I had to deal with a really neglected domain, and found that all the FSMO roles were on a domain controller that no longer functioned or existed. I had to get the roles on the working server. Using convental methods in the UI or the ntdsutil to transfer the roles succeeded. I had no choice, but to seize all the roles from the missing server. All of these tasks were completed on the domain controller I wanted the roles on as the domain\\Administrator.<\/p>\n
Check the current roles holders:<\/p>\n
C:\\>netdom query fsmo<\/strong>
\nSchema master MYOLDDC1.mydomain.local
\nDomain naming master MYOLDDC1.mydomain.local
\nPDC MYOLDDC1.mydomain.local
\nRID pool manager MYOLDDC1.mydomain.local
\nInfrastructure master MYOLDDC1.mydomain.local
\nThe command completed successfully.<\/p><\/blockquote>\nEnter the ntdsutil utility by entering ntdsutil:<\/p>\n
C:\\>ntdsutil<\/strong><\/p><\/blockquote>\n
And then roles:<\/p>\n
ntdsutil: roles<\/strong><\/p><\/blockquote>\n
You see the options by entering a question mark at the “fsmo maintenance” prompt. Obviously, this where you also transfer the roles if possible (not so in my case):<\/p>\n
fsmo maintenance: ?<\/strong><\/p>\n
? – Show this help information
\n Connections – Connect to a specific AD DC\/LDS instance
\n Help – Show this help information
\n Quit – Return to the prior menu
\n Seize infrastructure master – Overwrite infrastructure role on connected server
\n Seize naming master – Overwrite Naming Master role on connected server
\n Seize PDC – Overwrite PDC role on connected server
\n Seize RID master – Overwrite RID role on connected server
\n Seize schema master – Overwrite schema role on connected server
\n Select operation target – Select sites, servers, domains, roles and
\n naming contexts
\n Transfer infrastructure master – Make connected server the infrastructure master
\n Transfer naming master – Make connected server the naming master
\n Transfer PDC – Make connected server the PDC
\n Transfer RID master – Make connected server the RID master
\n Transfer schema master – Make connected server the schema master<\/p><\/blockquote>\nSeize the roles one at a time. Each takes a while to complete, but they do.:<\/p>\n
fsmo maintenance: seize pdc<\/strong>
\nAttempting safe transfer of PDC FSMO before seizure.
\nldap_modify_sW error 0x34(52 (Unavailable).
\nLdap extended error message is 000020AF: SvcErr: DSID-03210617, problem 5002 (UNAVAILABLE), data 1722<\/p>\nWin32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
\n)
\nDepending on the error code this may indicate a connection,
\nldap, or role transfer error.
\nTransfer of PDC FSMO failed, proceeding with seizure …
\nServer “mydc01” knows about 5 roles
\nSchema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nNaming Master – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nPDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nRID – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nInfrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nfsmo maintenance:
\nfsmo maintenance: seize naming master<\/strong>
\nAttempting safe transfer of domain naming FSMO before seizure.
\nldap_modify_sW error 0x34(52 (Unavailable).
\nLdap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722<\/p>\nWin32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
\n)
\nDepending on the error code this may indicate a connection,ldap, or role transfer error.
\nTransfer of domain naming FSMO failed, proceeding with seizure …
\nServer “mydc01” knows about 5 roles
\nSchema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nNaming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nPDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nRID – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nInfrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nfsmo maintenance: seize rid master<\/strong>
\nAttempting safe transfer of RID FSMO before seizure.
\nldap_modify_sW error 0x34(52 (Unavailable).
\nLdap extended error message is 000020AF: SvcErr: DSID-03210F70, problem 5002 (UNAVAILABLE), data 1722<\/p>\nWin32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
\n)
\nDepending on the error code this may indicate a connection, ldap, or role transfer error.
\nTransfer of RID FSMO failed, proceeding with seizure …
\nSearching for highest rid pool in domain
\nServer “mydc01” knows about 5 roles
\nSchema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nNaming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nPDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nRID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nInfrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nfsmo maintenance: seize schema master<\/strong>
\nAttempting safe transfer of schema FSMO before seizure.
\nldap_modify_sW error 0x34(52 (Unavailable).
\nLdap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722<\/p>\nWin32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
\n)
\nDepending on the error code this may indicate a connection, ldap, or role transfer error.
\nTransfer of schema FSMO failed, proceeding with seizure …
\nServer “mydc01” knows about 5 roles
\nSchema – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nNaming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nPDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nRID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nInfrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nfsmo maintenance: seize infrastructure master<\/strong>
\nAttempting safe transfer of infrastructure FSMO before seizure.
\nldap_modify_sW error 0x34(52 (Unavailable).
\nLdap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722<\/p>\nWin32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
\n)
\nDepending on the error code this may indicate a connection, ldap, or role transfer error.
\nTransfer of infrastructure FSMO failed, proceeding with seizure …
\nServer “mydc01” knows about 5 roles
\nSchema – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nNaming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nPDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nRID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nInfrastructure – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
\nfsmo maintenance:<\/p><\/blockquote>\nCheck to role locations to verify using netdom again:<\/p>\n
C:\\>netdom query fsmo
\nSchema master MYDC01.mydomain.local
\nDomain naming master MYDC01.mydomain.local
\nPDC MYDC01.mydomain.local
\nRID pool manager MYDC01.mydomain.local
\nInfrastructure master MYDC01.mydomain.local
\nThe command completed successfully.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"I had to deal with a really neglected domain, and found that all the FSMO roles were on a domain controller that no longer functioned or existed. I had to get the roles on the working server. Using convental methods in the UI or the ntdsutil to transfer the roles succeeded. I had no choice, [&hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[221,138,457,36],"class_list":["post-1586","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-domain-controller","tag-roles","tag-seize","tag-windows"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1586"}],"version-history":[{"count":1,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1586\/revisions"}],"predecessor-version":[{"id":1587,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1586\/revisions\/1587"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}