Seize the day (with FSMOs)

In my last tip, I discussed how to smoothly transfer FSMO roles from one server to another. Unfortunately, life and networks are rarely simple and easy. All too often you'll find yourself

    Requires Free Membership to View

in the position of needing to forcibly move the FSMO roles when the current host server is offline. The act of forcibly moving the FSMO to a new server host is called seizing.

Seizing an FSMO role should only be performed in extreme circumstances. Your primary FSMO role server host should be permanently inaccessible, offline, or irreparably damaged. If the original FSMO host is ever returned to the network, there can be some serious problems to deal with (more about that later). While FSMO transfer can be handled through GUI Windows interfaces, FSMO seizure is easiest when performed from a command line.

To seize the role of Schema Master, perform the following steps from a command prompt from the new destination server:

  1. Run NTDSUTIL.
  2. Then enter "roles" [Enter], then "connections" [Enter], then "connect to sever <servername>" [Enter].
  3. Enter "qui" [Enter], then "seize schema master" [Enter].

Once this process is complete, the Schema Master role will be forcibly moved to its new server host. Be sure not to allow the previous Schema Master system to return to the network, otherwise an authority conflict will occur. If you want to return the old system to the network, first demote it to a member server before reconnecting it to the network.

Seizing the roles of Domain Naming Master, PDC Emulator, Infrastructure Master and RID master all follow the same steps as for seizing the Schema Master. Simply change the last action command to "seize domain naming master", "seize PDC", "seize infrastructure master" and "seize rid master" respectively.

Returning a previous host for one of these FSMO roles is not as disastrous as that of the Schema Master. However, it should still be avoided. Always demote previous FSMO role hosts to member servers before returning them to the network. Once returned, they can be re-promoted to a domain controller without causing conflicts.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was first published in September 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.