locked
FSMO Roles on Additional Domain Controller RRS feed

  • Question

  • Hi,

    I have 1 domain called xyz.com and 2 domain controller. Both Domain controller are Global Catalog Server also.

    Currently, all the 5 FSMO roles are on First domain Controller. However, I can see that my additional domain controller is also showing 3 domain wide FSMO roles.

    Can someone tell me why so ?

    Regards

    Neeraj Mehra


    Neeraj Mehra

    Thursday, February 16, 2012 7:50 AM

Answers

All replies

  • HI Neeraj,

     Please use netdom query fsmo and see what are the correct DC holding the Forest and Domain Wide FSMO roles.

    Once done please post the result here

    You Can try the below link as well for better understanding.

    http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/21797808-62f3-402a-aef3-845207f5025f

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com


    Thursday, February 16, 2012 7:59 AM
  • Hello,

    if they belong to the same domain you will have by default 5 FSMO roles only. Have you configured some own settings? Please post the following output from EACH DC:

    "netdom query fsmo" from an elevated command prompt without the quotes.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 16, 2012 8:08 AM

  • If you run netdom query fsmo does it list only 3 roles on additinal DC.Also check from GUI refer below link for the same.
    http://support.microsoft.com/kb/255690 

    Can you post the netdom query fsmo output of both DC.



    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 16, 2012 8:10 AM
  • Hi,

    Netdom Query fsmo list only 5 FSMO roles on FIRST Domain Contoller.

    Can you tell what is the use of 3 domain wide roles which appears automatically when a new Addtional Domain Controller is added ?

    Regards

    Neeraj Mehra


    Neeraj Mehra

    Thursday, February 16, 2012 8:29 AM

  • Since you have mentioned that there is  two DC one DC and other additional DC.There is no difference between DC & ADC.Domain Controllers work in multi-master replication topology and the only one thing which differents them is FSMO role holder. Each role is unique for forest/domain and can be hold only by one DC. That's the only one difference. When FSMO holder would go down and cannot be repaired then you can simply seize FSMO roles to another DC.

    When all DCs are Global Cataogs and have DNS role installed, they are equal each other.

    To find the FSMO role holder DC run below command.
    netdom query fsmo

    Understanding FSMO Roles in Active Directory
    http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
    http://www.sole.dk/post/how-to-place-fsmo-and-global-catalog-roles-in-active-directory/?p=66

    Hope this helps

    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 16, 2012 8:53 AM
  • Hi,

    I agree with you. :)

    Can you please answer on my below query :

    What is the use of 3 domain wide roles which appears automatically when a new Addtional Domain Controller is added ?

    Regards

    Neeraj Mehra


    Neeraj Mehra

    Thursday, February 16, 2012 9:42 AM
    • Proposed as answer by VenkatSP Thursday, February 16, 2012 11:13 AM
    • Marked as answer by Rick Tan Thursday, February 23, 2012 2:24 AM
    Thursday, February 16, 2012 10:09 AM
  • Your Concern is to know about the use of 3 domain wide roles???

    If yes Please follow link provided above by awinish.

    If you are concenered about why 2 DC'S are holding domain wide FSMO roles then please check the Additional domain controller event viewer for any Error events.

    If you find any events please post here.

    Thanks,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com

    Thursday, February 16, 2012 11:13 AM
  • By default, in every forest you have two forest-wide FSMO roles (schema and domain naming master). For every domain, you have at least three domain-wide FSMO roles (PDC Emulator, Infrastructure, and RID masters). Your finding seems to indicate that your additional domain controller was installed as the first domain controller in the new domain

    hth
    Marcin

    • Proposed as answer by Richard MuellerMVP Thursday, February 16, 2012 6:20 PM
    • Marked as answer by Rick Tan Thursday, February 23, 2012 2:25 AM
    Thursday, February 16, 2012 11:48 AM

  • It seems that if you run netdom query fsmo on second DC it shows only three role(domainwide role) if this is the case then the DC may be Child DC and you have parent-child architecture,one DC in parent domain and other DC in child domain.  

    In the parent child domain architecture there will be two forest wide role(schema.domain naming)and 3 domain wide role(RID,infra,PDC) on both parent and child domain and hence when you run netdom query fsmo on child DC you will see forest wide role on parent DC and domain wide role on child DC.


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Friday, February 17, 2012 4:48 AM