Windows Server – Locating, Transferring, and Seizing FSMO Roles

FSMO Roles KB ID 0001257 

Problem

I’ve written about transferring and sizing FSMO roles, (Flexible Single Master Operations) before, see the following article;

Transferring Your FSMO Roles

Now you have a PowerShell Commandlet to help ‘Move-ADDirectoryServerOperationMasterRole‘.

FSMO Roles : Solution

As before you can view your FSMO role holders, by using the following command.

[box]netdom query fsmo[/box]

To transfer them to another server, (in the case a host called LAN-2016.

[box]Move-ADDirectoryServerOperationMasterRole -Identity LAN-2016 -OperationMasterRole SchemaMaster,  DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster
[/box]

If you can’t be bothered to type the names, you can also use numbers, i.e.

  • PDCEmulator 0
  • RIDMaster 1
  • InfrastructureMaster 2
  • SchemaMaster 3
  • DomainNamingMaster 4

Obviously this will move them all, omit any you don’t want to move!

How to Seize FSMO Roles In Server 2016

Easy! Same command as above, but you put the ‘-Force’ switch on the end of the command, i.e.

[box]Move-ADDirectoryServerOperationMasterRole -Identity LAN-2016 -OperationMasterRole SchemaMaster,  DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster -Force
[/box]

Note: If you prefer to do this graphically, then see the following article.

Transferring Your FSMO Roles

Related Articles, References, Credits, or External Links

NA

Windows – ‘The directory service has exhausted the pool of relative identifiers’

KB ID 0000797 

Problem

I got this error when attempting to bulk create users with CSVDE (see below). But you may simply see it when trying to create a user, or other AD object.

Unwilling To Perform
The server side error is “The directory service has exhausted the pool of relative identifiers.”

Solution

Well that is a scary looking error! Firstly make sure you can see all your FSMO role servers.

Locate your FSMO Role Servers

In my case, I tracked this down to an old DC that has been removed from the domain but was still referenced in DNS. Open your domain forward lookup zone, look in the _tcp container, for any SRV references to old/removed domain controllers and simply delete them.

Related Articles, References, Credits, or External Links

NA