How To Seize Active Directory Roles

IT Technology

If you find your self in a situation like me a few days back I hope this can help. I ran into an issue attempting to add a Server 2012 machine as a domain controller in my current forest and I was getting errors like the following:

Error determining whether the target environment requires adprep: Validation error:
Validation error: Unable to check forest upgrade status for server
SERVERNAME.localdomain.local.
Exception: The specified server cannot perform the requested operation
Details:Test.VerifyForestUpgradeStatus.ADPrep.Win32Exception.-2147467259

I had to run the following tool to force the roles from my old master domain controller which failed a while back so I no longer had access to it. It seems the tool will attempt what they call a safe move first which will attempt to contact the original master and transfer the roles gracefully. This is a rare case as if the master domain controller is retired correctly this should not happen.

To start open up a command prompt on a machine attached to the domain and run the following command: “netdom query fsmo" this will show you which domian controller holds the master for the roles of AD and the name of the roles you need to transfer below.

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Server 2008, Server 2008 R2.

 

To seize the schema master role

  1. Open Command Prompt on the server you want to move the roles to.
  2. Type: ntdsutil
  3. At the ntdsutil command prompt, type: roles
  4. At the fsmo maintenance command prompt, type: connections
  5. At the server connections command prompt, type: connect to server YourDomainController
  6. At the server connections prompt, type: quit
  7. At the fsmo maintenance command prompt, type: seize schema master

This set of commands will move the schema master, to figure out the others as there will be more you need you can run a seize /?

After running the seize on all roles to my new master I was able to add the server 2012 machine to the forest with no issues.
I hope this helps anyone else running into this issue.

 

Leave Comment

Your email address will not be published. Required fields are marked *