ServersLearn AD in 15 Minutes a Week: Domain Naming Master Domain Controller...

Learn AD in 15 Minutes a Week: Domain Naming Master Domain Controller Page 4






Viewing FSMO Domain Controller Roles using NTDSUTIL

NTDSUTIL is included with
Windows 2000 Server, and one of its many uses is that it can
be used to view the Flexible Single Master Operation roles on a specified Domain
Controller.

You can start NTDSUTIL from either the RUN box in the start
menu or from the command prompt; both will start the command
line utility the same way.


The following commands can
be used once the utility has started:

E:WINNTSystem32NTDSUTIL.exe:

? – Print this help
information
Authoritative restore – Authoritatively restore the DIT
database
Domain management – Prepare for new domain creation
Files – Manage NTDS database files
Help – Print this help information
IPDeny List – Manage LDAP IP Deny List
LDAP policies – Manage LDAP protocol policies
Metadata cleanup – Clean up objects of decommissioned
servers
Popups %s – (en/dis)able popups with “on” or “off”
Quit – Quit the utility
Roles – Manage NTDS role owner tokens
Security account management – Manage Security Account
Database – Duplicate SID Cleanup
Semantic database analysis – Semantic Checker

For the purposes of
finding the Flexible Single Master Operation roles on a
specified Domain Controller, we would opt to use the ROLES
command, which will put NTDSUTIL in FSMO MAINTENANCE MODE.

E:WINNTSystem32NTDSUTIL.exe: roles
fsmo maintenance: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
Quit - Return to the prior menu
Seize domain naming master - Overwrite domain role on
connected server
Seize infrastructure master - Overwrite infrastructure role
on connected server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected
server
Select operation target - Select sites, servers, domains,
roles and Naming Contexts
Transfer domain naming master - Make connected server the
domain naming master
Transfer infrastructure master - Make connected server the
infrastructure master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema
master


Once in FSMO MAINTENANCE MODE, we would enter “Select
operation target” to put NTDSUTIL into that command mode.

fsmo maintenance: Select
operation target
select operation target: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
List current selections - List the current
site/domain/server/Naming Context
List domains - Lists all domains which have Cross-Refs
List domains in site - Lists domains in the selected site
List Naming Contexts - Lists known Naming Contexts
List roles for connected server - Lists roles connected
server knows about
List servers for domain in site - Lists servers for selected
domain and site
List servers in site - Lists servers in selected site
List sites - List sites in the enterprise
Quit - Return to the prior menu
Select domain %d - Make domain %d the selected domain
Select Naming Context %d - Make Naming Context %d the
selected Naming Context
Select server %d - Make server %d the selected server
Select site %d - Make site %d the selected site

select operation target:

Once in “Select operation
target” mode, we would then enter CONNECTIONS to put the
utility into “server connections” mode.

select operation target:

select operation target: help

? - Print this help information
Connections - Connect to a specific domain controller
Help - Print this help information
List current selections - List the current
site/domain/server/Naming Context
List domains - Lists all domains which have Cross-Refs
List domains in site - Lists domains in the selected site
List Naming Contexts - Lists known Naming Contexts
List roles for connected server - Lists roles connected
server knows about
List servers for domain in site - Lists servers for selected
domain and site
List servers in site - Lists servers in selected site
List sites - List sites in the enterprise
Quit - Return to the prior menu
Select domain %d - Make domain %d the selected domain
Select Naming Context %d - Make Naming Context %d the
selected Naming Context
Select server %d - Make server %d the selected server
Select site %d - Make site %d the selected site

select operation target: Connections
server connections:

? - Print this help information
Clear creds - Clear prior connection credentials
Connect to domain %s - Connect to DNS domain name
Connect to server %s - Connect to server, DNS name or IP
address
Help - Print this help information
Info - Show connection information
Quit - Return to the prior menu
Set creds %s %s %s - Set connection creds as domain, user,
pwd
Use "NULL" for null password

From here you would enter
“Connect to server ” (In the example below, the
name of my server is mainserver):

server connections:
Connect to server mainserver
Binding to mainserver ...
Connected to mainserver using credentials of locally logged
on user
server connections:

Your connection is made
using the credentials of the locally logged on user. There is no
other information displayed after a successful connection;
you are simply left at the server connections: prompt. In
order to back up one menu from here to perform “List roles
for connected server”, you would first type QUIT at the
server connections: prompt.

server connections: quit

From the select operation
target: prompt you would then type “List roles for connected
server”:

select operation target:
List roles for connected server

Server "mainserver" knows
about 5 roles

Schema - CN=NTDS
Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=
local

Domain - CN=NTDS
Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

PDC - CN=NTDS
Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

RID - CN=NTDS
Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

Infrastructure - CN=NTDS
Settings,CN=MAINSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=PII400,DC=home,DC=local

select operation target:

[NOTES FROM THE FIELD] –
MAINSERVER holds all five FSMO roles. MAINSERVER is a
Pentium II 400MHz system with 256MB of RAM and an 8.4 GB
5400RPM hard drive. Sitting idle, the processor runs at 8%
and uses 128MB of the installed RAM.

Page 5: Finding FSMO Domain Controller Roles using ADSI and WSH

Latest Posts

Related Stories