Solved

How to view FSMO roles

Posted on 2004-09-21
17
2,157 Views
Last Modified: 2009-03-03
How can I view all of the FSMO roles on a domain and view what server is running what?

After transfering all of the FSMO roles from a 2000 domain controller to a 2003 domain controller how can I retire the old 2000 domain controller to just file server status. The old domain controller still shows up as a domain controller in active directory. Can I simply just delete the domain controller from active directory's domain controllers.

Thanks,
DMS
0
Comment
Question by:DMS-X
  • 6
  • 5
  • 3
  • +2
17 Comments
 
LVL 15

Expert Comment

by:harleyjd
ID: 12117504
In ADUC right click the domain, then "Operations Masters" this will show the current RID, PDC Emulator and Infrastructure master.

In AD Domains and Trusts right click the "active directory domains and trusts" bit. This will show the domain naming master.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;324801

The Schema master is a bit funky if you don't have the schema snapin. I'll let you read that one for yourself.

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12117594
Hi,

Use this command within a dos prompt...

netdom query fsmo
It will query all FSMO rules within a domain.
0
 
LVL 1

Author Comment

by:DMS-X
ID: 12117677
>netdom query fsmo
This command is not found on either of the 2000 or 2003 servers or an XP box? Must be a tool in the resource kit?
0
 
LVL 12

Expert Comment

by:valicon
ID: 12118013
netdom.exe is found in the Support Tools on the Windows 2000 CD-ROM, you can type:

netdom query fsmo

Here is a great link on how to view fsmo roles including a cool vb script:

http://admin.oreillynet.com/catalog/activedckbk/excerpt/activedckbk_3.25.html



No don't delete the old DC!  dcpromo the dc down to a member server.  Just run dcpromo on the old dc and follow through with the wizard. Active Directory will take care of the rest.  Hope this helps :)
0
 
LVL 5

Expert Comment

by:snowsurfer
ID: 12118093
It sounds like a simple environment, go into Active Directory Users and Computers on the new 2003 server, right click on the domain and choose operations master.  In there will be three tabs, click change on each of the tabs, that will get three of the FSMO to your 2003 machine.  Next go into AD Domains and Trusts, right click above the domain on the root of the tree icon and choose operations master.  Click change.  Now you have four of the FSMOs, for the last one, go to start>run and type regsvr32 schmmgmt.dll and click ok.  Then go to start run type mmc and click ok.
On the conosole menu coose add remove snap in
click add
click active directory schema
click add
click close
rightl click the AD schema icon and click change domain controlleer
any domain controller
change

Now all roles are moved

run dcpromo on your old server and reboot it.  If you still see the computer in AD users and computers we can get it cleaned out with adsi edit.

Trust me on this one, it works

0
 
LVL 1

Author Comment

by:DMS-X
ID: 12126941
Thanks snowsurfer and valicaon.

Thanks a bunch I am almost clear on everything but one little thing. After I run the netdom tool and it shows that the new 2003 server has taken over all of the FSMO roles. But what about taking over the global catalog server role. If I go into
Activedirectory sites and services>sites>defualt-first-site-name>servers>netbios name of the server>ntds settings>properties>global catalog check mark box
it is still showing the old 2000 domain controller being the catalog server. The old 2000 server is showing it is still the catalog server while the new 2003 is not. Should I uncheck this box for the old 2000 server and checkmark the box for the new 2003 server before I dcpromo.

Thanks,
DMS
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12128260
It's not a role like the others - you can have more than one GC, so yes, promote the 2k3 server before you run dcpromo on the 2k server.
0
 
LVL 5

Expert Comment

by:snowsurfer
ID: 12128459
Here is a rule for you ALL DOMAIN CONTROLLERS SHOULD BE GLOBAL CATALOG SERVERS.  Go ahead and make sure that box is checked on all domani controllers, whne you run dcrpromo to demote the Win 2k box it will tell you that it is a global catalog server and to make sure you have a new one before you continue
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 15

Expert Comment

by:harleyjd
ID: 12128816
Not to get in to philosophical arguments, snowsurfer, but why would you want all DC's to be GC's?

What if you want only one server to authenticate users, and one just to sit, accept replications and be quiet.

A accept you'd want more than one GC, but that rule of yours is pretty black and white, and if Microsoft thought it was a good idea, then all DC's would be GC's out of the box.

