Operations Masters Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
In this section
Operations Masters Tools
Network Ports Used by Operations Masters
Related Information
Operations Masters Tools
Tools that are associated with operations masters are the same tools that you use to manage any domain controller.
The following tools have commands that are specific to managing operations masters.
Domain.msc: Active Directory Domains and Trusts
Category
An Active Directory Domain Services (AD DS) Administrative Tools Microsoft Management Console (MMC) snap-in that is automatically installed on all domain controllers running Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
Note
In Windows Server® 2003 and Microsoft Windows® 2000 Server, the directory service is named Active Directory. In Windows Server 2008 R2 and Windows Server 2008, the directory service is named Active Directory Domain Services. The rest of this topic refers to AD DS, but the information is also applicable to Active Directory.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
1. To run the Windows Server 2003 Administration Tools Pack (Adminpak.msi) on a computer that is running Windows XP Professional, Windows XP Home Edition, or Windows XP 64-Bit Edition Version 2003, Windows XP Service Pack 1 (SP1) must be installed.
Active Directory Domains and Trusts provides a graphical interface in which you can view and manage all domains in the forest.
Use this tool to transfer the role of the domain naming master to another computer in the forest. You must be a member of the Domain Admins group (in the forest root domain) or the Enterprise Admins group, or you must have been delegated the appropriate authority to transfer this operations master role. For more information about the specific rights that are required to transfer specific operations master roles, see “What are Operations Masters?.”
Dsa.msc: Active Directory Users and Computers
Category
An Active Directory Administrative Tools Microsoft Management Console (MMC) snap-in that is automatically installed on all domain controllers running Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
1. To run the Windows Server 2003 Administration Tools Pack (Adminpak.msi) on a computer that is running Windows XP Professional, Windows XP Home Edition, or Windows XP 64-Bit Edition Version 2003, Windows XP Service Pack 1 (SP1) must be installed.
Active Directory Users and Computers provides a graphical user interface that can be used to manage users and computers in AD DS domains.
Use this tool to transfer the role of the RID master, the PDC emulator, and the Infrastructure master to another computer in the domain. You must be a member of the Domain Admins group or the Enterprise Admins group, or you must have been delegated the appropriate authority to transfer these operations master roles. For more information about the specific rights that are required to transfer specific operations master roles, see “What are Operations Masters?.”
schmmgmt.msc: Active Directory Schema
Category
An Active Directory Administrative Tools Microsoft Management Console (MMC) snap-in that is automatically installed on all domain controllers running Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
The schema master running:
|
1. To run the Windows Server 2003 Administration Tools Pack (Adminpak.msi) on a computer that is running Windows XP Professional, Windows XP Home Edition, or Windows XP 64-Bit Edition Version 2003, Windows XP Service Pack 1 (SP1) must be installed.
Active Directory Schema is a graphical user interface that can be used to manage AD DS object classes and their associated attributes.
Use this tool to transfer the role of the schema master to another computer in the forest. You must be a member of the Schema Admins group, or you must have been delegated the appropriate authority to transfer this operations master role. For more information about the specific rights that are required to transfer specific operations master roles, see “What are Operations Masters?.”
Before the snap-in can be used, it must be registered so that it appears as an available snap-in for the Microsoft Management Console. For more information about registering Active Directory Schema snap-in, see “Active Directory Schema Technical Reference.”
Ntdsutil.exe: Ntdsutil
Category
This tool ships with Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
|
Domain controllers running:
|
You can use Ntdsutil to perform AD DS database maintenance; including transferring and seizing all operations master roles. This tool is intended for use by experienced administrators. For more information, see Ntdsutil (https://go.microsoft.com/fwlink/?LinkId=192808).
Dsquery.exe: Dsquery
Category
Dsquery is a command-line tool that ships with Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
Version Compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
Use **Dsquery server -hasfsmo {schema | name | infr | pdc | rid}**to search for the domain controller that holds the requested operations master role. For more information, see Dsquery server (https://go.microsoft.com/fwlink/?LinkId=192809).
Network Ports Used by Operations Masters
The following ports are used by all domain controllers.
Port Assignments for Operations Masters
| Service Name | UDP | TCP |
|---|---|---|
LDAP |
389 |
389 |
LDAP |
|
636 (Secure Sockets Layer [SSL]) |
RPC/REPL |
|
135 (endpoint mapper) |
Net Logon |
|
137 |
Kerberos |
88 |
88 |
DNS |
53 |
53 |
SMB over IP |
445 |
445 |
Related Information
The following resources contain additional information that is relevant to this section.