How do I figure out which Windows 2000 domain controllers (DCs) on my network hold the various Flexible Single-Master Operation (FSMO) roles for my forest and domains?

Such DCs, also known as operations masters, perform single-master operations for a Win2K forest and individual domains. These operations include updating the schema, creating new domains in a forest, issuing new blocks of Relative Identifiers (RIDs), and supporting domains and clients that run Windows NT 4.0 or earlier. A Win2K forest has two operations masters that manage certain forestwide single-operation activities, and each domain has three operations masters that manage certain domainwide activities. Several Microsoft articles provide detailed information about the five FSMO roles and their functions. See "Windows 2000 Active Directory FSMO Roles" at http://support.microsoft.com/default.aspx?scid=kb;en-us; q197132, "How to Find FSMO Role Holders (Servers)" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q234790, and "How to Find the FSMO Role Owners Using ADSI and WSH" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q235617.

The first Win2K DC that you install in a Win2K forest through Dcpromo automatically holds the two forestwide FSMO roles (i.e., domain naming master and schema master) as well as the three domain-specific FSMO roles (i.e., infrastructure daemon, PDC emulator, and RID master) for the forest's root domain. However, other servers might hold these roles—for example, if an administrator or administrative utility on your network has manually changed operations masters. Certain third-party utilities provide features to determine the DCs that act as FSMO role holders. However, you can also choose from several built-in or supplemental Win2K tools, such as Microsoft Management Console (MMC) snap-ins and Support Tools.

Using MMC snap-ins. To identify the domain-specific operations masters, open the MMC Active Directory Users and Computers console. Right-click the applicable domain object in the left-hand pane, then select Operations Masters from the context menu. The Operations Masters dialog box contains three tabs: Infrastructure, PDC, and RID. Each tab displays the server that holds that role for the domain.

Identifying the forest-specific operations masters can be a bit trickier because doing so involves the use of the MMC Active Directory Schema and MMC Active Directory Domains and Trusts snap-ins, which Win2K doesn't install automatically. The following instructions assume that you haven't already installed those snap-ins.

To install the Active Directory Schema snap-in and determine the schema master, click Start, Run. In the Run dialog box's Open text box, type

mmc

Click OK to open a new MMC console. From the console's menu bar, select Console, then select Add/Remove Snap-in. In the resulting dialog box, click Add to display a list of available snap-ins. Double-click Active Directory Schema, then click Close. (If Active Directory Schema doesn't appear in this list, you need to register the file schmmgmt.dll. To do so, open the Run dialog box and type

regsvr32 schmmgmt.dll

in the Open text box, then click OK. A message will appear to confirm that the registration was successful.)

Click OK to close the Add/Remove Snap-in dialog box. Right-click Active Directory Schema in the new console's left-hand pane, then select Operations Master from the context menu to view the name of the schema master. (I suggest you use the MMC's Console\Save or Save As menu option to save this customized console for future use.)

To install the Active Directory Domains and Trusts snap-in and determine the domain naming master, follow the same steps to open a new console and to add a snap-in but select Active Directory Domains and Trusts from the snap-in list. In the new console's left-hand pane, right-click Active Directory Domains and Trusts, then select Operations Master from the context menu to view the name of the domain naming master.

Using Ntdsutil. To view which domain and forestwide FSMO roles a specific DC holds, you can use Ntdsutil (ntdsutil.exe), a utility that comes with Win2K Server, Win2K Advanced Server, and Win2K Datacenter Server. To run Ntdsutil, open a command line and type the following series of commands, pressing Enter between each command. (The variable server_name is the name of the Win2K DC for which you want to view the FSMO roles.)

ntdsutil
domain management
connections
connect to server
quit
select operation target
list roles for connected
server

Using supplemental tools. To identify more than one FSMO role holder at one time, you can choose from several supplemental Win2K tools. These tools are the dumpfsmos.cmd batch file, which you can find in the Microsoft Windows 2000 Server Resource Kit; Dcdiag, a command-line utility that comes with the Win2K Support Tools; or Replmon, another Support Tools utility.

You can use dumpfsmos.cmd to quickly list FSMO role holders for your current domain and forest. The file uses Ntdsutil to enumerate the operations masters. To run the file, type

dumpfsmos

where server_name is the name of the DC to which dumpfsmos.cmd should connect.

You can use Dcdiag to list the owners of all FSMO roles in your enterprise. (If you haven't already installed this Support Tool, run setup.exe from the Win2K Server CD-ROM \support\tools folder.) To use this utility, open a command prompt on a Win2K DC and type

dcdiag /test:
knowsofroleholders /v

Note that the /v switch is required. This operation returns all the operations masters that the DC knows about in the enterprise.

Replmon is another Win2K Support Tool that you can use to identify the operations masters. You can also use this tool to test the FSMO role holders' connectivity status. To use Replmon after you've installed it from the Win2K Server CD-ROM, select Programs, Support Tools, Tools, Active Directory Replication Monitor. In Replmon's main window's Contents pane, right-click Monitored Servers to launch the Add Server to Monitor Wizard, then use the wizard to add the server you want to monitor. Right-click the server, then select Properties from the context menu. Go to the Properties dialog box's FSMO Roles tab and look under the Owner column to view the operations masters. To test connectivity to an operations master, click Query to the right of the role.