Share via


How to find out who has your FSMO Roles?

There are four main ways to read the FSMO role holders in Active Directory, an easy way, the common way, the cool way and the hard way.  Lets review them all:

The easy way:

NetDOM /query FSMO

The Common way:

How to Determine the RID, PDC, and Infrastructure FSMO Holders of a Selected Domain

1. Click Start, click Run, type dsa.msc, and then click OK.
2. Right-click the selected Domain Object in the top left pane, and then click Operations Masters.
3. Click the PDC tab to view the server holding the PDC master role.
4. Click the Infrastructure tab to view the server holding the Infrastructure master role.
5. Click the RID Pool tab to view the server holding the RID master role.

How to Determine the Schema FSMO Holder in a Forest

1. Click Start, click Run, type mmc, and then click OK.
2. On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Schema, click Close, and then click OK.
3. Right-click Active Directory Schema in the top left pane, and then click Operations Masters to view the server holding the schema master role.

NOTE: For the Active Directory Schema snap-in to be available, you may have to register the Schmmgmt.dll file. To do this, click Start, click Run, type regsvr32 schmmgmt.dll in the Open box, and then click OK. A message is displayed that states the registration was successful.

How to Determine the Domain Naming FSMO Holder in a Forest

1. Click Start, click Run, type mmc, and then click OK.
2. On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Domains and Trusts, click Close, and then click OK.
3. In the left pane, click Active Directory Domains and Trusts.
4. Right-click Active Directory Domains and Trust, and then click Operations Master to view the server holding the domain naming master role in the Forest.

The Cool Way

  1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
  2. Type roles, and then press ENTER.
  3. Type connections, and then press ENTER.
  4. Type connect to server <servername>, where <servername> is the name of the server you want to use, and then press ENTER.
  5. At the server connections: prompt, type q, and then press ENTER again.
  6. At the FSMO maintenance: prompt, type Select operation target, and then press ENTER again.
  7. At the select operation target: prompt, type List roles for connected server, and then press ENTER again.
  8. Type q 3 times to exit the Ntdsutil prompt.

The hard way

Write a script to query ADSI edit to obtain the FSMO role holders.  Fortunatly the hardwork has already been done for you..  Just paste the following for an example:

Option Explicit
Dim WSHNetwork, objArgs, ADOconnObj, bstrADOQueryString, RootDom, RSObj
Dim FSMOobj,CompNTDS, Computer, Path, HelpText

Set WSHNetwork = CreateObject("WScript.Network")
Set objArgs = WScript.Arguments

HelpText = "This script will find the FSMO role owners for your domain." & Chr(13) &_
           Chr(10) & "The syntax is as follows:" & Chr(13) & Chr(10) &_
           "find_fsmo DC=MYDOM,DC=COM" & Chr(13) & Chr(10) &_
           """Where MYDOM.COM is your domain name.""" & Chr(13) & Chr(10) & "OR:" &_
           Chr(13) & Chr(10) & "find_fsmo MYDCNAME " & Chr(13) & Chr(10) &_
           """Where MYDCNAME is the name of a Windows 2000 Domain Controller"""

Select Case objArgs.Count
    Case 0
        Path = InputBox("Enter your DC name or the DN for your domain"&_
                        " 'DC=MYDOM,DC=COM':","Enter path",WSHNetwork.ComputerName)
    Case 1
        Select Case UCase(objArgs(0))
            Case "?"
                WScript.Echo HelpText
                WScript.Quit
            Case "/?"
                WScript.Echo HelpText
                WScript.Quit
            Case "HELP"
                WScript.Echo HelpText
                WScript.Quit
            Case Else
                Path = objArgs(0)
        End Select
    Case Else
        WScript.Echo HelpText
        WScript.Quit
End Select

Set ADOconnObj = CreateObject("ADODB.Connection")

ADOconnObj.Provider = "ADSDSOObject"
ADOconnObj.Open "ADs Provider"

