Windows 7 / Getting Started

Transferring Operations Master Roles

You can transfer a single operations master role easily. You transfer roles in the following scenarios:

  • When you establish your forest, all five roles are performed by the first domain controller you install. When you add a domain to the forest, all three domain roles are performed by the first domain controller in that domain. As you add domain controllers, you can distribute the roles to reduce single-point-of-failure risks and improve performance.
  • If you plan to take a domain controller offline that is currently holding an operations master role, transfer that role to another domain controller before taking it offline.
  • If you are decommissioning a domain controller that currently holds an operations master role, transfer that role to another domain controller before decommissioning. The Active Directory Domain Services Installation Wizard will attempt to do so automatically, but you should prepare for demoting a domain controller by transferring its roles.

To transfer an operations master role, follow these steps:

  1. Make sure that the new role holder is up to date with replication from the former role holder.
  2. Open the administrative tool that exposes the current master.
    For example, open the Active Directory Users And Computers snap-in to transfer any of the three domain master roles.
  3. Connect to the domain controller to which you are transferring the role.
    This is accomplished by right-clicking the root node of the snap-in and choosing Change Domain Controller or Change Active Directory Domain Controller. (The command differs between snap-ins.)
  4. Open the Operations Master dialog box, which displays the domain controller currently holding the role token for the operation. Click Change to transfer the role to the domain controller to which you are connected.

When you transfer an operations master role, both the current master and the new master are online. The token is transferred, the new master immediately begins to perform the role, and the former master immediately ceases to perform the role. This is the preferred method of moving operations master roles.

Recognizing Operations Master Failures

Several operations master roles can be unavailable for quite some time before their absence becomes a problem. Other master roles play a crucial role in the day-to-day operation of your enterprise. You can identify problems with operations masters by examining the Directory Service event log.

However, you will often discover that an operations master has failed when you attempt to perform a function managed by the master, and the function fails. For example, if the RID master fails, eventually you will be prevented from creating new security principals.

[Previous] [Contents] [Next]

In this tutorial:

  1. Administering Domain Controllers
  2. Deploying Domain Controllers
  3. Unattended Installation Options and Answer Files
  4. Installing a New Windows Server 2008 R2
  5. Installing Additional Domain Controllers in a Domain
  6. Installing an Additional Domain Controller
  7. Installing a New Windows Server 2008 Child Domain
  8. Staging the Installation of an RODC
  9. Installing AD DS from Media
  10. Managing Operations Masters
  11. Domain-Wide Operations Master Roles
  12. Optimizing the Placement of Operations Masters
  13. Transferring Operations Master Roles
  14. Seizing Operations Master Roles
  15. Configuring DFS Replication of SYSVOL
  16. Understanding Migration Stages