You want to find the domain controllers that are acting as one of the FSMO roles.
For the Schema Master:
Open the Active Directory Schema snap-in.
Right-click on Active Directory Schema in the left pane and select Operations Master.
For the Domain Naming Master:
Open the Active Directory Domains and Trusts snap-in.
Right-click on Active Directory Domains and Trusts in the left pane and select Operations Master.
For the PDC Emulator, RID Master, and Infrastructure Master:
Open the Active Directory Users and Computers snap-in.
Make sure you've targeted the correct domain.
Right-click on Active Directory Users and Computers in the left pane and select Operations Master.
There are individual tabs for the PDC, RID, and Infrastructure roles.
In the following command, you can leave out the /Domain <DomainDNSName> option to query the domain you are currently logged on.
> netdom query fsmo /Domain:<DomainDNSName>
For some reason, this command returns a "The parameter is incorrect" error on Windows Server 2003. Until that is resolved, you can use the dsquery server command shown here, where <Role> can be schema, name, infr, pdc, or rid:
> dsquery server -hasfsmo <Role>
' This code prints the FSMO role owners for the specified domain. ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g. emea.rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") strDomainDN = objRootDSE.Get("defaultNamingContext") strSchemaDN = objRootDSE.Get("schemaNamingContext") strConfigDN = objRootDSE.Get("configurationNamingContext") ' PDC Emulator set objPDCFsmo = GetObject("LDAP://" & strDomainDN) Wscript.Echo "PDC Emulator: " & objPDCFsmo.fsmoroleowner ' RID Master set objRIDFsmo = GetObject("LDAP://cn=RID Manager$,cn=system," & strDomainDN) Wscript.Echo "RID Master: " & objRIDFsmo.fsmoroleowner ' Schema Master set objSchemaFsmo = GetObject("LDAP://" & strSchemaDN) Wscript.Echo "Schema Master: " & objSchemaFsmo.fsmoroleowner ' Infrastructure Master set objInfraFsmo = GetObject("LDAP://cn=Infrastructure," & strDomainDN) Wscript.Echo "Infrastructure Master: " & objInfraFsmo.fsmoroleowner ' Domain Naming Master set objDNFsmo = GetObject("LDAP://cn=Partitions," & strConfigDN) Wscript.Echo "Domain Naming Master: " & objDNFsmo.fsmoroleowner
Several Active Directory operations are sensitive, such as updating the schema, and therefore, need to be done on a single domain controller. Active Directory cannot guarantee the proper evaluation of these functions in a situation where they may be invoked from more than one DC. The FSMO mechanism is used to limit these functions to a single DC.
There are five designated FSMO roles that correspond to these sensitive functions. A FSMO role can apply either to an entire forest or to a specific domain. Each role is stored in the fSMORoleOwner attribute on various objects in Active Directory depending on the role. Table 3-4 contains a list of FSMO roles.
Role |
Description |
fSMORoleOwner Location |
Domain or Forest-wide? |
---|---|---|---|
Schema |
Processes schema updates |
CN=Schema,CN=Configuration,<ForestDN> |
Forest |
Domain Naming |
Processes the addition, removal, and renaming of domains |
CN=Partitions,CN=Configuration,<ForestDN> |
Forest |
Infrastructure |
Maintains references to objects in other domains |
CN=Infrastructure,<ForestDN> |
Domain |
RID |
Handles RID pool allocation for the domain controllers in a domain |
CN=RidManager$,CN=System,<DomainDN> |
Domain |
PDC Emulator |
Acts as the Windows NT master browser and also as the PDC for downlevel clients and Backup Domain Controllers (BDCs) |
<DomainDN> |
Domain |
If you want to get the DNS name for each FSMO, you'll need to get the parent object of the nTDSDSA object and use the dNSHostName attribute, similar to Recipe 3.8. The code for getting the Schema Master could be changed to the following to retrieve the DNS name of the DC:
set objSchemaFsmo = GetObject("LDAP://cn=Schema,cn=Configuration," & strForestDN) set objSchemaFsmoNTDS = GetObject("LDAP://" & objSchemaFsmo.fsmoroleowner) set objSchemaFsmoServer = GetObject(objSchemaFsmoNTDS.Parent) Wscript.Echo "Schema Master: " & objSchemaFsmoServer.Get("dNSHostName")
MS KB 197132 (Windows 2000 Active Directory FSMO Roles), MS KB 223346 (FSMO Placement and Optimization on Windows 2000 Domain Controllers), MS KB 234790 (HOW TO: Find Servers That Hold Flexible Single Master Operations Roles), and MS KB 324801 (HOW TO: View and Transfer FSMO Roles in Windows Server 2003)