Seizing FSMO Roles in Active Directory

Seizing FSMO Roles in Active Directory

Article Summary: This article provides information on seizing Flexible Single Master Operations (FSMO) roles from a Windows domain controller that is no longer operational.

Important: This article discusses seizing FSMO roles held by a domain controller that is no longer operational. For information on transferring FSMO roles between two operational DCs, refer to this article instead.

In an Active Directory (AD) forest, Flexible Single Master Operations (FSMO) roles are special roles distributed among one or more DCs. Of the five FSMO roles, three are held by one DC per domain:

  • PDC Emulator
  • Infrastructure Master
  • Relative ID (RID) Master

The other two roles are held by one DC in the entire forest:

  • Domain Naming Master
  • Schema Master

For information about the function of each FSMO role and guidelines for their placement in an AD forest, see Microsoft Knowledgebase article 223346.

It is sometimes necessary to seize a role from a domain controller that is no longer functioning or has been removed from the domain without being properly demoted first.

Important: Roles should only be seized when the original holder of the role can't or won't be recovered. If a DC fails but can be recovered by restoring a system-state backup, do not seize any FSMO roles it held; restore the backup instead. If a DC fails in such a way that its operating system must be reinstalled and no system-state backup is available, any FSMO roles it held should be seized by a working DC.

Seizing FSMO Roles Using the Command Line
It is not possible to seize FSMO roles using the graphical interface.

  1. At an elevated command prompt on a working DC, type ntdsutil.
  2. Type roles.
  3. Type connection.
  4. Type connect to server <DC_name>, where <DC_name> is the name of the DC that will inherit the role.
  5. Type quit once.
  6. Type one of the following, depending on the role being seized:
    PDC Emulator: seize pdc
    Infrastructure Master: seize infrastructure master
    RID Master: seize rid master
    Domain Naming Master: seize naming master
    Schema Master: seize schema master
  7. Confirm that you wish to seize the role. There will be a considerable amount of output. The last line should indicate that the role has been seized.
  8. Type quit until you have exited Ntdsutil.

Important: When a FSMO role has been seized, the original role holder must not be brought back online until after its operating system has been reinstalled.

It is also possible to seize FSMO roles in PowerShell by using the Move-ADDirectoryServerOperationMasterRole cmdlet with the -force parameter.

For more information about seizing FSMO roles, see Microsoft Knowledgebase article 255504.

Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

ID de l'article : SLN156016

Date de la dernière modification : 09/03/2014 12:52 PM

Noter cet article

Facile à comprendre
Avez-vous trouvé cet article utile ?
Oui Non
Envoyez-nous vos commentaires
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\
Désolé, notre système de collecte des commentaires est actuellement indisponible. Veuillez réessayer ultérieurement.

Merci pour vos commentaires.