Eventually that day comes when a domain controller dies an sudden or ignominious death and a secondary controller needs to take it’s place. Well in the last month I’ve had two such occurrences. One on a 2003 domain and another on a 2008 domain. The problem I encountered is that the exact commands that are used by Ntdsutil.exe to seize FSMO roles isn’t easily found. Even Microsoft’s own website didn’t have the commands listed in their article about FSMO seizure. It does have a great deal of very good detail and outlines some important steps to take and some alternative options. Like how to transfer FSMO roles if your PDC is still online.
How to Seize FSMO roles
To seize the FSMO roles by using the Ntdsutil utility, follow these modified steps:
- Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
- Click Start, click Run, type ntdsutil in the Open box, and then click OK.
- Type roles, and then press ENTER.
- Type connections, and then press ENTER.
- Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
- At the server connections prompt, type q, and then press ENTER.
- Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
The actual commands to seize roles are:- Seize Schema Master
- Seize Naming Master
- Seize PDC
- Seize RID
- Seize Infrastructure Master
- At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
One of the Microsoft notes states, (Do not put the Infrastructure master role on the same domain controller as the global catalog server. If the Infrastructure master runs on a global catalog server it stops updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest.)
If you only have one domain controller at this point you must turn on the “Global Catalog” option after seizing the Infrastructure Master role.
For More Info : FSMO placement and optimization on Active Directory domain controllers
Next you’ll need to remove the old PDC data from Active Directory. It’s a somewhat lengthy procedure.
The link : How to remove data in Active Directory after an unsuccessful domain controller demotion
Originally posted by:
– Cory L. Curtis
– (2010-01-08)
Related Noogies
- About the Author
- Latest Posts
Professional geek and early implementer of virtualization in 1998.
Small business owner and was once the network admin for Knight Transportation. Racquetball fanatic, but had to retire from it.
Business, Technical, and Administrative Professional of Web Design, SEO, SSO, UX/UI, Networked Systems, and Virtualization with more than 20 years of experience.