Windows: Need to Seize Roles during DR?
24 October 2006
In an environment that needs to come up quickly, I found a little trick that can be helpful.
NTDSUTIL.exe lets you manage which domain controllers handle which roles in your domain.
According to kb article 243267, you can script this. So in a DR situation, if you have a virtual DC (in a VM) and you want to have it seize all roles, it can be simple with the following script.
The following script will allow you to seize all roles from a batch file (seizeroles1.bat):
**********BEGIN HERE**********
ntdsutil roles connections "connect to server %1" quit "seize domain naming master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize infrastructure master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize PDC" quit quit
ntdsutil roles connections "connect to server %1" quit "seize RID master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize schema master" quit quit
***********END HERE***********
Save the batch file as seizeroles.bat and call it from a cmd prompt with "seizeroles.bat servername.domain"
Additionally, some of this can be abbreviated (seizeroles2.bat):
**********BEGIN HERE**********
ntdsutil r c "co t s %1" q "seize domain naming master" q q
ntdsutil r c "co t s %1" q "seize infrastructure master" q q
ntdsutil r c "co t s %1" q "seize PDC" q q
ntdsutil r c "co t s %1" q "seize RID master" q q
ntdsutil r c "co t s %1" q "seize schema master" q q
***********END HERE***********
And if you really want it to shorten up, you can enter a single line to do what you want (seizeroles3.bat):
**********BEGIN HERE**********
ntdsutil r c "co t s %1" q "seize domain naming master" "seize infrastructure master" "seize PDC" "seize RID master" "seize schema master" q q
***********END HERE***********
Also I like to add a "popups off" or "p off" before the r c to keep it from prompting me as to whether I wish to perform this action or not.
Enjoy.
NTDSUTIL.exe lets you manage which domain controllers handle which roles in your domain.
According to kb article 243267, you can script this. So in a DR situation, if you have a virtual DC (in a VM) and you want to have it seize all roles, it can be simple with the following script.
The following script will allow you to seize all roles from a batch file (seizeroles1.bat):
**********BEGIN HERE**********
ntdsutil roles connections "connect to server %1" quit "seize domain naming master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize infrastructure master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize PDC" quit quit
ntdsutil roles connections "connect to server %1" quit "seize RID master" quit quit
ntdsutil roles connections "connect to server %1" quit "seize schema master" quit quit
***********END HERE***********
Save the batch file as seizeroles.bat and call it from a cmd prompt with "seizeroles.bat servername.domain"
Additionally, some of this can be abbreviated (seizeroles2.bat):
**********BEGIN HERE**********
ntdsutil r c "co t s %1" q "seize domain naming master" q q
ntdsutil r c "co t s %1" q "seize infrastructure master" q q
ntdsutil r c "co t s %1" q "seize PDC" q q
ntdsutil r c "co t s %1" q "seize RID master" q q
ntdsutil r c "co t s %1" q "seize schema master" q q
***********END HERE***********
And if you really want it to shorten up, you can enter a single line to do what you want (seizeroles3.bat):
**********BEGIN HERE**********
ntdsutil r c "co t s %1" q "seize domain naming master" "seize infrastructure master" "seize PDC" "seize RID master" "seize schema master" q q
***********END HERE***********
Also I like to add a "popups off" or "p off" before the r c to keep it from prompting me as to whether I wish to perform this action or not.
Enjoy.
Labels: Windows
