Friday, January 31, 2014

How to Check and Migrate the FSMO Owners in Microsoft Active Directory

This post will describe an easy method to determine who currently holds the FSMO roles in Windows Server.

This post will also describe how to migrate the roles by using the GUI tools for Active Directory.

Check All FSMO Roles from Powershell or from Command Prompt

My preferred method is a simple netdom command that is run from command line or from PowerShell.

The command to determine the FSMO roles in your Active Directory domain is netdom /query:fsmo

The output will look like this:


In the example above you see that the Domain Controller AZ-DC1.testlab.local holds all of the FSMO roles.

Check and Migrate RID Master, PDC, and Infrastructure Master Roles

  • From Active Directory Users and Computers (ADUC) right-click on the domain name and select Operations Masters...

  • This will bring up the Operations Masters dialog box.  
    •  If you want to migrate these roles from here, you will need to launch it from the DC that you want to hold the roles.  In our example we are launching the menu from TX-DC1 since this is the central office in our lab.
  • Select each tab for the appropriate FSMO role you would like to migrate and click the Change button to move the role to the DC listed in the lower text box.

  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.
  • Repeat for each FSMO role


Check and Migrate Domain Naming Master Role

  • Launch Active Directory Domains and Trusts
  • Right click Active Directory Domains and Trusts and select Operations Master
    • If the target DC is not the DC you are currently logged into you will need to close the Operations Master dialog box and Right Click Active Directory Domains and Trusts and select Change Active Directory Domain Controller...

    • Change Directory Server: Select the This Domain Controller or AD LDS instance radio button and double-click the DC you want to transfer the role to.
    • Now when you launch the Operations Master dialog box, you will see the correct target DC.
  • Click Change to move the operations master to the target DC
  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.

Check and Migrate the Schema Master Role

The Schema Master MMC is not available by default and must be unlocked by running the following command.
  • From command prompt or PowerShell, run regsvr32 scmmgmt.dll and click OK when it has registered successfully

  • Once the DLL is registered, you need to load the Active Directory Schema MMC 
    • From the run menu, command prompt or PowerShell type mmc to launch a blank MMC console
    • Select the File menu and click Add/Remove Snap-in
    • Double click the Active Directory Schema snap-in from the Available snap-ins menu and click OK

  • Right click Active Directory Schema and select Operations Master...

  • Click Change to move the operations master to the target DC
  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.

Confirm the FSMO Roles have been Migrated to the Correct DC

Re-run the command netdom /query:fsmo


You can now see that all of the FSMO roles are on the TX-DC1 domain controller.

This concludes How to Check and Migrate the FSMO Owners in Microsoft Active Directory.

I hope this was helpful and informative to you and I would appreciate any feedback you may have.


Posted by at No comments:

Sunday, January 12, 2014

Create and Assign Subnets to Each Site in Active Directory Sites and Services

Adding subnets to a site helps Active Directory know where a computer or domain joined device lives within your Active Directory infrastructure.  By adding the appropriate subnets for each site to Active Directory Sites and Services you are telling Active Directory that traffic for COMPUTER1 is coming from IP 10.100.x.x and that IP is in site FloridaSite so COMPUTER1 is in FloridaSite.  This will help the computer know which Domain Controller to try to authenticate with first and will help AD integrated services know where the closest Global Catalog server is in the domain.
  • We will continue from where we left off and begin in the Active Directory Sites and Services MMC.




  • Expand the Sites folder and right-click Subnets then click New subnet

  • New Object – Subnet: Type in the network in CIDR format inf the Prefix text box then select the site that has this subnet.  Click OK

  • You will now see the new subnet in the Active Directory Sites and Services MMC under the Subnets folder.
  • To edit the existing subnet simply double-click the object and change any parameters you need to

  • I have created the remaining subnets needed for my test lab and am now ready to create Inter-Site transports for replication traffic.
    This concludes how to Create and Assign Subnets to Each Site in Active Directory Sites and Services.

    I hope this was helpful and informative to you and I would appreciate any feedback you may have.
Posted by at No comments:

How to Create Active Directory Sites in Active Directory Sites and Services

This post will describe how to create a new site in Active Directory. Sites are used in Active directory to determine the best path for replication traffic and for many services that you will implement in your domains.  Services include Microsoft Exchange server, AD Rights Management Services, and DFS. 

When building your sites you want to create them in such a way so that Active Directory can determine the best path for replication.  In our example, we will create three sites.  There will be one central office providing replication to both sites and a second site link for replication traffic in case the main site is unavailable.

Because the central office has the best connection to the internet and WAN links, it will have the lowest cost for replication whereas the branch sites have a slower WAN link that we do not want the primary replication traffic to cross unless there is an issue with the central office.

Creating new sites in Active Directory Sites and Services


  •  First, launch Active Directory Sites and Services from the Tools menu in Server Manager


  • This will bring up the window above

  • Right-Click the Sites folder and select New Site…

  • New Object – Site: Fill in the name of the new site and select the DEFAULTIPSITELINK for inter-site transport. Click OK

  • The above informational window will appear stating that you will need to move DCs into the site, add subnets for the site, and ensure site links exist before the site is fully functional.

  • After creating the ArizonaSite and the TexasSite I renamed the Default-First-Site to TexasSite since this will be our central office.  After completing the site creation, your Active Directory Sites and Services will look similar to the window above.

Assigning DCs to a Site in Active Directory Sites and Services

  • Within Active Directory Sites and Services expand the Default-First-Site-Name (TexasSite) and expand the Servers folder.

  • Within the folder, you will see all of the Domain Controllers in the domain that are assigned to this site.

  • Right-click the AZ-DC1 object and select Move from the menu to launch the Move Server wizard.

  • Select the ArizonaSite for AZ-DC1 and click OK

  • I repeated the above tasks for the FloridaSite and FL-DC1 to show that we now have one DC in each site.
This concludes How to Create Active Directory Sites in Active Directory Sites and Services.

Create and Assign Subnets to Each Site in Active Directory Sites and Services

I hope this was helpful and informative to you and I would appreciate any feedback you may have.

73NWPGEGNJCV
Posted by at No comments:
Subscribe to: Posts (Atom)