DomainDnsZones and ForestDnsZones Infrastructure Masters

There are five well-known master roles in AD that can be “seized” with “ntdsutil”, but this post is about a couple master roles that seem to be left out when trying to recover from losing a domain controller without properly “demoting” with “dcpromo”.

If you are using “Active Directory Integrated DNS Zones”, there are usually a couple special directory partitions added: “DomainDnsZones” and “ForestDnsZones”. These have their own “Infrastructure Master” FSMO role. If the role “owner” (domain controller in charge of this role / responsibility) will never be available again, you can reassign it with a script provided by Microsoft. The following articles have the script “fixfsmo.vbs” you will need:

This has helped me out on several occasions. Not sure how common this is in other environments, but we seem to always see funky hard-to-solve issues like this.


About notesbytom

Keeping technology notes on to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in System Administration and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s