Link to home
Start Free TrialLog in
Avatar of zenworksb
zenworksb

asked on

Movinf fismo roles

We would like to move our fismo roles from one server to another what is teh best way to do this. Thanks
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

FSMO Servers
There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest.
**********Locate FSMO Servers Graphically**********
To View RID MASTER, PDC EMULATOR and INFRASTRUCTURE MASTER
1.      Go to a domain controller.
2.      Start > run > dsa.msc {enter}
3.      Right click domain name > Operations masters
NOTE: You can change the server holding these roles from this console.
To view the SCHEMA MASTER graphically do the following
1.      Start >  Run  > regsvr32 schmmgmt.dll {enter} > OK
2.      Start > run > mmc {enter}.
3.      File > Add / Remove Snap-In > Add > Active Directory Schema > Add  Close > OK
4.      Right Click Active Directory Schema  > Operations Master.
To View the DOMAIN NAMING MASTER
1.      Start > Run > domain.msc {enter}
2.      Right Click Active Directory Domains and Trusts  > Operations Master.

**********Locate FSMO Servers via Command Line**********
1.      Start > run > Cmd {enter}
2.      netdom query /domain:<domain> fsmo
Example
C:\Documents and Settings\pete.mydomain>netdom query /domain:mydomain.co.uk fsmo
Schema owner                 Server1.mydomain.co.uk
Domain role owner            Server2.mydomain.co.uk
PDC role                     Server1.mydomain.co.uk
RID pool manager             Server3.mydomain.co.uk
Infrastructure owner         Server2.mydomain.co.uk
The command completed successfully.

**********General Rules for Placement**********

If you only have 1 domain in the forest everything goes in that one domain.
If not....
Forest Root Domain gets the Domain Naming Master, and the Schema Master roles
Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.
Though not an FSMO role each logon location should have a Global Catalogue server
(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)
Placement
1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).
2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).
3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).

**********Locate Global Catalogue Servers**********

To check if a domain controller is also a global catalogue server:
1.      Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.      Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3.      Open the Servers folder, and then click the domain controller.
4.      In the domain controller's folder, double-click NTDS Settings.
5.      On the Action menu, click Properties.
6.      On the General tab, locate the Global Catalogue check box to see if it is selected

To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles.
Note Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest.
To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
1. On any domain controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.
Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
2. Type roles, and then press ENTER.
To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server servername, where servername is the name of the server you want to use, and then press ENTER.
5. At the server connections: prompt, type q, and then press ENTER again.
6. Type seize role, where role is the role you want to seize. For a list of roles that you can seize, type ? at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type seize rid master. The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator".
Note All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.
Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles.
If the original domain controller with the FSMO roles is still online, transfer the roles. Type transfer role.
7. After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool.
Note Do not put the Infrastructure Master role on the same domain controller as the global catalogue.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132 
To check if a domain controller is also a global catalogue server:
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller's folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, locate the Global Catalogue check box to see if it is selected.
*****References*****
Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
http://support.microsoft.com/?kbid=255504 
Windows 2000 Active Directory FSMO Roles
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132 
Flexible Single Master Operation Transfer and Seizure Process
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787 
 
Avatar of Chris Hudson
Chris Hudson
follow http://support.microsoft.com/kb/255690 .It's the easiest way