Recipe 11.26 Transferring the ISTG to Another Server

11.26.1 Problem

You want to move the ISTG for a site to another domain controller. This happens automatically if you take the current ISTG offline, but you may want to transfer the role to a server that is more optimal in your environment.

11.26.2 Solution Using a graphical user interface
  1. Open ADSI Edit.

  2. Connect to the CNC if it is not already displayed in the left pane.

  3. In the left pane, browse the Configuration NC Sites.

  4. Click on the site you want to transfer the ISTG for.

  5. In the right pane, double-click CN=NTDS Site Settings.

  6. Modify the interSiteTopologyGenerator attribute to include the NTDS Settings object of the domain controller you want to transfer the ISTG role to.

  7. Click OK. Using VBScript
' This code forces a new ISTG in a site.
' Name of site to transfer ISTG in
strSiteName = "<SiteName>"        ' e.g. Raleigh
' Site the new ISTG server is in
strNewISTGSite = "<ISTGSiteName>" ' e.g. Raleigh
' Common name of server object for new ISTG
strNewISTGName = "<DomainControllerName>"  ' e.g. dc01
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objSiteSettings = GetObject("LDAP://cn=NTDS Site Settings,cn=" & _
                                strSiteName & ",cn=sites," & _
strCurrentISTG = objSiteSettings.Get("interSiteTopologyGenerator")

objSiteSettings.Put "interSiteTopologyGenerator", _
                    "cn=NTDS Settings,cn=" & strNewISTGName & _
                    ",cn=servers,cn=" & strNewISTGSite & ",cn=sites," & _
WScript.Echo "ISTG for " & strSiteName & " changed from:"
WScript.Echo "  " & strCurrentISTG
WScript.Echo "To"
WScript.Echo "  " & objSiteSettings.Get("interSiteTopologyGenerator")

11.26.3 Discussion

The current ISTG for a site is stored in the interSiteTopologyGenerator attribute of the site's NTDS Site Settings object. The distinguished name of the ISTG's NTDS Settings object is stored in that attribute.

Domain controllers communicate their presence as the ISTG by writing to the interSiteTopologyGenerator attribute at a set interval. If you want another domain controller to assume the role of the ISTG, you need to write the distinguished name of that domain controller's NTDS Settings object to the interSiteTopologyGenerator attribute of the NTDS Site Settings object for the site.

Two registry settings govern the ISTG registration process, both of which are stored under the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters key. The interval (in minutes) in which the current ISTG should write to the interSiteTopologyGenerator attribute to inform the other DCs in the site that it is still the ISTG is stored in the KCC site generator renewal interval (minutes) value. The default is 30 minutes. The other value is named KCC site generator fail-over (minutes) and contains the time in minutes that each domain controller in the site should wait for the interSiteTopologyGenerator attribute to be written to before attempting to register itself as the ISTG. The default is 60 minutes.

11.26.4 See Also

MS KB 224815 (The Role of the Inter-Site Topology Generator in Active Directory Replication)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List