First way 1. Seizing Operation Master Roles to Secondary Domain Controller
Step-By-Step: Seizing the Operation Master Roles in Windows Server 2012 R2
A disaster recovery plan is something every organization, no matter how small, should have. It provides piece of mind to not only the business decision makers, but the IT administrators that support said organization as well. Unfortunately, not all organizations feel the same way and sometimes the perceivable cost is harder to swallow for some small businesses.
Active Directory (AD) utilizes Flexible Single Master Operations (FSMO) roles to perform a specialized set of tasks on deployed Domain Controllers (DC). Depending on the design, these roles are located on different servers and sometimes all roles run from one DC. With a successful disaster recovery plan in place, one can easily recover said AD implementation as detailed in the video below.
Those without disaster recovery plans or running all roles from one DC, while not recommended, is sometimes unavoidable in some smaller sized businesses. The major concern with running all roles off one DC is that the roles cannot be migrated to another server should said server crash. The only way to migrate these roles is by seizing the operation master roles should no disaster recovery plan exist.
This step-by-step will detail the use of ntdsutil.exe, a handy tool used to manage and maintain one’s active directory infrastructure, to seize the operation master roles.
1.Begin by logging into the server in question as the domain administrator or enterprise administrator
2.Right click on start button and select command prompt (admin)
3.Type ntdsutil and press enter
4.Next type roles and press enter
5.Type connections and press enter
6.Next type connect to server
7.Type quit and enter
8.In this demo, the server used holds all the roles. To seize the roles, execute following one at a time
NOTE: After entering each command, a pop up appears to confirm. Simply enter yes to continue.
seize schema master
seize naming master
seize RID master
seize PDC
seize infrastructure master
9.Type quit to exit from ntdsutil once the last command has been entered
The operation master roles are now successfully captured.
First way 2. Transfer FSMO Roles to Secondary Domain Controller (GUI)
How to Transfer FSMO Roles
open CMD (as Administrator)
- check - on wich domain conroller the roles are running
CMD: netdom query fsmo
here you can see, on wich domain controller the 5 roles are running
-
open NTDSUtil via command
type following commands:
ntdsutil
roles
connections
connect to server xxxx (xxxx is the server computer name,that will transfer the FSMO roles to.)
quit - Role to change:
type following command:to change the role : transfer nameoftherole
transfer schema master
transfer naming master
transfer PDC
transfer RID pool manager (rid master)
transfer infrastructure master
when you press enter a dialog appears
Quit
check that the transfer is done:
netdom query fsmo (check where the roles are running)
Other resources:
https://blog.csdn.net/iloli/article/details/6620033