HOW-TO: Ascertain the FSMO role holders

Different ways of discovering which DCs hold which roles

There are a number of ways to ascertain which DC holds which role. This article discusses the different ways of achieving this.

The msresource.net how-to article "Move the FSMO roles to a different Domain Controller" illustrates how to find and move the FSMO roles using the Microsoft Management Console (MMC) Active Directory Mangement Snap-Ins, therefore this article will only very briefly cover doing this via the GUI and will focus on other, non-GUI, ways of ascertaining which DCs hold the roles.


Via the Command Line


Windows 2000 & 2003

netdom query fsmo [/domain:< dns domain-name="" >]

ntdsutil "roles" "connections" "connect to server < domain-name.com >" "quit" 
 "select operation target" "list roles for connected server"

dcdiag /test:knowsofroleholders /v [/s:< dc hostname="" >]

Note. All of the above are single line commands. Some commands might have been wrapped for document layout purposes.

Windows 2003

dsquery server -hasfsmo < role >

The roles for the DSQUERY command are:
  • schema
  • name
  • rid
  • pdc
  • infr

Via Script

The following script will output the OM roles 
' **************************************************************************
' getFSMORoles.vbs
' 
' Paul Williams, msresource.net, March 2005
' 
' Simple script that pulls and outputs the FSMO roles from AD
' 
' 
' Author:  Paul Williams
' Date:  09-04-2005
' Version: 1.1.2.
' 
' Last Updated:01-05-2005
' 
' 
' USEAGE:
' 
'  cscript [wscript] getFSMORoles.vbs
' 
' 
' This script simply binds to the local domain, and reads the FSMO role 
' holders from Active Directory and then outputs them.
' 
' This script needs to be run by a user with permissions to read all 
' naming contexts.
' 
' ************************************************************************** 
Option Explicit 

dim objRootDse,objSchema,objDomName,objPDC,objRID,objInfrastructure 

set objRootDse=getObject("LDAP://RootDSE") 
set objPDC=getObject("LDAP://" & objRootDse.get("defaultNamingContext"))
set objRID=getObject("LDAP://cn=RID Manager$,cn=system," & objRootDse.get("defaultNamingContext"))
set objSchema=getObject("LDAP://" & objRootDse.get("schemaNamingContext"))
set objInfra=getObject("LDAP://cn=Infrastructure," & objRootDse.get("defaultNamingContext"))
set objDomName=getObject("LDAP://cn=Partitions," & objRootDse.get("configurationNamingContext"))

echo"Schema Master: " & objSchema.fsmoroleowner
echo"Domain Naming Master: " & objDomName.fsmoroleowner 
echo"PDC Emulator: " & objPDC.fsmoroleowner
echo"RID Master: " & objRID.fsmoroleowner
echo"Infrastructure Master: " & objInfrastructure.fsmoroleowner 


' *********************************************************************
' echo(string messageToEcho)
' 
' Sub routine simply echos the passed string.
' Sub used for outputting all information to the screen/ console
'
' *********************************************************************
Private Sub echo(strMessage)
	wscript.echo strMessage
End Sub

Via the GUI

PDCe, RID, and IM

  • Open Active Directory Users and Computers (start\ run\ dsa.msc)
  • Right-click on the Active Directory Users and Computers icon in the top left of the left pane and click Operations Masters
  • There are three tabs, one for each domain-based FSMO role. Each tab displays the current FSMO role holder and gives you the ability to change it to the DC with which the snap-in is focused.

Domain Naming

  • Open Active Directory Domains and Trusts (start\ run\ domain.msc)
  • Right-click Active Directory Domains and Trusts in the top left of the left pane and click Operations Masters

Schema

  • Open the Active Directory Schema snap-in* (start\ run\ schmmgmt.msc)
  • Right-click Active Directory Schema in the top left of the left pane and click Operations Masters

* The snap-in is not registered by default. You need to register the snap-in and then either add the snap-in to a custom MMC console (and save it) or load it using the aforementioned shortcut -it is not added to the Administrative Tools. You register the snap-in by typing regsvr32 schmmgmt.dll at the run command or a command prompt.

Document information

Author: Paul Williams
Version: 2.0
Written: 07-05-2005
Last updated: 27-07-2007
Last updated by: Paul Williams



Del.icio.us!Technorati!StumbleUpon!Furl!