Scribd
Upload
108 views4 pages

The 5 FSMO Roles Are As Follows

This document discusses Flexible Single Master Operations (FSMO) roles in Active Directory. It defines the five FSMO roles as Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master. It describes the function of each role and provides instructions for determining the current role holders using GUI tools like Active Directory Users and Computers or commands like NTDSUtil and netdom. The document also covers how to transfer FSMO roles between domain controllers and determine if a DC is a Global Catalog server.

Uploaded by

PRABHAT KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
108 views4 pages

The 5 FSMO Roles Are As Follows

This document discusses Flexible Single Master Operations (FSMO) roles in Active Directory. It defines the five FSMO roles as Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master. It describes the function of each role and provides instructions for determining the current role holders using GUI tools like Active Directory Users and Computers or commands like NTDSUtil and netdom. The document also covers how to transfer FSMO roles between domain controllers and determine if a DC is a Global Catalog server.

Uploaded by

PRABHAT KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

FSMO : FLEXIBLE SINGLE MASTERS OF OPERATIONS

The 5 FSMO roles are as follows:


 Schema Master (forest-wide)
 Domain Naming Master (forest-wide)
 RID Master (domain-specific)
 PDC Emulator (domain-specific)
 Infrastructure Master (domain-specific)

Schema Master: The Schema Master role manages the read-write copy of your Active
Directory schema. The AD Schema defines all the attributes – things like employee ID,
phone number, email address, and login name – that you can apply to an object in your
AD database.
Domain Naming Master: The Domain Naming Master makes sure that you don’t
create a second domain in the same forest with the same name as another. It is the
master of your domain names. Creating new domains isn’t something that happens
often, so of all the roles, this one is most likely to live on the same DC with another role.
RID Master: The Relative ID Master assigns blocks of Security Identifiers (SID) to
different DCs they can use for newly created objects. Each object in AD has an SID,
and the last few digits of the SID are the Relative portion. In order to keep multiple
objects from having the same SID, the RID Master grants each DC the privilege of
assigning certain SIDs.
PDC Emulator: The DC with the Primary Domain Controller Emulator role is the
authoritative DC in the domain. The PDC Emulator responds to authentication requests,
changes passwords, and manages Group Policy Objects. And the PDC Emulator tells
everyone else what time it is! It’s good to be the PDC.
Infrastructure Master: The Infrastructure Master role translates Globally Unique
Identifiers (GUID), SIDs, and Distinguished Names (DN) between domains. If you have
multiple domains in your forest, the Infrastructure Master is the Babelfish that lives
between them. If the Infrastructure Master doesn’t do its job correctly you will see SIDs
in place of resolved names in your Access Control Lists (ACL).
Determine FSMO role holders using the GUI
How to determine which DC has the domain-specific FSMO roles, ie RID Master, PDC
Emulator and Infrastructure Master.
Open the Active Directory Users and Computers console, right-click the domain and
then Operations Masters.
How to determine which DC has the Domain Naming Master role.
Open the Active Directory Domain and Trusts console, right-click the name icon and then
the Operations Master.
How to determine which DC has the Schema Master role.
Initially, you will need to register the corresponding dll. From Run or Command Prompt, type
the following command.
regsvr32 schmmgmt.dll
Then, open an MMC console (through the search or Run), and add the Active Directory
Schema from the Add / Remove Snap-in menu.

Here, right click on the icon and then in Operations Masters.


Determine FSMO role holders using the command line
With the netdom command, it’s very easy and quick to recognize which DCs have FSMO roles. In
a Command Prompt window of a DC, type the following command.
netdom query fsmo
Seize FSMO roles using the NTDSUtil tool
First, open the command prompt with administrative privileges.
Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server DC01 and press Enter, where DC01 type the server computer name to
transfer the FSMO roles to.
Type quit and press Enter.
Then, we will seize the FSMO roles one by one with the corresponding command, as the case
may be. After each Enter appears a confirmation window. Just click Yes to continue.
Also, to mention that, during the seize process, NTDSUtil tries to make a simple transfer first
(which obviously fails) and then proceeds to the forcible transfer.
For the Schema Master role, type seize schema master and press Enter.
For the Domain Naming Master role, type seize naming master and press Enter.
For the RID Master role, type seize rid master and press Enter.
For the PDC Emulator role, type seize pdc and press Enter.
For the Infrastructure Master role, type seize infrastructure master and press Enter.

Determine if a DC is a Global Catalog (GC) server


Using the graphical user interface (GUI)
After you connect to DC, open the Active Directory Sites and Services console. Expand
the Sites container until you find the DC you want to check. Right-click NTDS Settings and then
click Properties.
Here, on the General tab, you can see if the Domain Controller has enabled the Global
Catalog role or not.
Transfer FSMO roles using the GUI
To transfer domain-specific FSMO roles, ie RID Master, Infrastructure Master and PDC Emulator,
follow the steps below.
Open the Active Directory Users and Computers console, right-click the domain and then
in Operations Masters. Here, each tab displays the three FSMO roles.
To transfer one of the three FSMO roles to another DC, click Change and confirm your action.
To transfer the forest-specific FSMO Domain Naming Master role, follow these steps.
Open the Active Directory Domain and Trusts console, right-click the icon and then Operations
Masters. If you are not already connected to the DC you are about to transfer the role, then you
can do so by clicking Change Active Directory Domain Controller in the same menu.
In the same way, you will see who is the current role holder and by clicking the Change button
you can transfer the role to another DC.
To transfer the forest-specific FSMO Schema Master role, follow the steps below.
First, in a command-line window with administrator rights, type the following command to
register the AD Schema snap-in.
regsvr32 schmmgmt.dll

Then, open an MMC console (for example, pressing mmc on the Search or Run), and from
the File – Add / Remove Snap-in menu, add the Active Directory Schema console.

Here, right click on the icon and then in Operations Masters. You will need to be connected to
the corresponding DC you are going to transfer the role you can do through the Change Active
Directory Domain Controller option in the menu.
As before, by clicking the Change button you can move the Schema Master role to another DC.

Transfer FSMO roles using the NTDSUtil tool


First, open the command prompt with administrative privileges.
Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server DC2 and press Enter, where DC2 is the server computer name that will
transfer the FSMO roles to.
Type quit and press Enter.
Next, we will transfer FSMO roles one by one with the corresponding command, as the case
may be. After each Enter appears a confirmation window. Just click Yes to continue.
For Schema Master, type transfer schema master and press Enter.
For RID Master, type transfer rid master and press Enter.
For Domain Naming Master, type transfer naming master and press Enter.
For PDC Emulator, type transfer pdc and press Enter.
For Infrastructure Master, type transfer infrastructure master and press Enter.
ntdsutil
roles
connections
connect to server dc2
quit
transfer naming master

Identify the Domain and Forest Functional Level using the GUI
Once you have connected to the Domain Controller (DC), open Server Manager and then
the Active Directory Domains and Trusts console from the Tools menu.
Right-click the domain and then click Properties.
Here, on the General tab, you will see both the Domain Functional Level and the Forest
Functional Level of Active Directory.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy