Tuesday, January 15, 2008


One of the most asked interview question is the FSMO roles. I remember in ach interview I walk into last coupe year I have asked every single time the FSMO roles. Operation masters no doughty is very important and curtail for every MCSE to understand and use it whenever is needed. I have already blogged about FSMO roles, why we needed them and how to keep memorize this role. I most offend ask to my students following question about FSMO roles.

If you have 12 Domain, and considering one Forest how many FSMO roles in total exist? I get multiple answers including 1 and 12 domains. Of course those of you understand would say 38 domains without thinking a second. Knowing FSMO roles are very important, indentifying these roles in AD (Active directory) is fairly easy. The Domain wide FSMO roles can be easily seen from ADUC (active directory users and computer, which are

  • RID
  • PDC
  • Infrastructure

The Forest ones can be seen with multiple utilities, such as NetDom

C:\>netdom query fsmo

Schema owner nhqdtcdc1.ri.SMTP25.org

Domain role owner nhqdtcdc1.ri.SMTP25.org

PDC role nhqdtcdc4.archq.ri.SMTP25.org

RID pool manager nhqdtcdc4.archq.ri.SMTP25.org

Infrastructure owner nhqdtcdc3.archq.ri.SMTP25.org

The command completed successfully.

Other command question I have seen is related the AD maintenance


Authoritative restore

Authoritatively restore the DIT database

Configurable Settings

Manage configurable settings

Domain management

Prepare for new domain creation


Manage NTDS database files


Show this help information

LDAP policies

Manage LDAP protocol policies

Metadata cleanup

Clean up objects of decommissioned servers

Popups %s

(en/dis)able popups with "on" or "off"


Quit the utility


Manage NTDS role owner tokens

Security account management

Manage Security Account Database

Duplicate SID Cleanup

Semantic database analysis

Semantic Checker

Set DSRM Password

Reset directory service restore mode administrator account password

  • Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory.
  • Seize FSMO roles using Ntdsutil.exe
  • The partition for each FSMO role is in the following list:

FSMO role



CN=Schema,CN=configuration,DC=<forest root domain>

Domain Naming Master

CN=configuration,DC=<forest root domain>







Directory Services Restore Mode
Oz ozugurlu

No comments: