Sunday, March 6, 2022

FSMO Transfer through CLI

 FSMO Role Transfer using CLI(Command Line tool)

Pre-requisites:

Both, the source-DC and the target-DC should be up and running and they should be able to communicate with each other.

Process:

Step 1: Connect to “Target-DC”

Step 2: Transfer

Command-Ntdsutil.exe

Ntdsutil:-

The NTDSutil.exe utility is one of the key tools to perform maintenance tasks on Active Directory and its database (ntds. dit file)

The NTDSutil utility can be used by AD administrators in various scenarios. Most often the utility is used to:

·       Transfer (seizing) FSMO roles in the AD domain between domain controllers

·       Authoritative restoring of deleted objects in Active Directory

·       Remove faulty (missing) AD domain controllers

·       Performing AD database maintenance:

Checking integrity, compressing, moving the ntds.dit file or AD log files to another drive on a domain controller in order to increase performance

·       Active Directory snapshot management

·       Change the administrator password for the DSRM (Directory Services Restore Mode) recovery mode.


C:\Users\Administrator.INTERAPAC>ntdsutil.exe

ntdsutil.exe: roles

fsmo maintenance: connections

server connections: connect to server paris-dc

Binding to paris-dc ...

Connected to paris-dc using credentials of locally logged on user.

server connections: q

fsmo maintenance: Transfer PDC

Server "paris-dc" knows about 5 roless

Schema - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Naming Master - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

PDC - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

RID - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Infrastructure - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

fsmo maintenance: Transfer RID Master

Server "paris-dc" knows about 5 roles

Schema - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Naming Master - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

PDC - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

RID - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Infrastructure - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

fsmo maintenance: Transfer infrastructure master

Server "paris-dc" knows about 5 roles

Schema - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Naming Master - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

PDC - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

RID - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Infrastructure - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

fsmo maintenance: Transfer schema master

Server "paris-dc" knows about 5 roles

Schema - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Naming Master - CN=NTDS Settings,CN=MIAMI-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

PDC - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

RID - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Infrastructure - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

fsmo maintenance: Transfer naming master

Server "paris-dc" knows about 5 roles

Schema - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Naming Master - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

PDC - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

RID - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

Infrastructure - CN=NTDS Settings,CN=PARIS-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=interapac,DC=com

fsmo maintenance: q

ntdsutil.exe: q

at No comments:

FSMO Transfer through GUI

FSMO Roles

Checking current role holder: Netdom query fsmo

 FSMO Transfer through GUI(Graphical User Interface)

Understanding FSMO Transfer: Moving/migrating any FSMO role from one DC to another DC. 

Pre-requisites:

Both, the source-DC and the target-DC should be up and running and they should be able to communicate with each other.

Process:

Step 1: Connect to “Target-DC”

Step 2: Transfer

 To transfer all the “Domain-Wide” roles console-“Active Directory Users and Computers”.

STEPS:

Logon to ABC-DC and

Open Active Directory Users and Computers” console

Right-click on the domain name (intrconnect.com) and click on

“Change Domain Controller”Connecting to the Target-DC


Select “PARIS-DC” and click on OK.


Now we are connected to “PARIS-DC”


Right-click on the domain name (intrapac.com) and click on

“Operations Master”



The below window will appear.

Simple click on “Change”

Click on YES


Click OK.


We have successfully transferred “RID Master” from MIAMI-DC to PARIS-DC

In the same way, we can transfer PDC and Infrastructure Master Roles from one DC to another DC through GUI.

“Active Directory Domains and Trusts” console to transfer the Domain Naming Master “Forest-Wide” role.

Currently Domain Naming master is on MIAMI-DC


To Transfer the Domain naming master role connect to Target-DC i.e PARIS-DC.


Right-click on PARIS-DC and select the Operations Master option.

The Below window will appear and click on Yes to Transfer.

The below window shows the Domain naming master is successfully transferred.


Transfer “Schema Master” using GUI we need to add the “AD Schema” Snap-in in MMC

Expose “AD Schema” Snap-in

How to expose the “AD Schema” Snap-in

We need to register the Schema Management DLL file

To register any DLL file we use regsvr32.exe utility usage

C:\>regsvr32.exe <Name of the DLL file>

How?


Open Admin command prompt

Run the command regsvr32 schmmgmt.dll


Then enter MMC on Command prompt the below window will appear.

In File menu click on Add\remove Snap in and add Active directory Schema and click ok.

After adding  Active directory Schema snap in click on Active directory schema and click on change the domain controller as below.



Next Click on Operations Master and the below screen will appear.


Just click on the change tab.

Click on Yes .

We have successfully transferred Schema master role.







at No comments:
Labels:
Subscribe to: Comments (Atom)

FSMO Transfer through CLI

  FSMO Role Transfer using CLI(Command Line tool) Pre-requisites: Both, the source-DC and the target-DC should be up and running and they ...