Skip to main content

Seize FSMO Roles

DISCLAIMER: The information in this guide is provided "as is" without any guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information. The author assumes no responsibility for any errors or omissions in the content. It is meant for general information purposes only and should not be used as a substitute for professional advice. The author is not responsible for any damages caused by the use of this information. By using this guide, you agree to hold the author harmless from any and all claims, damages, or expenses that may arise from your use of the information.

Instructions

Commands

  1. Launch the Command Prompt as an Administrator.
  2. Start ntdsutil: 
    ntdsutil
  3. Navigate to roles:
    roles
  4. Navigate to connections: 
    connections
  5. Type:
    connect to server SERVERNAME

    Example: connect to server server-dc1


  6. Quit connections:
    quit
  7. Enter the following commands one-by-one until. Wait for each command to complete, before proceeding to the next command. All five roles must be seized if the FSMO holder(s) for these roles are no longer part of the forest.

    Type seize <role>, where <role> is the role you want to seize:
    seize naming master
    seize infrastructure master
    seize PDC
    seize RID master
    seize schema master
  8. After FSMO seize commands have been entered, quitroles and then ntdsutil:
    quit
quit

  9. Verify the current FSMO roles held by the appropriate server:

    netdom query fsmo
  10. Exit:
    exit

Command Prompt Output

Lines Description
4, 5, 6, and 7 Steps 1-6
11 seize domain naming master
29 seize infrastructure master
45 seize PDC
61 seize RID master
78

seize schema master
94-95

quit
97

netdom query fsmo
105

exit

During the seizure process, errors were encountered on lines 22, 38, 54, 70, and 87 after each role seizure command, NTDSUtil attempts to make a simple transfer first (which obviously fails) and then proceeds with the seizure process.

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server HWDCB-DC1
Binding to HWDCB-DC1 ...
Connected to HWDCB-DC1 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize domain naming master
Error parsing Input - Invalid Syntax.
fsmo maintenance: seize naming master
Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032104A8, problem 5002 (UNAVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "HWDCB-DC1" knows about 5 roles
Schema - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Naming Master - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
PDC - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
RID - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Infrastructure - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032104A8, problem 5002 (UNAVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "HWDCB-DC1" knows about 5 roles
Schema - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Naming Master - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
PDC - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
RID - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Infrastructure - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
fsmo maintenance: seize PDC
Attempting safe transfer of PDC FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321081A, problem 5002 (UNAVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of PDC FSMO failed, proceeding with seizure ...
Server "HWDCB-DC1" knows about 5 roles
Schema - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Naming Master - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
PDC - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
RID - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Infrastructure - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
fsmo maintenance: seize RID master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03211252, problem 5002 (UNAVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure ...
Searching for highest rid pool in domain
Server "HWDCB-DC1" knows about 5 roles
Schema - CN=NTDS Settings,CN=HWFS01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Naming Master - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
PDC - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
RID - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Infrastructure - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-032104A8, problem 5002 (UNAVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...
Server "HWDCB-DC1" knows about 5 roles
Schema - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Naming Master - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
PDC - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
RID - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
Infrastructure - CN=NTDS Settings,CN=HWDCB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=HWDCB,DC=local
fsmo maintenance: quit
ntdsutil: quit

C:\Windows\system32>netdom query fsmo
Schema master               HWDCB-DC1.HWDCB.local
Domain naming master        HWDCB-DC1.HWDCB.local
PDC                         HWDCB-DC1.HWDCB.local
RID pool manager            HWDCB-DC1.HWDCB.local
Infrastructure master       HWDCB-DC1.HWDCB.local
The command completed successfully.

C:\Windows\system32>exit


KB Meta


Page Includes @9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe
Back to top