Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the all-in-one-wp-security-and-firewall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ynenztmy/public_html/activedirectory/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ynenztmy/public_html/activedirectory/wp-includes/functions.php on line 6114
Seize FSMO roles on a Domain Controller - ActiveDirectory
Active Directory

Seize FSMO roles on a Domain Controller

Transferring one or more FSMO roles from one Domain Controller to another is a simple operation. However, assuming that all DCs are online and operational.

What happens if a DC that already has an FSMO role crashes or goes down for a long amount of time? Because the server is no longer operational, the FSMO role transfer cannot be completed.

In such instances, we deploy a process known as’seize’ to force the transfer of FSMO responsibilities. Seizing FSMO responsibilities from a non-functional DC is the last option and indicates the DC will not be operational until it is rebuilt.

Even if you can restore it (for example, after a crash), if you have seized the role, it should not be returned to the network since it will cause more issues in the existing infrastructure.

As seen below, the FSMO roles may be seized using either PowerShell or NTDSUtil.

Seize FSMO roles using PowerShell

The command is the same as for a normal transfer, with the addition of the -Force switch.

To seize the Naming Master position, for example, execute the following command.

Move-ADDirectoryServerOperationMasterRole -Identity <TargetDC> -OperationMasterRole domainnamingmaster -Force

Where in the -OperationMasterRole switch you can declare one or more FSMO roles separated by a comma (,). For example:

-OperationMasterRole schemamaster, domainnamingmaster, pdcemulator, ridmaster, infrastructurem

Seize FSMO roles using the NTDSUtil tool

First, open the command prompt with administrative privileges.

Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server DC01 and press Enter, where DC01 type the server computer name to transfer the FSMO roles to.
Type quit and press Enter.

Then, we will seize the FSMO roles one by one with the corresponding command, as the case may be. After each Enter appears a confirmation window. Just click Yes to continue.

Also, to mention that, during the seize process, NTDSUtil tries to make a simple transfer first (which obviously fails) and then proceeds to the forcible transfer.

For the Schema Master role, type seize schema master and press Enter.
For the Domain Naming Master role, type seize naming master and press Enter.
For the RID Master role, type seize rid master and press Enter.
For the PDC Emulator role, type seize pdc and press Enter.
For the Infrastructure Master role, type seize infrastructure master and press Enter.

Finally, type quit to exit the NTDSUtil environment.

So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Guys please don’t forget to like and share the post.Also join our Active Directory page and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below ActiveDirectory email id.

If you have any questions feel free to contact us on admin@activedirectory.in also follow us on facebook page to get updates about new blog posts.

Vipan Kumar

He is an Active Directory Consultant. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@activedirectory.in. Please subscribe our Facebook page as well website for latest article.

Recent Posts

What are the steps to move the DC in production site after promotion?

Moving a domain controller (DC) to a production site after promotion involves several steps. Here's…

1 year ago

What are the staging and production sites in Active directory?

In Active Directory, staging and production sites refer to different environments used for testing and deploying changes…

1 year ago

If domain controller down for some time, is it good to move this to staging site? if yes then why?

If a domain controller (DC) has been down for an extended period of time, there…

1 year ago

What information contain netlogon logs?

Netlogon logs contain information related to the Netlogon service on a Windows Server, which is responsible for authenticating…

2 years ago

What are sites in Active directory? What are they used for?

In Active Directory, sites are a logical construct used to group together network resources (such as domain…

2 years ago

How we can redirect specific user’s subnet to get the authentication from particular AD site

You can redirect a specific subnet to authenticate from a particular Active Directory site by using site…

2 years ago