Win2K Operation Masters

Role seizure. Role seizure takes place when an Operation Master fails or becomes temporarily unavailable. When an Operation Master domain controller temporarily goes offline, alternative domain controllers can safely seize only the infrastructure master and the PDC emulator. These roles are the only roles that the original Operation Master domain controller can seize when it comes back online. If a domain controller seizes the schema master, domain naming master, or RID master roles, you must not bring the original Operation Master domain controller back online. If you bring the original schema master back online, recent schema updates might not be properly replicated to the enterprise. Bringing the original domain naming master back online might cause the other domain controllers to have trouble recognizing the correct domain naming master. This confusion could result in domain controller promotion or demotion errors. And if the original RID master came back online after a role seizure, it might distribute RIDs that the backup RID master had already assigned.

To seize a role, you can use the Ntdsutil tool and the same process (with one modification) that you use to transfer a role. In the previous example, you would replace the transfer schema master command in step 7 with the seize schema master command. To complete the seizure, click Yes in the Role Seizure Confirmation Dialog box, which Figure 4 shows.

After you complete role placement, you need to document which servers hold which roles in your forest. This important step will aid in troubleshooting Operation Master role problems.

Designate Standby Operation Masters
Win2K doesn't provide automatic backup or failover functionality for Operation Masters that go offline. Therefore, a good practice is to designate one or more standby Operation Masters to seize a role in the event of a server failure. Standby Operation Masters are domain controllers that are direct replication partners with the existing Operation Master domain controllers. You can use the Microsoft Windows 2000 Resource Kit Replmon and Repadmin tools to help manage replication, determine replication topology, and establish partners. Your Operation Master role documentation should include standby Operation Masters.

Tooling Around
In addition to transferring and seizing roles, the Ntdsutil command lets you view Operation Master roles. To view the forest-based and domain-based Operation Master roles, run the sequence of commands you use to transfer or seize a role, but in step 7 type

select operation target

and in step 8, type

list roles for connected server

The output will be similar to the information that Figure 3 shows.

You can also use GUI management tools to view and change Operation Master roles. To view domain-specific Operation Master role servers, run the Active Directory Users and Computers MMC snap-in by clicking Start, Run, Programs, Administrative Tools, Active Directory Users and Computers. In the left pane, right-click the name of the domain that you want to view, and select Operation Masters from the resulting drop-down menu. You can view the PDC emulator, RID master, or infrastructure master roles by clicking the appropriate tab, as Figure 5 shows. On each tab, you can transfer a role by clicking Change. However, before you use this method to initiate a transfer, you must connect to the target domain controller. You can do so from the main Active Directory Users and Computers window by right-clicking the domain name in the left pane, then selecting Connect to Domain Controller from the resulting drop-down menu.

To view the schema master, you must load the Active Directory Schema MMC snap-in. To discourage curious administrators from incorrectly modifying the schema, Win2K doesn't include this snap-in in the Administrative Tools folder by default. To load this snap-in, click Start, Run and type

mmc

in the Open text box. In the MMC window, select Add/Remove Snap-in from the Console menu, then click Add. Scroll down the list to find Active Directory Schema, highlight it, and click Add, Close, OK. After you right-click Active Directory Schema in the left pane and select Operations Masters, the Change Schema Master window, which Figure 6 shows, appears.

The process to view the domain naming Operation Master is a bit simpler. Click Start, Programs, Administrative Tools, and select Active Directory Domains and Trusts. In the left pane, right-click Active Directory Domains and Trusts and select Operations Masters from the resulting drop-down menu. The Change Operations Master window, which Figure 7 shows, will appear and show the forest's active domain naming master.

Quiet Mediators
During typical operation, Operation Masters don't require much attention. You need to jump into action only when a server requires offline maintenance or crashes. If you have up-to-date documentation that shows which servers host which roles and what servers you've designated as backups, you can respond quickly and effectively to any situation. To efficiently manage your Win2K network and ensure that domain controllers and users receive the services they require, you must understand what function each Operation Master role performs in AD, which tools you can use to troubleshoot Operation Master problems, and how to optimize Operation Master roles.