Seizing an operations master role
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Role seizure is the act of assigning an operations master role to a new domain controller without the cooperation of the current role holder (usually because it is offline due to a hardware failure). During role seizure, a new domain controller assumes the operations master role without communicating with the current role holder.
Role seizure can create two conditions that can cause problems in the directory. It is for this reason that role seizure should be performed only as a last resort. First, the new role holder starts performing its duties based on the data located in its current directory partition. The new role holder might not receive changes that were made to the previous role holder before it went offline if replication did not complete prior to the time when the original role holder went offline. This can cause data loss or introduce data inconsistency into the directory database.
To minimize the risk of losing data to incomplete replication, do not perform a role seizure until enough time has passed to complete at least one complete end-to-end replication cycle across your network. Allowing enough time for complete end-to-end replication ensures that the domain controller that assumes the role is as up-to-date as possible.
Second, the original role holder is not informed that it is no longer the operations master role holder, which is not a problem if the original role holder stays offline. However, if it comes back online (for example, if the hardware is repaired or the server is restored from a backup), it might try to perform the operations master role that it previously owned. This can result in two domain controllers performing the same operations master role simultaneously. Depending on the role that was seized, the severity of duplicate operations master roles varies from no visible effect to potential corruption of the Active Directory database. Seize the operations master role to a domain controller that has the most recent updates from the current role holder to minimize the impact of the role seizure.
Task Requirements
Repadmin.exe
Ntdsutil.exe
To complete this task, perform the following procedures:
Verify successful replication to a domain controller
This needs to be the domain controller that will be seizing the role.