This article is translated from: https://www.dtonias.com/determine-dc-fsmo-role-holders
One thing that must be known to manage domain controllers is to know which domain controller the FSMO role is assigned to. Generally speaking, in the smallest architecture, all FSMO roles are automatically assigned to the first DC in the forest. Of course, roles can be assigned to other roles in multiple domain controllers.
The five FSMO roles are:
- Schema Master (Forest level)
- Domain Naming Master (Forest level)
- RID Master (domain level)
- PDC Emulator (domain level)
- Infrastructure Master (domain level)
There are many ways to query the role of a domain controller. Here you can view it through a graphical interface, Powershell, command line and other methods. The following steps are operated by a domain account with administrator rights.
- Use the graphical interface to see
how FSMO can see which host the FSMO roles (for example: RID Master , PDC Emulator and Infrastructure Master ) are assigned to.
Open the "Active Directory Users and Computers" console, right-click the domain icon, and select "Operation Master".
As shown in the figure below, an FSMO role is included in each tab.
How to check which DC the character Domain Naming Master is on.
Open the "Active Directory Domain and Trust Relationship" console, right-click the name pattern, and select "Operation Host".
In the pop-up window, you will see which host has the Domain Naming Master role.
How to check which DC the role Schema Master is on.
First, you have to register the corresponding dll. In the command indicator, enter the following.
regsvr32 schmmgmt.dll
Then, open mmc (by searching or running), and click " Add/Remove Snap-in " in the menu to add " Active Directory Schema ".
As shown in the figure below, right-click the icon and click " Operate Host ".
In the pop-up box that appears, you can see which DC is the Schema Master role.
- Viewing FSMO roles on the command line
With the netdom command, you can quickly find out which DC the FSMO roles are on. Just turn on the command indicator on the domain server and enter the following command.
Netdom query fsmo
- View FSMO roles in Powershell to view
the distribution of FSMO roles at the domain level.
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulatorView the distribution of FSMO roles at the forest level.
Get-ADForest | Select-Object DomainNamingMaster, SchemaMasterFinally, check the distribution of all FSMO roles on the DC.
Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}
Author: Dimitris Tonias
Translator: Heartnight