Moving the ISTG role to another domain controller

On a customer site we have multiple Windows 2003 domain controllers in an single AD site. One of the domain controllers has connection problems this causes authentication problems because the troubled server has the Inter-Site Topology Generator (ISTG) role. The server with the ISTG role is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located.

To end the authentication problems I want to move the ISTG role from server02 to dc001. When you open the Active Directory Sites and Services console. In this console you open the troubled site. When you open the site, you see in the right pan NTDS Site Settings.


When you right click the NTDS Settings, and select properties you see the current configured ISTG server.


Now that we have confirmed that SERVER02 is the current ISTG server we need to transfer this role to a more stable server. We can wait the default 60 minutes to initiate a election for the ISTG role, but I don’t want to take the risk off possible new authentication problems. Better safe then sorry.

To transfer the ISTG role to an other server we open the ADSIEdit.msc console. For the task at hand we need to open de ADSIEdit console in the Naming Context, Configuration Container.


Expand Configuration [DomainController].
Expand CN=Configuration,DC=<domain>,DC=<com>.
Expand CN=Sites.
Highlight CN=<sitename> for the site where you want to change the ISTG Server.
In the details pane, right-click on CN=NTDS Site Settings and select Properties.


In the following screen under the dropdown menu with the label ‘Select a property to view’ you choose interSiteTopologyGenerator.


Copy the text under Value and past it under ‘Edit Attribute’. Now you can change the text form Server02 to dc001, and click the button Set.

To verify the transfer of the ISTG role we repeat the steps to confirm the name of the current ISTG server. You’ll see that the current ISTG server is DC001.