SUMMARY
This article describe how to find the servers that hold the
Flexible Single Master Operation (FSMO) roles in a forest. Active Directory
defines five FSMO roles:
- Schema master
- Domain naming master
- RID master
- PDC master
- Infrastructure master
The schema master and the domain naming master are per-forest
roles. Therefore, there is only one schema master and one domain naming master
per forest.
The RID master, the PDC master, and the infrastructure
master are per-domain roles. Each domain has its own RID master, PDC master,
and infrastructure master. Therefore, if a forest has three domains, there are
three RID masters, three PDC masters, and three infrastructures
masters.
back to the top
How to Determine the RID, PDC, and Infrastructure FSMO Holders of a Selected Domain
- Click Start, click Run, type dsa.msc, and then click OK.
- Right-click the selected Domain Object in the top left
pane, and then click Operations Masters.
- Click the PDC tab to view the server holding the PDC master role.
- Click the Infrastructure tab to view the server holding the Infrastructure master
role.
- Click the RID Pool tab to view the server holding the RID master role.
back to the top
How to Determine the Schema FSMO Holder in a Forest
- Click Start, click Run, type mmc, and then click OK.
- On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Schema, click Close, and then click OK.
- Right-click Active Directory Schema in the top left pane, and then click Operations Masters to view the server holding the schema master role.
NOTE: For the Active Directory Schema snap-in to be available, you may
have to register the Schmmgmt.dll file. To do this, click
Start, click
Run, type
regsvr32 schmmgmt.dll in the
Open box, and then click
OK. A message is displayed that states the registration was
successful.
back to the top
How to Determine the Domain Naming FSMO Holder in a Forest
- Click Start, click Run, type mmc, and then click OK.
- On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Domains and
Trusts, click Close, and then click OK.
- In the left pane, click Active Directory Domains
and Trusts.
- Right-click Active Directory Domains and
Trust, and then click Operations Master to view the server holding the domain naming master role in the
Forest.
back to the top
Using the Windows 2000 Server Resource Kit
The Windows 2000 Resource Kit contains a .cmd file called
Dumpfsmos.cmd that you can use to quickly list FSMO role owners for your
current domain and forest. The .cmd file uses Ntdsutil.exe to enumerate the
role owners. The Dumpfsmos.cmd file contains:
@echo off
REM
REM Script to dump FSMO role owners on the server designated by %1
REM
if ""=="%1" goto usage
Ntdsutil roles Connections "Connect to server %1" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit
goto done
:usage
@echo Please provide the name of a domain controller (i.e. dumpfsmos MYDC)
@echo.
:done
back to the top
Using the NTDSUTIL Tool
NTDSUTIL is a tool included with Windows 2000 Server, Windows
2000 Advanced Server, and Windows 2000 Datacenter Server. This tool is can be
used to verify change certain aspects of the Active Directory. The following is
the steps needed to to view the Flexiible Single Master Operation (FSMO) roles
on a given Domain Controller.
Ntdsutil.exe is the only tool that
shows you all the FSMO role owners. You can view the PDC emulator, RID master,
and infrastructure master role owners in Active Directory Users and Computers.
You can view the schema master role owner in the Active Directory Schema
snap-in. You can view the domain naming master role owner in Active Directory
Domains and Trusts.
- Click Start, click Run, type cmd in the Open box, and then press ENTER.
- Type ntdsutil, and then press
ENTER.
- Type domain management, and then
press ENTER.
- Type connections, and then press
ENTER.
- Type connect to server
ServerName, where
ServerName is the Name of the Domain Controller you
would like to view, and then press ENTER.
- Type quit, and then press
ENTER.
- Type select operation target, and
then press ENTER.
- Type list roles for connected
server, and then press ENTER.
A list is displayed similar to what is listed below. Results
may very depending on the roles the particular Domain Controller may hold. If
you receive an error message, check the spelling of the commands as the syntax
of the commands must be exact. If you need the syntax of a command, type
? at each prompt:
Server "dc1" knows about 5
roles
Schema - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=com
Domain - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=com
PDC - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=com
RID - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=com
Infrastructure - CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=com
back to the top
USING DCDIAG
On a Windows 2000 Domain Controller, run the following command:
DCdiag /test:Knowsofroleholders /v
You must use the /v switch. This lists the owners of all FSMO roles in
the enterprise.
back to the top