Different ways of discovering which DCs hold which roles
There are a number of ways to ascertain which DC holds which role. This article discusses the different ways of achieving this.
The msresource.net how-to article "Move the FSMO roles to a different Domain Controller" illustrates how to find and move the FSMO roles using the Microsoft Management Console (MMC) Active Directory Mangement Snap-Ins, therefore this article will only very briefly cover doing this via the GUI and will focus on other, non-GUI, ways of ascertaining which DCs hold the roles.
Via the Command Line
Windows 2000 & 2003
netdom query fsmo [/domain:< dns domain-name="" >]
ntdsutil "roles" "connections" "connect to server < domain-name.com >" "quit"
"select operation target" "list roles for connected server"
dcdiag /test:knowsofroleholders /v [/s:< dc hostname="" >]
Note. All of the above are single line commands. Some commands might have been wrapped for document layout purposes.
Windows 2003
dsquery server -hasfsmo < role >
The roles for the DSQUERY command are:
Via Script
The following script will output the OM roles
' **************************************************************************
' getFSMORoles.vbs
'
' Paul Williams, msresource.net, March 2005
'
' Simple script that pulls and outputs the FSMO roles from AD
'
'
' Author: Paul Williams
' Date: 09-04-2005
' Version: 1.1.2.
'
' Last Updated:01-05-2005
'
'
' USEAGE:
'
' cscript [wscript] getFSMORoles.vbs
'
'
' This script simply binds to the local domain, and reads the FSMO role
' holders from Active Directory and then outputs them.
'
' This script needs to be run by a user with permissions to read all
' naming contexts.
'
' **************************************************************************
Option Explicit
dim objRootDse,objSchema,objDomName,objPDC,objRID,objInfrastructure
set objRootDse=getObject("LDAP://RootDSE")
set objPDC=getObject("LDAP://" & objRootDse.get("defaultNamingContext"))
set objRID=getObject("LDAP://cn=RID Manager$,cn=system," & objRootDse.get("defaultNamingContext"))
set objSchema=getObject("LDAP://" & objRootDse.get("schemaNamingContext"))
set objInfra=getObject("LDAP://cn=Infrastructure," & objRootDse.get("defaultNamingContext"))
set objDomName=getObject("LDAP://cn=Partitions," & objRootDse.get("configurationNamingContext"))
echo"Schema Master: " & objSchema.fsmoroleowner
echo"Domain Naming Master: " & objDomName.fsmoroleowner
echo"PDC Emulator: " & objPDC.fsmoroleowner
echo"RID Master: " & objRID.fsmoroleowner
echo"Infrastructure Master: " & objInfrastructure.fsmoroleowner
' *********************************************************************
' echo(string messageToEcho)
'
' Sub routine simply echos the passed string.
' Sub used for outputting all information to the screen/ console
'
' *********************************************************************
Private Sub echo(strMessage)
wscript.echo strMessage
End Sub
Via the GUI
PDCe, RID, and IM
- Open Active Directory Users and Computers (start\ run\ dsa.msc)
- Right-click on the Active Directory Users and Computers icon in the top left of the left pane and click Operations Masters
- There are three tabs, one for each domain-based FSMO role. Each tab displays the current FSMO role holder and gives you the ability to change it to the DC with which the snap-in is focused.
Domain Naming
- Open Active Directory Domains and Trusts (start\ run\ domain.msc)
- Right-click Active Directory Domains and Trusts in the top left of the left pane and click Operations Masters
Schema
* The snap-in is not registered by default. You need to register the snap-in and then either add the snap-in to a custom MMC console (and save it) or load it using the aforementioned shortcut -it is not added to the Administrative Tools. You register the snap-in by typing regsvr32 schmmgmt.dll at the run command or a command prompt.
Document information
Author: Paul Williams
Version: 2.0
Written: 07-05-2005
Last updated: 27-07-2007
Last updated by: Paul Williams |
Information 