'PDC FSMO
bstrADOQueryString = "<LDAP://"&Path&">;(&(objectClass=domainDNS)(fSMORoleOwner=*));adspath;subtree"
Set RootDom = GetObject("LDAP://RootDSE")
Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
Set FSMOobj = GetObject(RSObj.Fields(0).Value)
Set CompNTDS = GetObject("LDAP://" & FSMOobj.fSMORoleOwner)
Set Computer = GetObject(CompNTDS.Parent)
WScript.Echo "The PDC FSMO is: " & Computer.dnsHostName

'Rid FSMO
bstrADOQueryString = "<LDAP://"&Path&">;(&(objectClass=rIDManager)(fSMORoleOwner=*));adspath;subtree"

Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
Set FSMOobj = GetObject(RSObj.Fields(0).Value)
Set CompNTDS = GetObject("LDAP://" & FSMOobj.fSMORoleOwner)
Set Computer = GetObject(CompNTDS.Parent)
WScript.Echo "The RID FSMO is: " & Computer.dnsHostName

'Infrastructure FSMO
bstrADOQueryString = "<LDAP://"&Path&">;(&(objectClass=infrastructureUpdate)(fSMORoleOwner=*));adspath;subtree"

Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
Set FSMOobj = GetObject(RSObj.Fields(0).Value)
Set CompNTDS = GetObject("LDAP://" & FSMOobj.fSMORoleOwner)
Set Computer = GetObject(CompNTDS.Parent)
WScript.Echo "The Infrastructure FSMO is: " & Computer.dnsHostName

'Schema FSMO
bstrADOQueryString = "<LDAP://"&RootDom.Get("schemaNamingContext")&_
                     ">;(&(objectClass=dMD)(fSMORoleOwner=*));adspath;subtree"

Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
Set FSMOobj = GetObject(RSObj.Fields(0).Value)
Set CompNTDS = GetObject("LDAP://" & FSMOobj.fSMORoleOwner)
Set Computer = GetObject(CompNTDS.Parent)
WScript.Echo "The Schema FSMO is: " & Computer.dnsHostName

'Domain Naming FSMO
bstrADOQueryString = "<LDAP://"&RootDom.Get("configurationNamingContext")&_
                     ">;(&(objectClass=crossRefContainer)(fSMORoleOwner=*));adspath;subtree"

Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
Set FSMOobj = GetObject(RSObj.Fields(0).Value)
Set CompNTDS = GetObject("LDAP://" & FSMOobj.fSMORoleOwner)
Set Computer = GetObject(CompNTDS.Parent)
WScript.Echo "The Domain Naming FSMO is: " & Computer.dnsHostName

Comments

  • Anonymous
    September 22, 2010
    netdom.exe is not built into the os. It has to be installed. Download Windows server 2003 support tools and install the tools on any dc, member server or xp client machine that belongs to the domain. Now you are ready to run c:program filessupport toolsnetdom query fsmo

  • Anonymous
    August 16, 2013
    Run it from the powershell on a win2k8 domain controller.

  • Anonymous
    July 13, 2014
    Thanks, very helpful.

  • Anonymous
    November 11, 2014
    Thanks.

  • Anonymous
    November 17, 2014
    Thanks, and very helpful info.

  • Anonymous
    November 20, 2014
    I still don't know what FSMO is?

  • Anonymous
    December 01, 2014
    Win2k - FSMO - Flexible Single Master Operation Roles. The key roles in AD and each of these roles can be held by only one DC at a time. Suggest you read this
    support.microsoft.com/KB/197132

  • Anonymous
    September 17, 2015
    Very concise and helpful info. Thank you.

  • Anonymous
    October 02, 2015
    From administrative command prompt:
    netdom query fsmo

  • Anonymous
    October 05, 2015
    Finesherb - yes, that was the FIRST entry in this article. The "easy" way.

  • Anonymous
    October 26, 2015
    Thanks very much from Africa

  • Anonymous
    October 26, 2015
    Thanks very much from Africa

  • Anonymous
    December 02, 2015
    Nice write up.. thanks.
    For me.. since netdom has to be installed.. I think the Cool Way.. is also the easiest way..

  • Anonymous
    February 22, 2016
    Hi, When I use netdom command to query, it shows correct result. But the ADUC console - Operations Masters.. show the result RID/PDC/Infra as ERROR. Why would the GUI shows the error but the cmd shows the result? Very strange. Problematic DC: Server 2012 Std. Any suggestions?