,DC=com">"CN=Sites"
5. Highlight "CN=Your site´s name"
6. Righ click "CN=NTDS Site Settings">Properties
7. Go to InterSite TopologyGenerator. Select it and press Edit
8. You´ll see an String editor like this:
You can see which DC is currently holding the ISTG role in the String of the Editor. It has this format:
As you can see, the second "CN" has the name of the main DC. So, to transfer the ISTG role, just change that part. As an example, I'm transferring the ISTG role to a computer named VTWk8ROLES02, so the string would go like this:
Once you do it, press OK and then Apply. And that's it. You have manually transferred the ISTG role to another Domain Controller.
1. First of all, you can check which computer is holding which role with a command. Open a command line and type netdom query fsmo. Press Enter.
The result is a list of the roles with the computer that is holding them.
2. Open another command line and write:
ntdsutil --> Press Enter
roles --> Press Enter
connect to server [name of the server to which the role will be transfered] --> In this case, I worte: connect to server VTWK8ROLES02
quit --> Press Enter
Now, you could consult the Help command to know how to transfer roles. You have the following options:
For example, let's transfer the PDC role. Write: transfer PDC and press Enter--> The following dialog will be displayed:
Press Yes and you have transferred the role. You can run netdom query fsmo to verify that the role has changed.