Locate your FSMO Role Servers

KB ID 0000221

Problem

You would like to know which servers are holding which roles. To move your FSMO Servers CLICK HERE

Solution

FSMO Servers

There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest.

  • PDC Emulator (One per domain)
  • RID Master (One per domain)
  • Schema Master (One per forest)
  • Domain Naming Master (One per forest)
  • Infrastructure Master (One per domain)

But I’ve Googled it, and it says there are Seven FSMO Roles?

To save arguments there are two further roles;

  • Domain DNS Zone Master role (One per domain)
  • Forest DNS Zone Master role (One per forest)

These two roles are not well documented, and there is no way to display or transfer them, (without using ADSIEdit.)

Locate FSMO Servers via Command

Option 1: PowerShell

Use the following commands;

[box]

Get-ADDomain | Select-Object DistinguishedName, SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster

Get-ADForest | Select-Object Name,SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster

[/box]

Option 2: Command Line

1. Start > Run cmd {enter}

2. Execute the following command. (Note: Older versions of Windows servers will need the support tools installing to run the netdom command).

In a Forest;

[box]netdom query /domain:YOURDOMAINNAME fsmo[/box]

In a Single Domain;

[box]netdom query fsmo[/box]

Locate FSMO Servers Graphically

To View RID MASTER, PDC EMULATOR and INFRASTRUCTURE MASTER

1. Go to a domain controller.

2. Start > run > dsa.msc {enter}

3. Right click domain name > Operations masters

Note: You can change the server holding these roles from this console.

To view the SCHEMA MASTER graphically do the following

1. Start > Run > regsvr32 schmmgmt.dll {enter} > OK

2. Start > run > mmc {enter}.

3. File > Add / Remove Snap-In > Add > Active Directory Schema > Add Close > OK

4. Right Click “Active Directory Schema” > Operations Master.

To View the DOMAIN NAMING MASTER

1. Start > Run > domain.msc {enter}

2. Right Click “Active Directory Domains and Trusts” > Operations Master.

General Rules for FSMO Placement

If you only have 1 domain in the forest everything goes in that one domain.

If not….

Forest Root Domain gets the Domain Naming Master, and the Schema Master roles

Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.

Though not an FSMO role each logon location should have a Global Catalogue server

(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)

FSMO Placement

1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).

2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).

3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).

Locate Global Catalogue Servers

To check if a domain controller is also a global catalogue server:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.

3. Open the Servers folder, and then click the domain controller.

4. In the domain controller’s folder, double-click NTDS Settings.

5. On the Action menu, click Properties.

6. On the General tab, locate the Global Catalogue check box to see if it is selected.

Related Articles, References, Credits, or External Links

Windows Server – Locating, Transferring, and Seizing FSMO Roles

Transferring Your FSMO Roles

Transferring Your FSMO Roles

FSMO Roles KB ID 0000240

Problem

Note: This article is still valid, but this procedure can now be done simply with PowerShell.

Windows Server – Locating, Transferring, and Seizing FSMO Roles

If you are replacing a domain controller, or simply taking one offline for a while, you might want to transfer its FSMO roles to another Domain Controller.

There are 5 FSMO roles which are,

· Schema master – Forest-wide and one per forest. · Domain naming master – Forest-wide and one per forest. · RID master – Domain-specific and one for each domain. · PDC Emulator is domain-specific and one for each domain. · Infrastructure master – Domain-specific and one for each domain.

FSMO Roles Solution

Traditionally we either “Seized” or “Transferred” the FSMO roles from command line using the ntdsutil tool like THIS. But you can transfer the roles with the normal graphical consoles you have.

To see what FSMO roles are where,

Locate your FSMO Role Servers

Moving the RID Master, PDC Emulator, and Infrastructure Master FSMO Roles

See: Windows Server – Locating, Transferring, and Seizing FSMO Roles

1. Start > Administrative tools > Active Directory Users and Computers.

2. Right click the domain > Operations Masters > Select each Tab in turn > Change > Yes > Repeat for the other two tabs.

Moving the Domain Naming Master

1. Start > Administrative tools > Active Directory Domains and Trusts.

2. Right click the top level entry > Operations Master > Change > Yes.

Moving the Schema Master.

1. In the Search/Run box type regsvr32 schmmgmt.dll {enter} > It should say that it succeeded.

2. Now in the Search/Run box type mmc {enter} > A Microsoft Management Console will open > File > Add/Remove Snap-in.

3. Select the “Active Directory Schema” Snap-in > Add.

4. By default you will connect to the Schema Master, you need to be connected to the server you are on, Expand the “Active Directory Schema” > Right click it > Select “Change Active Directory Domain Controller” > Select the NEW one > OK.

5. Now Right click again > Operations Masters > Change > Yes.

If you only have 1 domain in the forest everything goes in that one domain. If not….

Forest Root Domain gets the Domain Naming Master, and the Schema Master roles.

Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.

Though not an FSMO role each logon location should have a Global Catalogue server

(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)

Placement

1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).

2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).

3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).

To check if a domain controller is also a global catalogue server

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.

3. Open the Servers folder, and then click the domain controller.

4. In the domain controller’s folder, double-click NTDS Settings.

5. On the Action menu, click Properties.

6. On the General tab, locate the Global Catalogue check box to see if it is selected.

 

Related Articles, References, Credits, or External Links

NA