Active Directory: Knowledge – Required FSMO Role to join new Domain Controller

Active Directory Knowledge
Comments

This tutorial is for ADDS knowledge to understand the essential role that must be online for Domain Controller to join successfully.

In this test, DC1 is the first DC that has all FSMO Roles.
Required role is transferred to DC2 and DC2’s network is disconnected.
I will perform the test to see whether new server DC3 can be joined as Domain Controller successfully and one of the FSMO role is not available.

First, we need to check FSMO roles by logging the current DC and execute ntdsutil command:
ntdsutil Roles Connections “Connect to server %LogonServer%” Quit “Select Operation Target” “List roles for conn server” Quit Quit Quit

adds1

 

Transfer Role to DC2 NTDSUTIL CMD Join New DC
Domain Naming Master
ntdsutil Roles Connections “Connect to server \\DC2” Quit “Transfer Naming Master” Quit Quit
Success
RID Master
ntdsutil Roles Connections “Connect to server \\DC2” Quit “Transfer RID Master” Quit Quit
Fail
adds5
PDC Emulator Master
ntdsutil Roles Connections “Connect to server \\DC2” Quit “Transfer PDC” Quit Quit
Success
Infrastructure Master
ntdsutil Roles Connections “Connect to server \\DC2” Quit “Transfer Infrastructure Master” Quit Quit
Success
Schema Master
ntdsutil Roles Connections “Connect to server \\DC2” Quit “Transfer Schema Master” Quit Quit
Success

 

Conclusion

RID Master is required for new server DC3 to join as Domain Controller successfully.

 

Updated: 18/12/2014 — 11:04 AM

Leave a Reply

Your email address will not be published. Required fields are marked *