Latest posts by Timothy Warner (see all)
- Use cases for Netwrix Auditor Free Community Edition v9.0 - Thu, Oct 19 2017
- Sysmalogic Active Directory Report Builder - Lightning-fast AD search and report tool - Tue, Oct 17 2017
- Veeam Backup & Replication for VMware and Hyper‑V 9.5: New features - Thu, Oct 12 2017
You are the administrator for a single Active Directory domain that consists of two Windows Server 2008 R2 domain controllers named DC01 and DC02.
DC02, which holds the schema master role, has gone unexpectedly offline. You need the schema master role in order to be available in the domain. You log onto the domain by using the domain Administrator account.
A. Add your domain user account to the Schema Admins built-in group.
B. Register the Schmmgmt.dll dynamic link library.
C. Transfer the schema master role to another domain controller.
D. Seize the schema master role to another domain controller.
The Correct Answer and Explanation ^
The correct answer is D. The practical difference between transferring and seizing an operations master role is that transferring is by far the preferred choice, although it assumes that both domain controllers (the giver and the receiver of the role are online.
In this case, the domain controller DC02 has gone offline unexpectedly and we don’t know when (or if) the computer will return to action. Thus, we need to fire up an administrative command prompt, start Ntdsutil, and perform a seizure of the schema master role, specifying DC01 as the target.
Seizing an operations master role
By closely reading the item stem, we know that the root question is “Which of these answer choices gets us closest to accomplishing the goal of recovering the schema master role to DC01?
The first content that we need to have under our conceptual belts is the difference between operations master role transfer vs operations master role seizure. If we understand this difference, then we immediately know that choice D looks good and choice C can be dismissed.
Choice A is tricky because it requires that we have closely read the item stem. Some candidates might mistakenly select this answer choice, thinking “I know that your domain account must be a member of the Schema Admins built-in group in order to perform any schema-related actions.” This is true, but remember that the domain Administrator account in the forest root domain is the sole member of the Schema Admins group. In this scenario we have a single forest root domain.
Choice B is accurate inasmuch as we need to use regsrv32.exe to register the Schmmgmt.dll dynamic link library and thereby gain access to the Active Directory Schema Microsoft Management Console (MMC) console. However, this action alone will not accomplish the goal of placing the schema master role on our sole remaining domain controller.
I hope that you found working through this sample practice question to be helpful to your certification studies. If you remain unclear on the “hows and whys” of the operations master roles, then see the companion piece that I mentioned at the beginning of this blog post. You are also free to leave your questions, comments, and concerns in the comments portion of this post. Happy studying!