Windows Server 2016-command line ntdsutil migrating FSMO roles

Source: Internet
Author: User
Tags ldap to domain

In the previous section we introduced the graphical interface migration FSMO role, before this chapter we first review the five operations master roles of the FSMO: schema master role, domain naming master role (realm naming master), RID Master role (RID Master), PDC emulation master role (PDC Emulator), and infrastructure master role (Infrastructure Master), both forest-wide and domain-scoped host roles must be unique. This chapter introduces how to use the DOS command ntdsutil to carry out the FSMO role migration method, hope can help everyone.

1. View information about the current FSMO role from the command line:

2. View the Ntdsutil command line help information:

ntdsutil  perform  Active Directory  database maintenance of the domain service store, help configure  AD LDS  communication ports, and view the AD that is installed on the computer  LDS  example.? -  displays this Help information activate instance %s -  setting "NTDS" or a specific  AD  lds  instance   as the activity instance. authoritative restore-  Authorized Restore  DIT  Database Change service account %s1 %s2  -  Change the  AD DS/LDS  service account to a user named  %s1 with a password of  %s2. Use "null" to indicate a blank password,*  means to enter a password from the console. configurable settings-  Manage configurable Settings ds behavior -  View and modify  AD DS/LDS  behaviors files  -  Management  AD DS/LDS  Database files group membership evaluation-  evaluating the tokens in a given user or   group  sid. help -  displays this Help information ifm- ifm  media creation ldap policies -  Management  LDAP  protocol policy LDAP  Port %d-  Configure  LDAP  ports for  AD LDS  instances. list instances -  Lists all the  AD LDS  instances that are installed on this computer. local roles -  local  RODC  role Management metadata cleanup -  clean up objects that are not in use partition management -  Manage directory partitions popups off -  disable pop-up popups  on-  Enable popup quit -  exit Utility roles -  Admin  NTDS  role owner Token security account  management-  Manage security Account database  -  copy sid  Cleanup semantic database analysis -  grammar checker set  DSRM Password -  Reset Directory Services Restore Mode administrator  account password snapshot -  Snapshot management Ssl port  %d -  Configure  SSL  ports for  AD LDS  instances.

C:\windows\system32\ntdsutil.exe:roles

FSMO maintenance:?

? -Show this Help information connections-connect to a specific AD Dc/lds instance help-show this helpful message quit-Return to the previous menu seize infrastructure master-overwrite the structure role on the connected server Seiz  E naming master-overwrites the named master role on the connected server seize pdc-overwrites the PDC role on the connected server seize RID master-overrides the RID role on the connected server seize schema master- overriding schema roles on connected servers select operation Target-Select the site, server, domain, role, and naming context transfer infrastructure master-the connected server is defined as a fabric master transfer Naming master-makes a connected server a named host transfer pdc-the connected server as Pdctransfer RID master-The connected server is designated as the RID Master transfer schema master- To make a connected server a schema master

FSMO maintenance:connections

Server connections:?

? -Display this help message clear creds-Clear the previous connection credentials connect to domain%s-connection to DNS domain name connect to server%s-connection to server, DNS name [: Port number]HELP-show this Help Info Info-Show connection information quit-Return to the previous menu set creds%%s2%s3-to set the connection credentials to domain%, user%s2, password%s3. Empty password use "null" and enter the password from the console using *.

3. The command line migration FSMO role steps are as follows:

3.1. Enter the command Ntdsutil

3.2. Enter the command Roles

3.3. Enter the command Connections

3.4. Enter the command connect to server Major.azureyun.local connect Major domain controller (domain control to migrate to)

3.5. Enter the command Quit

3.6. Enter the Transfer schema Master command, transfer the schema master to Major.azureyun.local, and according to the pop-up prompts to determine whether to transfer the schema master's role to major, select Yes Go on:

The transfer success information is as follows:

3.7. Enter the Transfer RID Master command to transfer the RID master role To Major.azureyun.local, depending on the pop-up prompts to determine whether to transfer the RID master's domain role to the server major, select Yes to continue:

The delivery success information is as follows:

3.8. Enter the Transfer PDC command, transfer the PDC emulation master role to Major.azureyun.local, and depending on the popup prompts to determine whether to transfer the domain role of the primary domain controller to the server major, select " Is "continue:

The delivery success information is as follows:

3.9. Enter the Transfer naming master command, transfer the domain naming master to Major.azureyun.local, and according to the pop-up prompts to determine whether to transfer the role of the named host to the server major, select "Yes" to continue:

The delivery success information is as follows:

3.10. Enter the Transfer infrastructure Master command to transfer the infrastructure master To Major.azureyun.local, depending on the pop-up prompts to determine whether to transfer the domain role of the infrastructure master to the server major, select Yes to continue:

The delivery success information is as follows:

3. The entire operation process is as follows:

4. View the current FSMO role location by netdom query FSMO is Major.azureyun.local:

This time the FSMO role was successfully migrated through the DOS command ntdsutil. The operation is complete.


Windows Server 2016-command line ntdsutil migrating FSMO roles

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.