Skip to main content

Active Directory FSMO Roles Cheat Sheet

 
Here's my handy cheat sheet for AD FSMO roles:

Disclaimer:  These commands have not been tested in all environments or implementations.  They may contain typos or errors.  Updates not guaranteed so some commands may be deprecated.  If you need more detailed instructions, you probably shouldn't be attempting this.  Edit closely and use at your own peril.

To find who currently owns the roles:
Netdom /query fsmo

  • Schema Master
    • regsvr32 schmmgmt.dll
    • Mmc - add/remove - AD Schema
    • Change ADDC *to* destination DC
    • Right click Schema[DCname] - Operations Master - Change
  • Domain Naming Master
    • AD Domains and Trusts
    • Right click - Change ADDC *to* destination DC
    • Right click ADDT [DCname] - Operations Master - Change
  • Infrastructure Master
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters
  • Relative ID (RID) Master
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters
  • PDC Emulator
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters

Comments

Post a Comment

Thanks for your input!

Popular posts from this blog

Welcome to The Egg Basket!

Welcome to The Egg Basket.  Here you'll find a mix of tech tips, fixes, and suggestions, as well as information about life in the digital age at large.  This will also serve as my own personal knowledgebase for issues I've come across.   Subjects may include but are not limited to Windows Server, Group Policy, Active Directory, Exchange Server, Exchange Migrations, Azure, Microsoft 365, VMware, Cisco ASA,  Windows 10, Windows 11, Android, Data Protection, Veeam, and Data Security. I hope you'll find it useful.
Post a Comment
Read more

Denied by Default

I recently installed a fancy new firewall for a client.  Out of the box, the web filtering policies are blocking the installation of Office 365 apps from Microsoft. Curious, yes.  The category responsible for blocking is Risky Downloads .  Installing Office Apps? Risky, indeed. I had to add a Web Protection Exception with the following entries: ^([A-Za-z0-9.-]*\.)?microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windows\.com/ What a wonky syntax.  Can you guess what the firewall vendor is?
Post a Comment
Read more

Hey... What's your password real quick??

Hold it right there! You've likely heard it before, but here it is again... never give anyone your password for anything, to anyone, for any reason.  Here, I'll discuss password hygiene and other security measures. But my IT person said they need it! No, they don't.  If it comes down to it, they should have the ability to reset it to something they know.  In a properly managed environment, this will leave an audit trail.  Otherwise, they can have you enter it directly.  In a remote support session, there are tools available to properly handle authentication without disclosing your password.  If your IT staff is constantly asking for personal passwords, I know a guy that can help.  Never, under any circumstances, disclose your password over the phone to a caller who's requesting it.  No story, no matter how legit sounding, should prompt you to disclose authentication information. A visual representation of someone calling and requesting your passwo...
Post a Comment
Read more