Ok, so this is more of a note for me than anyone else, but ever had trouble with FSMO roles on AD? If so,
So what am I trying to do? Well, an old server is being decomissioned and needs all of the FSMO roles transferred off. So I managed to get most of them done, you can do it through AD Users & Computers by selection Operation Master from the menu, or if you’re like me, you’ll prefer using the command line. So ntdsutil is your friend.
Couple of things. Security is a bit odd here. Most roles will be fine, but to transfer the Schema Master role, you need to be a member of both the Enterprise Administrators group and the Schema Admins groups. Use gpresult to check.
So grab your roles in ntdsutil:
C:\Documents and Settings\aled>ntdsutil ntdsutil: roles fsmo maintenance: con server connections: connect to server SERVER Binding to SERVER ... Connected to SERVER using credentials of locally logged on user server connections: q fsmo maintenance: transfer schema master Server "SERVER" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=domain,DC=com Domain - CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=domain,DC=com PDC - CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=domain,DC=com RID - CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=domain,DC=com Infrastructure - CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Cardiff,CN=Sites,CN=Configuration,DC=domain,DC=com fsmo maintenance:
Er, and that’ it. It’s taken me ages because I couldn’t find anythign that said which rights you needed. Stay tuned for more random notes on playing with Windows, AD and Exchange, such as: