Information Technology Reference
In-Depth Information
FIGURE 5-5 THE
Ntdsutil.exe sequence for transferring the PDC role
The steps to transfer the other roles are the same as for transferring the PDC Emulator role.
transferring by using Windows powerShell activeDirectory module
Beginning with Windows Server 2012 (and Windows 8 with RSAT), you can use the
Move-ADDirectoryServerOperationMasterRole cmdlet to transfer or seize the FSMO roles.
Unlike ntdsutil.exe, you can transfer multiple roles with a single command. For example, to transfer
the PDC and RID FSMO roles from trey-dc-04 to trey-dc-02, use the following command:
Move-ADDirectoryServerOperationMasterRole -Identity trey-dc-02 -OperationMasterRole
RIDMaster,PDC
To seize the roles when the original holder is no longer available, use the -Force parameter
with the Move-ADDirectoryServerOperationMasterRole cmdlet.
Windows Server 2008 introduced the read-only domain controller (RODC), which hosts
read-only partitions of the AD DS database. Because changes can't be made to the RODC, it
is an appropriate solution for deployment to sites in which physical security is less able to be
controlled, such as branch offices. Deploying an RODC to sites connected with poor network
bandwidth improves the logon time and the time required to access network resources when
password caching is configured.
To simplify deployment of RODCs to remote sites, you can stage the deployment of the
RODC. A staged deployment creates the account for the RODC; when the computer is actu-
ally deployed, it is promoted to an RODC. To reduce the network load, a staged deployment
can be done with the AD DS database on physical media, enabling the RODC deployment to
use the Install from Media (IFM) feature.
