MCSE FSMO

FSMO
——
flexible single master operations:
All DC can update user db. There is one master domain master, that can operated certian operations. five such operations are
1. schema master (forest role)
2. domain naming master(forest role)
3. RID master(domain role-present in each domain)
4. Infrastructure master(domain role-present in each domain)
5. PDC Emulator(domain role-present in each domain)

1. Schema master is the domain controler(dc) that has updated copy of schema(db defination-define how the databse is designed. for example user has UName, UPassword). All other dc are read only. BUT schema master is RW(Read Write). For installing exchange we need eccess to schema master, as exchange will change schema. By default the first dc is schema and domain naming master.

2. Domain Naming Master: it checks the domain name configurations, just to make sure that domain names are unique and valid.

3. RID master(Relative Identifier Master): it allocated a pool of mutually exclisive identifier to each dc. Security is based on RID

4. Infrastructure master: is used for intr domain operations to ensure consistency in env, when obj are renamed or when they are moved. its work along with global catolog(gc). Thats why if Infr Master ang gc are on the same server, then infr Master role is switched off, because they performs same role

5. PDC Emulator: ensures that the backward compatibilty is there for BDC(backup domain controler). When we upgrade DC of WinNT to Win2003, then PDC Emulator will provide support

 

FSMO Dos Commands
————————————————

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:Documents and SettingsAdministrator.SHAHID>regsvr32 schmmgmt.dll

C:Documents and SettingsAdministrator.SHAHID>NTDSUTIL
NTDSUTIL: ?

? – Show this help information
Authoritative restore – Authoritatively restore the DIT database
Configurable Settings – Manage configurable settings
Domain management – Prepare for new domain creation
Files – Manage NTDS database files
Help – Show this help information
LDAP policies – Manage LDAP protocol policies
Metadata cleanup – Clean up objects of decommissioned servers
Popups %s – (en/dis)able popups with "on" or "off"
Quit – Quit the utility
Roles – Manage NTDS role owner tokens
Security account management – Manage Security Account Database – Duplicate SI
D Cleanup
Semantic database analysis – Semantic Checker
Set DSRM Password – Reset directory service restore mode administra
tor account password

NTDSUTIL: ROLES
fsmo maintenance: ?

? – Show this help information
Connections – Connect to a specific domain controller
Help – Show this help information
Quit – Return to the prior menu
Seize domain naming master – Overwrite domain role on connected server
Seize infrastructure master – Overwrite infrastructure role on connected serv
er
Seize PDC – Overwrite PDC role on connected server
Seize RID master – Overwrite RID role on connected server
Seize schema master – Overwrite schema role on connected server
Select operation target – Select sites, servers, domains, roles and
naming contexts
Transfer domain naming master – Make connected server the domain naming master
Transfer infrastructure master – Make connected server the infrastructure maste
r
Transfer PDC – Make connected server the PDC
Transfer RID master – Make connected server the RID master
Transfer schema master – Make connected server the schema master

fsmo maintenance: CONNECTIONS
server connections: ?

? – Show this help information
Clear creds – Clear prior connection credentials
Connect to domain %s – Connect to DNS domain name
Connect to server %s – Connect to server, DNS name or IP address
Help – Show this help information
Info – Show connection information
Quit – Return to the prior menu
Set creds %s %s %s – Set connection creds as domain, user, pwd.
Use "NULL" for null password,
* to enter password from the console.

server connections: CONNECT TO SERVER SERVER1
Binding to SERVER1 …
Connected to SERVER1 using credentials of locally logged on user.
server connections: QUIT
fsmo maintenance: ?

? – Show this help information
Connections – Connect to a specific domain controller
Help – Show this help information
Quit – Return to the prior menu
Seize domain naming master – Overwrite domain role on connected server
Seize infrastructure master – Overwrite infrastructure role on connected serv
er
Seize PDC – Overwrite PDC role on connected server
Seize RID master – Overwrite RID role on connected server
Seize schema master – Overwrite schema role on connected server
Select operation target – Select sites, servers, domains, roles and
naming contexts
Transfer domain naming master – Make connected server the domain naming master
Transfer infrastructure master – Make connected server the infrastructure maste
r
Transfer PDC – Make connected server the PDC
Transfer RID master – Make connected server the RID master
Transfer schema master – Make connected server the schema master

fsmo maintenance: TRANSFER RID MASTER
Server "SERVER1" knows about 5 roles
Schema – CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=LONDON,CN=Sites,CN=Configurat
ion,DC=shahid,DC=local
Domain – CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=LONDON,CN=Sites,CN=Configurat
ion,DC=shahid,DC=local
PDC – CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=LONDON,CN=Sites,CN=Configuration
,DC=shahid,DC=local
RID – CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=LONDON,CN=Sites,CN=Configuration
,DC=shahid,DC=local
Infrastructure – CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=LONDON,CN=Sites,CN=Co
nfiguration,DC=shahid,DC=local
fsmo maintenance: ?

? – Show this help information
Connections – Connect to a specific domain controller
Help – Show this help information
Quit – Return to the prior menu
Seize domain naming master – Overwrite domain role on connected server
Seize infrastructure master – Overwrite infrastructure role on connected serv
er
Seize PDC – Overwrite PDC role on connected server
Seize RID master – Overwrite RID role on connected server
Seize schema master – Overwrite schema role on connected server
Select operation target – Select sites, servers, domains, roles and
naming contexts
Transfer domain naming master – Make connected server the domain naming master
Transfer infrastructure master – Make connected server the infrastructure maste
r
Transfer PDC – Make connected server the PDC
Transfer RID master – Make connected server the RID master
Transfer schema master – Make connected server the schema master

fsmo maintenance