- December 8, 2019
- Posted by: Syed Shujaat
- Category: Uncategorized
The 5 FSMO roles are as follows:
- Schema Master (forest-wide)
- Domain Naming Master (forest-wide)
- RID Master (domain-specific)
- PDC Emulator (domain-specific)
- Infrastructure Master (domain-specific)
Within an Active Directory Domain Services (AD DS) forest, there are specific tasks that must be performed by only one domain controller (DC). The DC’s that are assigned to perform these unique operations are known as FSMO role holders. The following table lists the FSMO roles and their placement in Active Directory.
| Role | Scope | Naming context (Active Directory partition) |
|---|---|---|
| Schema master | Forest-wide | CN=Schema,CN=configuration,DC=<forest root domain> |
| Domain naming master | Forest-wide | CN=configuration,DC=<forest root domain> |
| RID master | Domain-wide | DC=<domain> |
| PDC emulator | Domain-wide | DC=<domain> |
| Infrastructure master | Domain-wide | DC=<domain> |
Determine FSMO role holders using the GUI
How to determine which DC has the domain-specific FSMO roles, ie RID Master, PDC Emulator and Infrastructure Master.
Open the Active Directory Users and Computers console, right-click the domain and then Operations Masters.
Here, on each tab, you can see which Domain Controller has the above FSMO roles.
How to determine which DC has the Domain Naming Master role.
Open the Active Directory Domain and Trusts console, right-click the name icon and then the Operations Master.
In the window that will appear you will see who DC has the Domain Naming Master role.
How to determine which DC has the Schema Master role.
Initially, you will need to register the corresponding dll. From Run or Command Prompt, type the following command.
regsvr32 schmmgmt.dll |
Then, open an MMC console (through the search or Run), and add the Active Directory Schema from the Add / Remove Snap-in menu.
Here, right click on the icon and then in Operations Masters.
In the window that will appear you will see who DC has the Schema Master role.
Determine FSMO role holders using the command line
With the netdom command, it’s very easy and quick to recognize which DCs have FSMO roles. In a Command Prompt window of a DC, type the following command.
netdom query fsmo |
Determine FSMO role holders using PowerShell
To determine the domain-specific FSMO roles for a Domain.
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator |
To determine the forest-specific FSMO roles for a Forest
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster |
Finally, to view a list of all DCs that have FSMO roles.
Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}
|