How to Transfer and Seize FSMO role of a Domain Controller using ntdsutil utility

October 24, 2012 Leave a comment

How to Transfer and Seize FSMO role of a Domain Controller using ntdsutil utility

There are graceful way to transfer FSMO role of a domain controller in a forest.which will be known to everybody and it is easy to do in Active Directory Users and Computers and Active Directory Domains and Trusts console,there are some screens below which will remind you the steps which all are self explanatory. This article is inspired form these M$ KB Articles:- http://support.microsoft.com/kb/255504 , http://support.microsoft.com/kb/324801 .

To find FSMO role, on command prompt type :- netdom query FSMO

Open Active Directory Users and Computers and right the domain name and select Operations Master from the context menu.

clip_image002

clip_image004

clip_image006

clip_image007

Open Active Directory Domains and Trusts and right the domain name and select Operations Master from the context menu.

clip_image008

clip_image009

For schema master, first register the file schmmgmt.dll by using this command regsvr32 schmmgmt.dll

clip_image010

Go to mmc ,add the snap in Active Directory Domains Schema and Right-click on Active Directory Domains Schema, and select Operations Master from the context menu.

clip_image012

clip_image013

The above steps are all graceful transfer of FSMO roles. For some reason like me I, had a situation in one of my client, I can’t do the graceful transfer,then I had gone through some hard way to transfer and seize the domain controller ,Let me share that with you guys. Below is the screen that I have got when I tried for the graceful move.

clip_image015

In this article we will use ntdsutil

http://technet.microsoft.com/en-us/library/cc976711.aspx

Type ntdsutil in the administrative command prompt, then on the ntdsutil prompt type roles, then FSMO maintenance prompt type connect to <your Domain Controller> then type q. Now you can transfer or seize role to your working domain Controller. Below is the screen for the command used along with ntdsutil

clip_image016

clip_image017

clip_image018

clip_image019

What are the difference between transferring a FSMO role and seizing?

Seizing is a destructive FSMO process and you should only use, if the existing server with the FSMO is no longer available. If the domain controller that is the Schema Master FSMO role holder is temporarily unavailable, DO NOT seizes the Schema Master role. If you are going to seize the Schema Master, It is better that permanently disconnect the current Schema Master from the network and also recommended to reformat the original schema master drive. Transferring of FSMO is not a destructive process and you can transfer the roles to any domain controller in the forest based on the recommendation.

clip_image020

clip_image021

All the options in this utility are self-explanatory,  I hope you will not have any hard time. Try to read some article before performing this operation.

Filed under Windows Techniques Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

About Nideesh - Dkey Solutions
Being working as a Network and Security Specialist and Senior System Administrator in my carrier, worked on different platforms which include NT4, 2000, 2003 R2 and Windows 2008&R2. And Linux (Red hat, and Susie Enterprise) Handheld experience and practical knowledge of Active directory management, windows security, scripting and GPO. Ms Cluster, SQL Serves and Exchange installation and configuration. Good knowledge on IBM Tivoli management, IBM TSM, Maximo Service Desk administration. VMware ESX Server and Microsoft virtual server 2005, R2 and Hyper-V installation and Configuration and TSM Backup Archive solutions. -- Best Regards, Nideesh Nattiala nideesh@gmail.com

Leave a comment