{"id":19,"date":"2009-03-25T12:27:57","date_gmt":"2009-03-25T10:27:57","guid":{"rendered":"http:\/\/blog.syshalt.net\/?p=19"},"modified":"2012-01-26T00:06:56","modified_gmt":"2012-01-25T22:06:56","slug":"transfer-or-seize-fsmo-roles","status":"publish","type":"post","link":"https:\/\/blog.syshalt.net\/index.php\/2009\/03\/25\/transfer-or-seize-fsmo-roles\/","title":{"rendered":"Transfer or seize FSMO roles in Windows Server 2003"},"content":{"rendered":"<p>Few months ago I had a situation when one of our Windows Server 2003 DC`s crashed, the big problem was that the crashed DC owned all FSMO roles.<\/p>\n<p>To explain a bit, a Windows Server 2000\/2003 that is promoted to DC has 5 FSMO (Flexible Single Master Operations) usualy are kept on same DC, but in some scenarious administrators can move them to a different DC.<\/p>\n<p>The five FSMO roles are:<\/p>\n<p><strong>Schema Master<\/strong>: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.<br \/>\n<strong>Domain naming master<\/strong>: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.<br \/>\n<strong>Infrastructure Master<\/strong>: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.<br \/>\n<strong>Relative ID (RID) Master<\/strong>: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.<br \/>\n<strong>PDC Emulator<\/strong>: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.<\/p>\n<p>You can transfer FSMO roles by using the Ntdsutil.exe command line utility or by using MMC snap-in. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in:<\/p>\n<p>\u2022 Active Directory Schema snap-in<br \/>\n\u2022 Active Directory Domains and Trusts snap-in<br \/>\n\u2022 Active Directory Users and Computers snap-in<\/p>\n<p>The transfer operation works only if the DC that owns the roles is functional in your domain.<br \/>\nYou can transfer them using <strong>Ntdsutil<\/strong> from your command line.<\/p>\n<p>1. On any domain controller press <strong>START <\/strong>-&gt; <strong>RUN <\/strong>type <strong>CMD <\/strong>then type <strong>Ntdsutil<\/strong> then press <strong>ENTER<\/strong><br \/>\n2. Type <strong>roles<\/strong> then press <strong>ENTER<\/strong><br \/>\n3. Type <strong>connections<\/strong> then press <strong>ENTER<\/strong><br \/>\n4. Type <strong>connect to server servername <\/strong>, where <strong>servername<\/strong> is the name of the server where you want to transfer the roles.<br \/>\nA message will appear:<\/p>\n<p>Binding to servername &#8230;<br \/>\nConnected to servername using credentials of locally logged on user.<br \/>\nserver connections:<\/p>\n<p>5. Type <strong>q<\/strong> and press <strong>ENTER<\/strong><br \/>\n6. It should appear now:<\/p>\n<p>fsmo maintenance:<\/p>\n<p>6. Now we can proceed to transfer the roles, type one by one the following commands:<\/p>\n<p><strong>Transfer schema master<br \/>\nTransfer domain naming master<br \/>\nTransfer PDC<br \/>\nTransfer RID master<br \/>\nTransfer infrastructure master<\/strong><\/p>\n<p>A message will appear asking if you want to transfer the role.<\/p>\n<p>7. After you finish, type <strong>q<\/strong> and press ENTER and a nother <strong>q<\/strong> till you exit from <strong>Ntdsutil<\/strong>.<\/p>\n<p>In the case you have only one DC working and the DC that owned the FSMO roles crashed you will need to use the <strong>sieze<\/strong> command instead of <strong>transfer<\/strong><\/p>\n<p>Example:<\/p>\n<p><strong>Seize schema master<br \/>\nSeize domain naming master<br \/>\nSeize PDC<br \/>\nSeize RID master<br \/>\nSeize infrastructure master<\/strong><\/p>\n<p>If you have any questions post them as a comment, I`ll be glad to answer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Few months ago I had a situation when one of our Windows Server 2003 DC`s crashed, the big problem was that the crashed DC owned all FSMO roles. To.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,5],"tags":[417,411,125,430,432,427,416,429,418,402,415,423,401,413,410,426,424,566,421,425,406,130,419,409,405,412,408,330,404,420,431,403,407,65,414,40,422,241,428,433],"class_list":["post-19","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-windows-server-2003","tag-backup-domain-controllers","tag-binding","tag-client","tag-client-software","tag-discrepancies","tag-domain-controller","tag-domain-master-browser","tag-earlier-versions-of-windows","tag-five-fsmo-roles","tag-flexible","tag-forest","tag-forest-domain","tag-fsmo","tag-maintenance","tag-master","tag-master-domain","tag-member-servers","tag-microsoft","tag-microsoft-windows-2000","tag-microsoft-windows-xp-professional","tag-operation","tag-password","tag-pdc-emulator","tag-processing","tag-professional","tag-relative","tag-removal","tag-role","tag-schema","tag-schema-master","tag-server-2000","tag-single","tag-software","tag-time","tag-trusts","tag-windows-2000-2","tag-windows-2000-client","tag-windows-server","tag-windows-xp-professional","tag-workstations"],"_links":{"self":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/19","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":15,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":185,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions\/185"}],"wp:attachment":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}