kieranbarnes Independent PHP, WordPress & CubeCart Programmer

Responding to a Schema Master Failure

Posted on December 30, 2009

There is a little known FSMO role in Active Directory called Schema Master, quite simply it manages changes to your Active Directory Schema. Whilst this is down, no schema changes can be made. Chances are, you'll forget to move this role as it isn't listed in the usual Operations Masters tab.

Does anyone know why?! Anyway, if you've ever lost or moved a Domain Controller, chances are you didn't move this role.We've got two ways of doing it.

Version 1 - Your existing Schema Master is still alive.

Remote Desktop or otherwise connect to the Domain Controller you want to become the Schema Master.
We need to MMC. Lovely. Even more lovely, we need to register the Active Directory Schema DLL.

  1. Start
  2. Run
  3. Type regsvr32 schmmgmt.dll
  4. Hope you get a "DllRegisterServer in schmmgmt.dll succeeded".

Now we can start work.

  1. Start, again.
  2. Run, again.
  3. Type mmc.
  4. From the File menu, select Add/Remove Snap-in.
  5. Click Add.
  6. Select Active Directory Schema.
  7. Close.
  8. OK.
  9. Right click 'Active Directory Schema
  10. Select Operations Masters.
  11. Check the listed Domain Controllers are correct and click Change.

Version 2- Your existing Schema Master is dead, forever and ever and ever.

Now this method is much more fun. We get to use my favourite tool ntdsutil.

Its advisable to do this from the Domain Controller you want to

  1. Start.
  2. Run.
  3. Type ntdsutil.
  4. Type roles. Press Enter. This puts us in FSMO Maintenance Mode
  5. Type connections.
  6. Type connect to server <SERVER NAME>
  7. Once connected, type quit.
  8. Now, back at the FSMO Maintenance Mode prompt, type seize schema master.
    This should report some information back on the success of the operation. Read it carefully.
  9. Type quit.
  10. Type quit.

Please make sure the old domain controller never ever ever comes back online. I read some Microsoft article once that suggested the old server should be formatted at least twice to prevent the server coming back on accidentally. Yeah, its that serious.


Related posts

  1. Active Directory DHCP Authorisation Issues
    So you just deleted a DHCP server in your Active Directory site and can't authorise...
  2. [Snippet] Forcing Replication Between Domain Controllers
    ...because some people still don't know! Open Active Directory Sites and Services. In the console...
  3. Synchronizing time on a Windows 2003 domain controller
    In a Windows domain environment its incredibly important that all clients & servers share the...
  4. How can I specify the Global Catalog (GC) that I want my Microsoft Exchange Server system to use?
    If you want to force the Exchange server to use a specific GC instead of...
  5. Super simple Active Directory with Samba
    I needed a super simple, straight forward way of installing samba on Ubuntu and joining...

Posted by Kieran


Tagged as: , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

(required)

No trackbacks yet.

» «
Got a WordPress or CubeCart problem? Don't Panic!

Categories

Recent Comments

Kieran Barnes

Independent PHP, WordPress and CubeCart programmer and consultant in Manchester, UK.
I can offer programming and consultancy for your next WordPress, Ecommerce or PHP web application.

Kieran Barnes

About Kieran

Kieran is a PHP developer with 15 years commercial experience. He has a niche for all things WordPress, CubeCart and other open sourcery. With expertise in most areas of Linux and Windows wrangling makes him a good choice for supporting and consulting your next web application.

Get in Touch

ITR DC2

FTOOC

MCR VTEC

Bulldog Rescue
Sitemap (HTML)
Sitemap (XML)