white fur on white surface

FSMO Role Transfer & Seizure in AD Domain (Flexible Single Master Operation)

  • 📍 Objective: Ensure domain continuity by transferring/seizing FSMO roles between DCs in namahshivaya.com.

  • 🛠️ Tools Used: Windows Server 2019/2022, PowerShell, ntdsutil, VMware ESXi lab.

  • 🔍 Steps:

    • Queried current FSMO role holders.

    • Gracefully transferred all roles to DC2.

    • Simulated DC1 failure and seized roles on DC2.

    • Verified domain health post-seizure.

From the images we can clearly know we have 3 dc one is read-only domain and other is normal DC

There are five FSMO roles in Active Directory:🏢

Forest-level FSMO roles-(onlyone per forest)

  1. Schema Master – Controls all updates to the AD schema.

  2. Domain Naming Master – Manages changes to the forest-wide domain namespace (i.e., adding/removing domains).

🌐

Domain-level FSMO roles-(one per domain):

  1. RID Master – Allocates blocks of Relative IDs (RIDs) to domain controllers for creating new objects.

  2. PDC Emulator – Emulates the Primary Domain Controller for backward compatibility and manages time sync, password changes, etc.

  3. Infrastructure Master – Updates references to objects in other domains

why we use this :)

green and brown feather on green textile

consider a example like this

One of your two domain controllers (DC01 and DC02) went down due to a hardware issue. Users are experiencing login delays and GPOs are not applying.

👉 As a System Administrator, what checks would you perform to minimize disruption, and how would you restore normal domain functionality?

  1. Confirm the outage:

    • Use ping dc01.corp.local or try RDP.

    • Check Event Viewer logs on DC02 for replication or DNS errors.

  2. Ensure clients are using DC02:

    • Verify clients have DC02’s IP as secondary DNS.

    • Run echo %logonserver% on a client to see which DC they are hitting.

  3. Force replication & sync GPOs (on DC02):

    cmd: gpupdate /force

  4. Verify Fsmo roles

    If DC1 has fsmo roles change to DC02

  5. Check SYSVOL Replication
    Use c:\windows\sysvol\admin

Insights

Explore troubleshooting techniques and learn. if you got any solution please email me i will study and update in here with your reference.

Support

Connect

support@jrcprojects.club

© 2025. All rights reserved.