Locate your FSMO Role Servers

KB ID 0000221

Problem

You would like to know which servers are holding which roles. To move your FSMO Servers CLICK HERE

Solution

FSMO Servers

There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest.

  • PDC Emulator (One per domain)
  • RID Master (One per domain)
  • Schema Master (One per forest)
  • Domain Naming Master (One per forest)
  • Infrastructure Master (One per domain)

But I’ve Googled it, and it says there are Seven FSMO Roles?

To save arguments there are two further roles;

  • Domain DNS Zone Master role (One per domain)
  • Forest DNS Zone Master role (One per forest)

These two roles are not well documented, and there is no way to display or transfer them, (without using ADSIEdit.)

Locate FSMO Servers via Command

Option 1: PowerShell

Use the following commands;

[box]

Get-ADDomain | Select-Object DistinguishedName, SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster

Get-ADForest | Select-Object Name,SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster

[/box]

Option 2: Command Line

1. Start > Run cmd {enter}

2. Execute the following command. (Note: Older versions of Windows servers will need the support tools installing to run the netdom command).

In a Forest;

[box]netdom query /domain:YOURDOMAINNAME fsmo[/box]

In a Single Domain;

[box]netdom query fsmo[/box]

Locate FSMO Servers Graphically

To View RID MASTER, PDC EMULATOR and INFRASTRUCTURE MASTER

1. Go to a domain controller.

2. Start > run > dsa.msc {enter}

3. Right click domain name > Operations masters

Note: You can change the server holding these roles from this console.

To view the SCHEMA MASTER graphically do the following

1. Start > Run > regsvr32 schmmgmt.dll {enter} > OK

2. Start > run > mmc {enter}.

3. File > Add / Remove Snap-In > Add > Active Directory Schema > Add Close > OK

4. Right Click “Active Directory Schema” > Operations Master.

To View the DOMAIN NAMING MASTER

1. Start > Run > domain.msc {enter}

2. Right Click “Active Directory Domains and Trusts” > Operations Master.

General Rules for FSMO Placement

If you only have 1 domain in the forest everything goes in that one domain.

If not….

Forest Root Domain gets the Domain Naming Master, and the Schema Master roles

Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.

Though not an FSMO role each logon location should have a Global Catalogue server

(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)

FSMO Placement

1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).

2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).

3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).

Locate Global Catalogue Servers

To check if a domain controller is also a global catalogue server:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.

3. Open the Servers folder, and then click the domain controller.

4. In the domain controller’s folder, double-click NTDS Settings.

5. On the Action menu, click Properties.

6. On the General tab, locate the Global Catalogue check box to see if it is selected.

Related Articles, References, Credits, or External Links

Windows Server – Locating, Transferring, and Seizing FSMO Roles

Transferring Your FSMO Roles

Exchange 2010 (c/w SP1) Install – Greenfield Site

(Installing on Server 2008 R2)

KB ID 0000416

Problem

Microsoft have not only slipstreamed the service pack into the install media, they have (Finally!) got the install routine to put in all the usual pre-requisites, roles, and features, that you had to do yourself before. (With the exception of the Microsoft 2010 filter pack, but even then you can do that after the install).

The procedure below was done on a single server in a test environment, to demonstrate the simplified procedure, it IS NOT good practice to install Exchange (any version) on a domain controller.

Solution

Before Site Visit

1. Have your install media downloaded and ready to go (Make sure you also have the unlock codes for Exchange – or you will have 119 days to licence it, post install).

2. Does your current anti virus solution support Exchange 2010? Do you need an upgrade?

3. Does your current backup software support Exchange 2010? Do you need to purchase extra remote agents or updates?

Before Deploying Exchange 2010

1. Depending on what documentation you read, some say that the global catalog server(s) in the current site need to be at least Server 2003 SP2. Other documentation says the schema master needs to be at least Server 2003 SP2. Let’s hedge our bets, and make sure that ALL the domain controllers are at least Server 2003 SP2 🙂

2. Your domain and forest functional levels need to be at Windows Server 2003.

3. Don’t forget – your server needs to be x64 bit (the video below was shot on a Server 2008 R2 server).

4. Make sure both the server you are installing on, and the Windows domain, are happy (get into the event viewers of your servers and have a good spring clean before deploying Exchange 2010).

5. Install the Office 2010 Filter Pack, and the Office 2010 Filter Pack Service Pack 1.

6. Install the roles required with the following PowerShell Commands;

[box]

Import-Module ServerManager

For Client Access, Hub Transport, and the Mailbox roles issue the following command;

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart

For Client Access and Hub Transport server roles issue the following command;

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart

For only the Mailbox role issue the following command;

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart

For only the Unified Messaging role issue the following command;

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart

For only the Edge Transport role issue the following command;

Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

[/box]

7. Set the Net.Tcp Port Sharing Service for Automatic startup by running the following command;

[box]Set-Service NetTcpPortSharing -StartupType Automatic[/box]

Exchange 2010 (c/w SP1) Install – Greenfield Site

The single best thing Microsoft has done with the SP1 install media, is to include this tick box.

Related Articles, References, Credits, or External Links

How To Install Exchange 2016 (Greenfield Site)