Replication Monitor
Also a part of Support Tools for Windows Server 2003, the Replication Monitor allows you to verify connectivity to a given operation master server. You can use this tool to verify connectivity to FSMO servers from any domain controller anywhere within the same forest. Unlike Dsquery, Netdom, and Ntdsutil, the Replication Monitor is a GUI-based tool, which does not allow transferring FSMO roles between servers.
Ntdsutil
The Ntdsutil command-line tool is part of the standard set of operating system tools. It allows you to perform a variety of modifications and operations in Active Directory. Among other things, Ntdsutil is the tool for performing authoritative restores of the AD database and transferring FSMO roles between servers. This powerful tool can cause plenty of damage if used by an inexperienced administrator; some may say it lacks user friendliness. It functions in a slightly different way from other typical command-line tools in that it has its own interactive command interface, similar to NSLOOKUP or Netsh. The following listing, which shows a sample dialogue between an administrator and Active Directory by means of Ntdsutil, demonstrates how to obtain a list of FSMO servers:
ntdsutil: roles fsmo maintenance: select operation target select operation target: connections server connections: connect to domain flexecom.com Binding to \\tordc01.flexecom.local...
Connected to \\tordc01.flexecom.local using credentials of locally logged on user. server connections: quit select operation target: list roles for connected server Server "\\TORDC01.flexecom.local" knows about 5 roles
Schema - CN=NTDS Settings,CN=TORDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=flexecom,DC=local
Naming Master - CN=NTDS Settings,CN=TORDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=flexecom,DC=local
PDC - CN=NTDS Settings,CN=TORDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=flexecom,DC=local
RID - CN=NTDS Settings,CN=TORDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=flexecom,DC=local
Infrastructure - CN=NTDS Settings,CN=TORDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=flexecom,DC=local
Ntdsutil allows seizing FSMO roles from defunct domain controllers. This utility can be used to forcibly move FSMO roles from domain controllers irrespective of their current status. If this happens, administrators need to ensure that the failed domain controller from which the role was seized never comes back online.
If a domain controller needs to be serviced, it is a good idea to transfer FSMO roles gracefully while the current FSMO master is still online and healthy. FSMO transfers can be done using the management tools, as discussed in the next section.
Post a comment