3.4.4.6 MoveADOperationMasterRole

  • Article

A server processes a MoveADOperationMasterRole request using the Active Directory Web Services: Custom Action Protocol upon receiving a SOAP message that contains the MoveADOperationMasterRole SOAP header and that specifies the following URI as the SOAP action:

http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/TopologyManagement/MoveADOperationMasterRole

This operation is specified by the following WSDL.

 <wsdl:operation name="MoveADOperationMasterRole">
     <wsdl:input
         wsam:Action=
 "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/TopologyManagement/MoveADOperationMasterRole"
         name="MoveADOperationMasterRoleRequest"
         message="ca:MoveADOperationMasterRoleRequest" />
   <wsdl:output
       wsam:Action=
 "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/TopologyManagement/MoveADOperationMasterRoleResponse"
       name="MoveADOperationMasterRoleResponse"
       message="ca:MoveADOperationMasterRoleResponse" />
   <wsdl:fault
       wsam:Action=
 "http://schemas.microsoft.com/2008/1/ActiveDirectory/Data/fault"
       name="MoveADOperationMasterRoleFault"
       message=
 "ca:TopologyManagement_MoveADOperationMasterRole_MoveADOperationMasterRoleFault_FaultMessage" />
 </wsdl:operation>

The MoveADOperationMasterRole custom action moves the FSMO role specified by element MoveADOperationMasterRoleRequest/OperationMasterRole (section 3.4.4.6.2.3) to the directory service specified by the SOAP header Server element (section 2.2.3.5) in the MoveADOperationMasterRoleRequest.

If the MoveADOperationMasterRoleRequest/Seize element is set to TRUE, then the MoveADOperationMasterRole custom action seizes (section 3.4.4.6.2.3.2) the FSMO role only after first attempting a regular transfer (section 3.4.4.6.2.3.1) which has failed.

On successful completion of the FSMO role transfer (or seizure), the MoveADOperationMasterRole custom action MUST create a MoveADOperationMasterRoleResponse element, set the MoveADOperationMasterRoleResponse/WasSeized element to TRUE or FALSE, and return the MoveADOperationMasterRoleResponse object. The WasSeized element indicates whether the FSMO role was seized (TRUE) or transferred (FALSE).

To transfer a FSMO role, the server writes the appropriate rootDSE attribute of the directory instance ([MS-ADTS] sections 3.1.1.3.3.1 through 3.1.1.3.3.6). The table under section 3.4.4.6.2.3.1 contains information on the rootDSE attribute to modify to transfer a role.

To seize a FSMO role, the server writes the distinguishedName of the nTDSDSA object of the new role owner [MS-ADTS] sections 3.1.1.5.3.1.2 and 3.1.1.5.3.2.<57> The table under section 3.4.4.6.2.3.2 contains information about which object attribute to write to seize a role.

If an error occurs while processing this operation, the server MUST return the appropriate SOAP fault for the particular error condition as specified in section 3.4.4.6.8.