0
 
LVL 12

Expert Comment

by:valicon
ID: 12128957
DMS-X,

Yes check the box for GC on the new Windows 2003 DC and then uncheck the W2k DC, thats fine.  Here is a great link to better understand global catalog servers:

http://www.informit.com/articles/article.asp?p=102269&seqNum=4

Hope this helps :)  If you need any more help, just let me know :)
0
 
LVL 1

Author Comment

by:DMS-X
ID: 12152009
Thanks a bunch guys. Sorry I have not posted back sooner.

I am almost clear on everything but one little thing. Sorry if this sounds dumb, my DC server is also my DNS server. The DNS is AD integrated. I configured my new 2003 server to be a secondary DNS server to the 2000 server. When I run the DCPROMO tool will it also tansfer the primary DNS server role to the new 2003 server. Or is the only way to transfer the primary DNS role to the new 2003 server is by using the DNS GUI.
0
 
LVL 12

Expert Comment

by:valicon
ID: 12152088
If your DNS server is AD integrated then you are not using Primary and Secondary servers.  If the DNS server on the W2k box is AD integrated, just install DNS on the W2003 box and make it AD integrated as well.  Replication will take care of the rest, the W2003 server will get all the DNS info from Active Directory.  You will not need to use the DNS GUI for any of this.  Just to clarify, DNS is not a role like the FSMO roles we have been talking about, roles in the context of DNS, DHCP etc are services that run on the server to provide a service to the network.  FSMO roles, formerly known as Floating Single-Master Operation roles, manage an aspect of the domain or forest, to prevent conflicts. Hope this helps :)
0
 
LVL 1

Author Comment

by:DMS-X
ID: 12163582
>If your DNS server is AD integrated then you are not using Primary and Secondary servers.
Oooops : )

After I transfer all 5 FSMO roles to the new 2003 server and before I run DCPROMO to demote the old 2000 box I am still left with DNS installed on the old 2000 box. I cannot simply delete the DNS zones from the old 2000 server because it will also delete the same zones on the 2003 server. What do I do with DNS on the old 2000 server if anything at all?

Thanks for the help valicon,
DMS
0
 
LVL 12

Expert Comment

by:valicon
ID: 12165648
Once you retire the old W2k server as a domain controller and make it a member server just uninstall DNS from that machine.  However, then you will only have 1 DNS server.  Exactly what size is your environment, workstations, servers etc?  Can you take the old W2k server and make it a Windows 2003 DC as well?  This would provide the best situation, you will have redundancy and since both of the servers are DC's you can add DNS to the second 2003 DC.  Or what if you just kept the W2k DC online, that is also another option.  You can function with one DC and one DNS, but you don't have any redundancy both from a Domain Controller and DNS Server perspective.
0
 
LVL 1

Author Comment

by:DMS-X
ID: 12170040
Thier is around 65 workstations and 5 servers on the network. The old 2000 server has exihbited problems since I took over this job 1.5 years ago. It takes 10 min. to boot. Besides it is also a file server, print server and SQL server. I just don't trust it fully.
>Can you take the old W2k server and make it a Windows 2003 DC as well?
I don't have the 2003 licenense for this.

>Or what if you just kept the W2k DC online, that is also another option.
I might consider this as an option.
Baically what you are saying is after I transfer all 5 FSMO roles to the new 2003 server I could just skip the DCPROMO on the 2000 server?

One of my problems I am having is when the prevous system admin migrated everything from NT 4 years ago it looks like they had a unsucsessfull demotion of the  NT server or they did things wrong. In active directory the NT server it is still showing up as a DC. It is looking like this is going to be a pain to remove. I am not sure if this is going to cause me any problems If I keep it in AD.

Thanks for all of your great help.
0
 
LVL 12

Accepted Solution

by:
valicon earned 500 total points
ID: 12171513
>Baically what you are saying is after I transfer all 5 FSMO roles to the new 2003 server I could just skip the DCPROMO on the 2000 server?
Yes.  Use it as a DC for redundancy.

Take a look at this link for removing a nonexistent dc:

http://www.winnetmag.com/Article/ArticleID/13414/13414.html

Hope this helps :)
0
 
LVL 1

Author Comment

by:DMS-X
ID: 12181086
Thanks for your patience, and also your great expertise : )
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now