Migrate the five roles between domain controllers and forcing in case of failure

Print Friendly, PDF & Email

To migrate roles between different domain controllers, for example from a Windows 2000 to a Windows 2003, or a Windows 2003 to another 2003… or simply to distribute the load among the DCs. It doesn't matter in which the process is carried out. It can be done in two ways, Mediate GUI, or through Commands. And there is a third way that would be aggressive in case the Active Directory does not work correctly and we must force the transfer of the functions – HERE.

Migrate roles using GUIs:

What I always do first is to enable the global catalog on the new server so that when we remove the old server the PCs from the LAN can be authenticated, To do this, we open the “AD Sites and Services” on any domain controller, and we go to the new server to “NTDS Settings” > Right Button > “Properties”

And just check the “Global Catalog” and accept,

To modify roles, We go to the console of “AD Users and Teams” of the server to which we want to migrate the roles (If possible, otherwise, We connect from the console to the desired server), Well, from the domain name, Right-click > “Operations Master…”

We must change all three options, first, from the RID tab, it shows us which is the current RID server and which one we would pass it to if we click on “Change…”, Is.

Confirm, “Yes”

We check the modifications and “Accept”.

Now with the next tab, that of “Primary Domain Controller”, Click on “Change…”

Yes

OK and we have migrated the main DC.

And finally, the “Infrastructure”, Click on “Change…”

That happens to me because SERVER02 is also a Global Catalog, It's okay, So we confirm, “Yes”.

Accept

Now, We close the console of “AD Users and Teams, and we open a window of MSDOS, Write “regsvr32 schmmgmt.dll” To migrate the schema server, when you give the “Enter” We will get confirmation, We accept it.

Click on “File” > “Add or remove add-in…”

In the complements we look for the “Active Directory Schema” and click on “Add” and then on “Close” and “Accept”

This shows us what the current schema server is, In this case “Server01”, How do I want to migrate it to another server (SERVER02) First I have to connect to it, for this, Right click on “Active Directory Schema” and we choose “Change the domain controller…”

We type the name of the server we want to migrate to and accept.

To change the server hosting the schema, right-click on “Active Directory Schema” and select “Operations Master…”

Same as before, shows us the current server of “Schema Master”, to migrate it from one to the other (in this case from SERVER01 to SERVER02) Click on “Change…”

Last, We open the “Active Directory Domains and Trusts”,

In it, envelope “Active Directory Domains and Trusts”, right-click on “Operations Master…” (if we are not on the server that will host this service, We first connect from “Connect to the domain controller…”

Vale, tells us that we will change from servidor01.dominio.com to servidor02.dominio.com the “Operations Master”, We give “Change…”

And we accept.

All of this would migrate Active Directory roles between multiple servers.

Migrate roles by command:

If instead of doing it by following all the long steps of the above, We can do it all by commands, for this, from the destination server (The new one, the one who will have the roles), we open an MSDOS window and run “Ntdsutil”, Let's enter; The next command to type is “Roles”, we hit Enter. Then we wrote “connections” and hit Enter again. After, We connect to the server that we want to have the roles, Put “connect to server NOMBRE_SERVIDOR”, we hit Enter; We came out putting “q” and hit Enter again. Now we write the role that we are interested in moving to this server, always preceded by the word “transfer”, and the five roles would be: “domain naming master”, “Infraestructure Master”, “PDC”, “RID master” and “Schema Master”. The command would have to be executed with all the roles (that is, Five times) and to the question he asks us if we are safe or not, We say that “Yes”.

Force role migration in case of errors in the above:

If we have a problem with the Active Directory or for whatever reason the source server of a function no longer exists or does not want to transfer them to us… We can always force it as follows. From the destination server (The new one, the one who will have the roles), we open an MSDOS window and run “Ntdsutil”, Let's enter; The next command to type is “Roles”, we hit Enter. Then we wrote “connections” and hit Enter again. After, We connect to the server that we want to have the roles, Put “connect to server NOMBRE_SERVIDOR”, we hit Enter; We came out putting “q” and hit Enter again. Now we write the role that we are interested in moving to this server, always preceded by the word “Seize”, and the five roles would be: “domain naming master”, “Infraestructure Master”, “PDC”, “RID master” and “Schema Master”. If we want to be sure and we don't know what to do, we execute the command with all the roles and to the question that asks us if we are safe or not, We say that “Yes”.


Recommended Posts

Installing WINS (Windows Internet Name Service)
Read

Post does not have featured image

How to Migrate a Print Server to Windows Server 2008
Read

Post does not have featured image

Using AdRestore to recover Tombstone items
Read
Migrating a File Server Between Any Windows Server Version
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Migrate the RIS server (Remote Installation Service) to another Windows server 2003

21 de October de 2008

Migrate a Microsoft Exchange organization 2003 o Exchange 2000 to Microsoft Exchange 2007

21 de October de 2008