There are a wealth of things you can do with the NTDSUTIL utility and it is one of the most powerful command line utilities a system administrator can have in his/her bag of tricks when working with Active Directory. We can do things using this utility that we simply can’t do with the GUI. However, most of what we can also do with the GUI when it comes to our domain controllers and the roles they assume, can be managed using NTDSUTIL. One powerful thing we can do among many is transfer and seize operations master roles know as the “Flexible Single Master Operations” roles from one server to another.
We can utilize the transfer mechanism if we have a planned domain controller outage that hosts a certain role. We say planned, because we would use the seize functionality if we had an unplanned outage that happens with one of the domain controllers in an environment and we didn’t have the opportunity to transfer the role before the server went down. Below we have demonstrated via video this process. It is outline below.
- Beforehand it is a good idea to check out the status of the FSMO roles in your environment. From a domain controller type netdom query fsmob to display a listing of the FSMO roles and which servers in your environment hold them
- From a run menu or command prompt launch NTDSUTIL
- Type roles
- Type connections
- Type connect to server %servername% where this is the name of the server you want to transfer the role to not from
- Type q
- Type transfer %role to be transferred%, i.e. transfer infrastructure master
- A dialog box will pop up asking to confirm the transfer of the operations master role
- Click OK and the role is transferred.
