There is a little known FSMO role in Active Directory called Schema Master, quite simply it manages changes to your Active Directory Schema. Whilst this is down, no schema changes can be made. Chances are, you’ll forget to move this role as it isn’t listed in the usual Operations Masters tab.
Does anyone know why?! Anyway, if you’ve ever lost or moved a Domain Controller, chances are you didn’t move this role.We’ve got two ways of doing it.
Version 1 – Your existing Schema Master is still alive.
Remote Desktop or otherwise connect to the Domain Controller you want to become the Schema Master.
We need to MMC. Lovely. Even more lovely, we need to register the Active Directory Schema DLL.
- Type regsvr32 schmmgmt.dll
- Hope you get a “DllRegisterServer in schmmgmt.dll succeeded”.
Now we can start work.
- Start, again.
- Run, again.
- Type mmc.
- From the File menu, select Add/Remove Snap-in.
- Click Add.
- Select Active Directory Schema.
- Right click ‘Active Directory Schema
- Select Operations Masters.
- Check the listed Domain Controllers are correct and click Change.
Version 2- Your existing Schema Master is dead, forever and ever and ever.
Now this method is much more fun. We get to use my favourite tool ntdsutil.
Its advisable to do this from the Domain Controller you want to
- Type ntdsutil.
- Type roles. Press Enter. This puts us in FSMO Maintenance Mode
- Type connections.
- Type connect to server <SERVER NAME>
- Once connected, type quit.
- Now, back at the FSMO Maintenance Mode prompt, type seize schema master.
This should report some information back on the success of the operation. Read it carefully.
- Type quit.
- Type quit.
Please make sure the old domain controller never ever ever comes back online. I read some Microsoft article once that suggested the old server should be formatted at least twice to prevent the server coming back on accidentally. Yeah, its that serious.