Pour usage personnel aucune garantie
Post date: Apr 12, 2016 5:26:36 PM
REF : https://www.petri.com/seizing_fsmo_roles
1
2
3
4
5
1
2
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS>ntdsutil
ntdsutil:
ntdsutil: roles
fsmo maintenance:
Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
1
2
1
2
3
4
1
2
fsmo maintenance: connections
server connections:
server connections: connect to server server100
Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:
server connections: q
fsmo maintenance:
Options are:
1
2
3
4
5
Seize domain naming master
Seize infrastructure master
Seize PDC
Seize RID master
Seize schema master
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
fsmo maintenance: Seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210300, problem 5002 (UNAVAILABLE)
, data 1722
Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holde
r could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "server100" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
PDC - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
RID - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Infrastructure - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
fsmo maintenance:
Note: All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.