FSMO Roles in Active Directory: The 5 Roles and What Happens If One Dies
Active Directory replicates almost everything in a multi-master model — create a user on DC2 and a few seconds later that object exists on DC1, DC3, and every other DC…
Tag: FSMO
Multi-Master vs Single-Master Replication in Active Directory (FSMO Explained)
Active Directory uses two replication models side-by-side. Multi-master replication is the default and covers 99% of directory data — users, groups, computers, OUs, ACLs. Single-master replication covers the five FSMO…
Remove (Demote) a Domain Controller
Two paths to remove a Domain Controller from Active Directory - graceful demotion via Server Manager (Remove Roles and Features wizard) for an online DC, and manual / forced removal via ADUC delete-from-Domain-Controllers-OU for an offline one. Walks both paths end to end with the actual screenshots. Includes the FSMO transfer pre-flight, the Test-ADDSDomainControllerUninstallation cmdlet, the post-demote AD Sites and Services cleanup, and a one-shot DNS scrub script that removes A/NS/SRV/CNAME records for the demoted DC across every Primary forward zone in one pass.
Get Active Directory Information with a PowerShell Script
Get-ADInfo.ps1 is a single PowerShell script that prints ten Active Directory facts in one output: computer/workstation/server/user/group counts, forest and domain functional levels, schema version translated to a Windows Server release name, and all five FSMO role owners. The right script to run before a migration, an audit, or a tier-zero handover.
How to Check FSMO Roles in Active Directory
Three reliable ways to check FSMO role holders in Active Directory: the netdom query FSMO command, the Get-ADForest/Get-ADDomain PowerShell cmdlets (and the Get-ADInfo.ps1 script), and the GUI walkthrough across Active Directory Schema, Active Directory Domains and Trusts, and Active Directory Users and Computers.