Friday, August 9, 2019

Domain Controller Roles Check and Force Transfer - How to Seize the Roles

How to Check Domain Controller Roles and Change them in a Dual DC Setup - Seize the Roles


Using NetDom

using the netdom command in a command prompt or dos prompt window to display the assignment of roles.  Herre we have roles split between ADS-01 and DC1 servers.  The text in red/yellow is what YOU type in to make it happen.

C:\Users\Administrator.HOMESLICE> netdom query fsmo
Schema master               ADS-01.homeslice.local
Domain naming master        ADS-01.homeslice.local
PDC                         DC1.homeslice.local
RID pool manager            DC1.homeslice.local
Infrastructure master       DC1.homeslice.local
The command completed successfully.


Using ntdsutil

Using ntdsutil to transfer the schema master and naming master. For the homeslice domain, we will transfer the roles from ADS-01 to DC1 using ntdsutil. The complete history is shown below.  Sometimes you need to forcibly seize the roles and force a transfer.  The text in red/yellow is what YOU type in to make it happen.

C:\Users\Administrator.HOMESLICE>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server dc1
Binding to dc1 ...
Connected to dc1 using credentials of locally logged on user.
server connections: q
fsmo maintenance: transfer schema master
Server "dc1" knows about 5 roles
Schema - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
Naming Master - CN=NTDS Settings,CN=ADS-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
PDC - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
RID - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
Infrastructure - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
fsmo maintenance: transfer naming master
Server "dc1" knows about 5 roles
Schema - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
Naming Master - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
PDC - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
RID - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
Infrastructure - CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homeslice,DC=local
fsmo maintenance: q
ntdsutil: q

C:\Users\Administrator.HOMESLICE>netdom query fsmo
Schema master               DC1.homeslice.local
Domain naming master        DC1.homeslice.local
PDC                         DC1.homeslice.local
RID pool manager            DC1.homeslice.local
Infrastructure master       DC1.homeslice.local
The command completed successfully.

References:
https://www.petri.com/transferring_fsmo_roles


2 comments:

  1. Nice to be visiting your blog again, it has been months for me. Well this article that i've been waited for so long. I need this article to complete my assignment in the college, and it has same topic with your article. Thanks, great share.
    rta bus timing

    ReplyDelete
    Replies
    1. Don't be a stranger, check back often and say hello to your friends here.

      Delete