dcsimg

Learn AD in 15 Minutes a Week: Domain Naming Master Domain Controller Page 4

By ServerWatch Staff (Send Email)
Posted Sep 30, 2002



Viewing FSMO Domain Controller Roles using NTDSUTIL

NTDSUTIL is included with Windows 2000 Server, and one of its many uses is that it can be used to view the Flexible Single Master Operation roles on a specified Domain Controller.

You can start NTDSUTIL from either the RUN box in the start menu or from the command prompt; both will start the command line utility the same way.



The following commands can be used once the utility has started:

E:\WINNT\System32\NTDSUTIL.exe:

? - Print this help information
Authoritative restore - Authoritatively restore the DIT database
Domain management - Prepare for new domain creation
Files - Manage NTDS database files
Help - Print this help information
IPDeny List - Manage LDAP IP Deny List
LDAP policies - Manage LDAP protocol policies
Metadata cleanup - Clean up objects of decommissioned servers
Popups %s - (en/dis)able popups with "on" or "off"
Quit - Quit the utility
Roles - Manage NTDS role owner tokens
Security account management - Manage Security Account Database - Duplicate SID Cleanup
Semantic database analysis - Semantic Checker

For the purposes of finding the Flexible Single Master Operation roles on a specified Domain Controller, we would opt to use the ROLES command, which will put NTDSUTIL in FSMO MAINTENANCE MODE.

E:\WINNT\System32\NTDSUTIL.exe: roles
fsmo maintenance: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
Quit - Return to the prior menu
Seize domain naming master - Overwrite domain role on connected server
Seize infrastructure master - Overwrite infrastructure role on connected server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and Naming Contexts
Transfer domain naming master - Make connected server the domain naming master
Transfer infrastructure master - Make connected server the infrastructure master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master

Once in FSMO MAINTENANCE MODE, we would enter "Select operation target" to put NTDSUTIL into that command mode.

fsmo maintenance: Select operation target
select operation target: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
List current selections - List the current site/domain/server/Naming Context
List domains - Lists all domains which have Cross-Refs
List domains in site - Lists domains in the selected site
List Naming Contexts - Lists known Naming Contexts
List roles for connected server - Lists roles connected server knows about
List servers for domain in site - Lists servers for selected domain and site
List servers in site - Lists servers in selected site
List sites - List sites in the enterprise
Quit - Return to the prior menu
Select domain %d - Make domain %d the selected domain
Select Naming Context %d - Make Naming Context %d the selected Naming Context
Select server %d - Make server %d the selected server
Select site %d - Make site %d the selected site

select operation target:

Once in "Select operation target" mode, we would then enter CONNECTIONS to put the utility into "server connections" mode.

select operation target:

select operation target: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
List current selections - List the current site/domain/server/Naming Context
List domains - Lists all domains which have Cross-Refs
List domains in site - Lists domains in the selected site
List Naming Contexts - Lists known Naming Contexts
List roles for connected server - Lists roles connected server knows about
List servers for domain in site - Lists servers for selected domain and site
List servers in site - Lists servers in selected site
List sites - List sites in the enterprise
Quit - Return to the prior menu
Select domain %d - Make domain %d the selected domain
Select Naming Context %d - Make Naming Context %d the selected Naming Context
Select server %d - Make server %d the selected server
Select site %d - Make site %d the selected site

select operation target: Connections
server connections:

? - Print this help information
Clear creds - Clear prior connection credentials
Connect to domain %s - Connect to DNS domain name
Connect to server %s - Connect to server, DNS name or IP address
Help - Print this help information
Info - Show connection information
Quit - Return to the prior menu
Set creds %s %s %s - Set connection creds as domain, user, pwd
Use "NULL" for null password

From here you would enter "Connect to server <SERVERNAME>" (In the example below, the name of my server is mainserver):

server connections: Connect to server mainserver
Binding to mainserver ...
Connected to mainserver using credentials of locally logged on user
server connections:

Your connection is made using the credentials of the locally logged on user. There is no other information displayed after a successful connection; you are simply left at the server connections: prompt. In order to back up one menu from here to perform "List roles for connected server", you would first type QUIT at the server connections: prompt.

server connections: quit

From the select operation target: prompt you would then type "List roles for connected server":

select operation target: List roles for connected server

Server "mainserver" knows about 5 roles

Schema - CN=NTDS Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=
local

Domain - CN=NTDS Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

PDC - CN=NTDS Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

RID - CN=NTDS Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

Infrastructure - CN=NTDS Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

select operation target:

[NOTES FROM THE FIELD] - MAINSERVER holds all five FSMO roles. MAINSERVER is a Pentium II 400MHz system with 256MB of RAM and an 8.4 GB 5400RPM hard drive. Sitting idle, the processor runs at 8% and uses 128MB of the installed RAM.


Page 5: Finding FSMO Domain Controller Roles using ADSI and WSH




Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.