Computer Performance, Windows Server 2003

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

Windows Server 2003 - How to Transfer FSMO Roles

Guy RecommendsGFi Events Manager

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

OpusFlow Exchange
Group Calendar

OpusFlow Exchange Group Calender

FSMO (Flexible Single Master Operations)

Remember that in the acronym FSMO, the word Flexible means that you can move the role to a more suitable domain controller.  There are two scenarios for transferring the FSMO roles, the first is a planned transfer where the original FSMO Operations Master is up and running.  Alternatively, if the original FSMO master has been stolen, corrupted or otherwise unavailable then you need NTDSUTIL

Topics for Transferring the FSMO Master.

Planning the FSMO Transfer

As a matter of planning strategy, decide if this move is a short term fix, or part of a long term transfer of role.  Another consideration is do you want all the roles on the same Domain Controller.  The answer is probably not, for example, best practice suggests that the Infrastructure master should not be on a Global Catalog.

If the Global Catalog server and Infrastructure Master are on the same server, the Global Catalog no longer updates information.  You can either just accept this peculiarity, or research why it thinks it knows best and does not need to replicate.  This is only a problem in a multi-domain forest.

Your planning should also take into account the fact that each domain has its own RID, PDC and Infrastructure Master, while there is only one Schema and one Domain Naming Master for the entire Active Directory Forest.

Finally a minor consideration, have you the correct rights, for example, do you have access to an account, which is and Enterprise Administrator and Schema Administrator.

Where to Find the 5 FSMO Masters

Three of the FSMO Operational Masters are found under the domain in Active Directory Users and Computers.  The FSMO roles found here are: RID, PDC and Infrastructure masters.  Right click on the domain name (cp.com in diagram) then select Operations Masters.

The Domain Naming Master is tucked away under the Active Directory Domains and Trusts.  While the hardest FSMO master to find is the Schema Master, the reason being you first have to register the schema snap in with the command: Start, Run Start, regsvr32 schmmgmt.dll.

Now that you have located the 5 Operation Masters, the technique to transfer ownership is the same in each case.

TrainSignal - Recommended Training VideosMore Information. As an MCT trainer, I can thoroughly endorse TrainSignal because they deliver practical hands on training.  In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example File Server or go for a combination of modules.  See more about Windows 2003 training here

Pull those Operations Masters

The key concept is Pull.  Make sure that you are connected to the destination server.  This is really such a simple point but once you have grasped the concept, the knack transferring FSMO roles will be easy.  Sorry to harp on, but unless you make the new FSMO domain controller the focus for the MMC snap in, trust me, you will be frustrated.

At Last - We get to Press the Change Button

Now that you have the 'focus' on the new Operations Master, your transfer will proceed smoothly.  After double checking that the server names are the correct way around, just click on the Change Button.

Now it's on to the next Operations Master, remember that there are 5 roles.  Although some Forests may have more than one RID, PDC and Infrastructure master, usually you only need to take one server out of commission at a time.  However if you are taking the opportunity to restructure your FSMO roles then you may have to make more than 5 changes.

NTDSutil

NT directory service utility (NTDSutil) reminds me of UNIX or mainframes.  What you get with NTDSutil is command line program with powerful verbs that can dramatically affect the operating system.  Rather like ESEutil you should take every opportunity to practice with NTDSutil, so that when you have to use it in anger you will know what you are doing.  Even so backup because there are no safety checks and the wrong command can wreak havoc.

When you are configuring FSMO with NTDSutil, the command that is,
Seize PDC  (or Seize RID etc).  However, as soon as you execute NTDSutil you realize how many different jobs this utility has.

  Make use of help at every NTDSutil prompt

Sample NTDSutil command session

ntdsutil, roles  -  help
connections - help
connect to server yourserver (change yourserver but include the word 'to')
seize pdc (or other FSMO Role)


C:\>ntdsutil
ntdsutil: roles
fsmo maintenance: help

? - Show this help information
Connections - Connect to a specific domain controller
Help - Show this help information
Quit - Return to the prior menu
Seize domain naming master - Overwrite domain role on connected server
Seize infrastructure master - Overwrite infrastructure role on connected server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer domain naming master - Make connected server the domain naming master
Transfer infrastructure master - Make connected server the infrastructure master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master


fsmo maintenance: connections
server connections: help

? - Show this help information
Clear creds - Clear prior connection credentials
Connect to domain %s - Connect to DNS domain name
Connect to server %s - Connect to server, DNS name or IP address
Help - Show this help information
Info - Show connection information
Quit - Return to the prior menu
Set creds %s %s %s - Set connection creds as domain, user, pwd.
Use "NULL" for null password,
* to enter password from the console.

server connections: connect to server william
Binding to william ...
Connected to william using credentials of locally logged on user.
server connections: seize pdc

 

 

Additional ideas to troubleshooting FSMO

Summary - FSMO transfer

Before you learn the knack of transferring the FSMO or Operations Master, take a minute to plan which Domain Controllers should hold which roles.  It is possible that existing servers have inappropriate roles, for example if your forest has grown, the Schema master is best in the Root domain. 

(There is a also an important Global Catalog Role, however its not a FSMO as you can have more than one Global Catalog.  See more on Global Catalog Server)

See Also

FSMO Advice   FSMO Roles  ● FSMO Case Study


   Download your Active Directory 2003 eBook for only $5.25

The extra features you get in your eBook include: lots of examples on 'How to ...'.  New pages with deployment recommendations.  Detailed instructions and screen shots showing the menus to configure.

Go for offline convenience and get a printable version with copy enabled and no expiry date. Released October 2003.  Check out the features.

 

 .

Google

WebComputerperformance.co.uk

GFi Events Manager

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network.  Get your free evaluation copy of GFI EventsManager.

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.