Skip to main content

Active Directory FSMO Roles Cheat Sheet

 
Here's my handy cheat sheet for AD FSMO roles:

Disclaimer:  These commands have not been tested in all environments or implementations.  They may contain typos or errors.  Updates not guaranteed so some commands may be deprecated.  If you need more detailed instructions, you probably shouldn't be attempting this.  Edit closely and use at your own peril.

To find who currently owns the roles:
Netdom /query fsmo

  • Schema Master
    • regsvr32 schmmgmt.dll
    • Mmc - add/remove - AD Schema
    • Change ADDC *to* destination DC
    • Right click Schema[DCname] - Operations Master - Change
  • Domain Naming Master
    • AD Domains and Trusts
    • Right click - Change ADDC *to* destination DC
    • Right click ADDT [DCname] - Operations Master - Change
  • Infrastructure Master
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters
  • Relative ID (RID) Master
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters
  • PDC Emulator
    • ADUC
    • Right click ADUC [DCname] - All Tasks - Operations Masters

Comments

Post a Comment

Thanks for your input!

Popular posts from this blog

Welcome to The Egg Basket!

Welcome to The Egg Basket.  Here you'll find a mix of tech tips, fixes, and suggestions, as well as information about life in the digital age at large.  This will also serve as my own personal knowledgebase for issues I've come across.   Subjects may include but are not limited to Windows Server, Group Policy, Active Directory, Exchange Server, Exchange Migrations, Azure, Microsoft 365, VMware, Cisco ASA,  Windows 10, Windows 11, Android, Data Protection, Veeam, and Data Security. I hope you'll find it useful.
Post a Comment
Read more

Denied by Default

I recently installed a fancy new firewall for a client.  Out of the box, the web filtering policies are blocking the installation of Office 365 apps from Microsoft. Curious, yes.  The category responsible for blocking is Risky Downloads .  Installing Office Apps? Risky, indeed. I had to add a Web Protection Exception with the following entries: ^([A-Za-z0-9.-]*\.)?microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windows\.com/ What a wonky syntax.  Can you guess what the firewall vendor is?
Post a Comment
Read more

Handy Azure AD URLs & Commands

Here is a collection of Azure AD URLs and commands I frequently use: Disclaimer:  These commands have not been tested in all environments or implementations.  They may contain typos or errors.  Updates not guaranteed so some commands may be deprecated.  Edit closely and use at your own peril. URLs: https://portal.office.com/commerce/subscriptions.aspx https://portal.office.com/admin/default.aspx https://portal.office.com/Partner/ModernShell.aspx#DashboardView https://portal.azure.com/ https://manage.windowsazure.com https://account.windowsazure.com/Subscriptions PowerShell Commands: To force Azure AD Connect to perform a synchronization between on-prem AD and Azure AD: First: Import-Module ADSync To perform a full sync: Start-ADSyncSyncCycle -PolicyType Initial or To perform a delta sync: Start-ADSyncSyncCycle -PolicyType Delta Remove One User Remove-MsolUser -UserPrincipalName username@contoso.onmicrosoft.com Remove-MsolUser -UserPrincipalName username@contoso.onmic...
Post a Comment
Read more