Skip navigation

JSI Tip 2728. Using Ntdsutil.exe to seize or transfer <b>FSMO</b> roles to a domain controller.

When you install the first Windows 2000 Active Directory domain controller in a forest, DCPromo grants it all five of the FSMO roles:

Schema master - Forest wide and one per forest.

Domain naming master - Forest wide and one per forest.

RID master - Domain Specific and one for each domain.

PDC emulator - Domain Specific and one for each domain.

Infrastructure - Domain Specific and one for each domain.

NOTE: If the current role holder and target role holder are running, Transfer the roles. If only the target role holder is running, Seize the roles.

NOTE: It is best to run Ntdsutil.exe on the target role holder.

NOTE: Only Seize the FSMO roles if the current role holder is being removed from the domain or forest.

To seize or transfer the FSMO roles:

1. Start / run / ntdsutil.exe / OK. Type ? to see the list of available commands and press Enter.

2. Type roles and press Enter.

3. Type connections and press Enter.

4. Type connect to server <servername> and press Enter.

5. At the server connections prompt, type q and press Enter.

6. Type transfer role or seize role. If you type ? at the FSMO maintenance prompt, for the list of roles.

7. After you seize or transfer the roles, type q and press Enter until you quit Ntdsutil.exe.

8. Restart the server.

NOTE: All five roles must exist in a forest.

See knowledge base articles:

Q197132 - Windows 2000 Active Directory FSMO Roles.

Q223787 - Flexible Single Master Operation Transfer and Seizure Process .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.