How to transfer the domain controller

How to transfer the domain controller

It is possible to carry out transfer of the domain controller both in case of its nonserviceability, and in case of serviceability. The main difference is that it is only expedient to transfer the failed mechanism in case the backup copy is in advance deployed. Only this way it is possible to recover data subsequently.

It is required to you

  • Computer, domain controller.


1. Create the reserve domain controller. For this purpose start on any network server the master of dcpromo. He will help to create the controller in the domain which already exists. As a result on the additional server the directory service of Active Directory (AD) is deployed.

2. Start installation of the DNS server. All settings and a zone are stored in AD. From there all records are by default copied in the reserve controller. Wait until it occurs. Specify by the address of primary DNS server the IP address of the basic domain controller.

3. Check operability of the reserve controller. On any of them create the user account. It will seem on the duplicating device, but in the beginning - as disconnected, and in 2-3 minutes - as active. It is a signal that the reserve mechanism works.

4. If the domain has two and more controllers, then specify as between them fsmo roles are redistributed. For this purpose use commands:

dsquery server – hasfsmo schema

dsquery server – hasfsmo name

dsquery server – hasfsmo rid

dsquery server – hasfsmo pdc

dsquery server – hasfsmo infr

dsquery server – forest - isgc

Each of commands will highlight the owner of any given role. In most cases, the owner of all roles - the basic controller.

5. Carry out a voluntary broadcast of roles fsmo from the basic controller to reserve. It is necessary that the second coped with all tasks as the main. Use for this Active Directory. At first make sure that the account is included into the sections "Domain Administrators", "Administrators of the Scheme" and "Administrators of the Enterprise". Then begin a classical broadcast of roles fsmo via AD consoles.

6. Open "Active Directory Domains and Trust" on that controller from which the role will be transferred. Click with the right mouse button on the image "Active Directory Domains and Trust" and specify the Connection to the Domain Controller command. In this case select that controller to which the role will be transferred from the list. Click with the right digging of a mouse on a component "Active Directory Domains and Trust" and find the Owners of Operations command. The dialog box will appear. In it find the line "Change of the Owner of Operations" and click "Change". There will be a pop-up request for transfer of a role. Answer in the affirmative. The role is successfully transferred.

7. In this way by means of the Active Directory — users and computers console carry out transfer of roles "the main domain controller", "the owner of infrastructure" and "the owner of RID". Before carrying out transfer of a role of "the owner of the scheme", register the library containing documentation of management of the scheme Active Directory in a system:

regsvr32 schmmgmt.dll

Add the Scheme Active Directory equipment to the mmc console, in it change the owner of roles according to the previous scheme.

8. When all roles are transferred, deal with the option "Keeper of the Main Directory". Come Active Directory: "The websites and Services" also find the controller on which transferred all data. Open properties its NTDS settings and note the global catalog check mark.

Author: «MirrorInfo» Dream Team