W2K AD domain controllers split up the master operations roles. This is usually transparent to most administrators. Active Directory will manage which domain controller ( DC ) has which master operations role. The key is normally. There are five master controller roles. By default, they are on the first domain controller in the domain. For performance issues, you probably want to split the roles apart. Microsoft recommends in kb article Q223346 and my own study confirms:

• Place the RID and PDC FSMO emulator roles on the same DC.
• Place the infrastructure FSMO master on a non-global catalog server.
• Place the domain naming FSMO master on a Global Catalog Server.

Microsoft releases sample utilities from the Windows 2000 Resource kits. Dumpfsmos.cmd: Dump FSMO Roles is available for free download. This command-line tool dumps the Flexible Single Master Operation (FSMO) roles for a domain. Using DumpFsmos, you can find the names of the domain controllers that are performing forest-wide operations master roles, including schema master and domain naming master, and domain-wide operations master roles, including RID master, primary domain controller emulator, and infrastucture master.

Probably the easiest method is to use the W2K version of netdom:

netdom query fsmo

You will get a list like:

Schema owner                dc2.mycompany.com
Domain role owner           dc1.mycompany.com
PDC role                    dc4.mycompany.com
RID pool manager            dc1.mycompany.com
Infrastructure owner        dc3.mycompany.com
The command completed successfully.

C:\> ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server oneofyourDCs
Binding to oneofyourDCs ... 
Connected to oneofyourDCs using credentials of locally logged on user
server connections: quit
domain management: select operation target
select operation target: list roles for connected server
....
info for your domain listing the fsmo role holders
.....
select operation target: quit
domain management: quit
ntdsutil: quit
Disconnecting from oneofyourDCs ...

Another alternative is to use the dcdiag utility:

dcdiag /test:Knowsofroleholders /v

Another alternative to find the RID, PDC, and Infrastructure FSMO Holders is to use dsa.msc:

• Click Start, click Run, type dsa.msc, and then click OK.
• Right-click the selected Domain Object in the top left pane, and then click Operations Masters.
• Click the PDC tab to find out which DC is holding the PDC master role.
• Click the Infrastructure tab to find out which DC is holding the Infrastructure master role.
• Click the RID Pool tab to find out which DC is holding the RID master role.

The FSMO roles:

• Domain Naming Master
  The Domain Naming Master is created on the first DC in the domain. This box could be down for a long time before you discover its loss. If the DC running as Domain Naming Master is going out of service as part of a network change, you can transfer the role:
  • Choose Active Directory Domains and Trust from the Administrative Tools menu.
  • Choose Connect to Domain Controller in the shortcut menu.
  • Select the domain controller you want to take over as domain naming master.
  • Press OK
  • Right-click Active Directory Domains and Trust and choose Operations Masters.
  • A dialog box opens and shows the current and tobe domain naming master.
  • If its the DC you designated, click Change and then OK

  If the Domain Naming Master DC crashes, you will have to seize the domain naming master role and force it to another DC. Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:

  • Type roles
  • At fsmo maintenance:, type connections
  • At server connenctions:, type connect to server , that is, the FQDN of the DC you want to take over the role.
  • At server connenctions:, type quit
  • At fsmo maintenance:, type seize domain naming master
  • At ntdsutil, type quit
  Setting the Domain Naming Master is radical. Don't attempt to bring the crashed Domain Naming Master back online. When a role master dies, kill the partition and start over.
• Infrastructure Master
  The Infrastructure Master is the controller that keeps up with changes in group membership and handles replication of these changes to other domains. The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog's data will always be up-to-date. If the infrastructure master finds data that is out-of-date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain. If the DC running as Infrastructure Master is going out of service as part of a network change, you can transfer the role:
  • Choose Active Directory Users and Computers from the Administrative Tools menu.
  • Right-click the domain node and choose Connect to Domain Controller.
  • Select the domain controller you want to take over as infrastructure master.
  • Press OK
  • Right-click the domain node and choose Operations Masters.
  • Click the Infrastructure tab to see which DC the Operations Master will make Infrastructure master.
  • If its the DC you designated, click Change and then OK

  If the Infrastructure Master DC crashes, you will have to seize the Infrastructure Master role and force it to another DC. Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:

  • Type roles
  • At fsmo maintenance:, type connections
  • At server connenctions:, type connect to server , that is, the FQDN of the DC you want to take over the role.
  • At server connenctions:, type quit
  • At fsmo maintenance:, type seize infrastructure master
  • At ntdsutil, type quit
  As you can imagine, this is a dangerous task. Don't attempt to bring the crashed infrastructure master back online. When a role master dies, kill the partition and start over.

  There is a Gotcha!!!! about the placement of the Infrastructure master. To find out if changes need to be distributed to other domains, the infrastructure master queries the Global Catalog which manages authenication. If the Global Catalog and the Infrastructure master are on the same controller, the infrastructure master will never find any outdated data. Don't worry about why. Just remember that the GC and the Infrastructure master must be on different DCs unless there is only one. AD manages this automatically but the gotcha arises when you manually transfer or sieze the role and move it to the same DC which has the Global Catalog. Caution. Additionally if all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

• PDC emulator
  In a mixed mode environment with W2K and NT4 DCs, one of the W2K DCs emulates an NT4 PDC. Although W2K AD is multi-master, the NT4 PDC is the only DC with a writeable SAM. There must be a PDC emulator as long as there are any downlevel clients (NT4, Win9x) or there are any NT4 BDCs. If the PDC emulator goes offline, the functions a real NT4 PDC performs will be unavailable. Some of the masters can go offline and you will not notice. If the PDC emulator goes offline, you will know it.

  If the PDC emulator box is going out of service as part of a network change, you can transfer the PDC emulator role:

  • Choose Active Directory Users and Computers from the Administrative Tools menu.
  • Right-click the domain node and choose Connect to Domain Controller.
  • Select the domain controller you want to take over as PDC emulator.
  • Press OK
  • Right-click the domain node and choose Operations Masters.
  • Click the PDC tab to see which DC the Operations Master will make PDC emulator.
  • If its the DC you designated, click Change and then OK

  If the PDC emulator box crashes, you will have to seize the PDC emulator role and force it to another DC. Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:

  • Type roles
  • At fsmo maintenance:, type connections
  • At server connenctions:, type connect to server , that is, the FQDN of the DC you want to take over the role.
  • At server connenctions:, type quit
  • At fsmo maintenance:, type seize PDC
  • At ntdsutil, type quit
  Get the idea that Microsoft does not want you to use the Seizing functionality? It is not in a GUI. I suspect its something they would rather walk you through on a support call. Don't restore the original PDC emulator. If you want it back as PDC emulator, do a fresh install and move the role using the transfer function.
• Relative Identifier Master
  The Relative Identifier Master is the controller that allocates and tracks the sequence numbers of the relative ID portion of SIDs. If the DC running as Relative Identifier is going out of service as part of a network change, you can transfer the role:
  • Choose Active Directory Users and Computers from the Administrative Tools menu.
  • Right-click the domain node and choose Connect to Domain Controller.
  • Select the domain controller you want to take over as RID master.
  • Press OK
  • Right-click the domain node and choose Operations Masters.
  • Click the RID tab to see which DC the Operations Master will make RID master.
  • If its the DC you designated, click Change and then OK

  If the Relative Identifier Master DC crashes, you will have to seize the RID Master role and force it to another DC. Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:

  • Type roles
  • At fsmo maintenance:, type connections
  • At server connenctions:, type connect to server , that is, the FQDN of the DC you want to take over the role.
  • At server connenctions:, type quit
  • At fsmo maintenance:, type seize RID master
  • At ntdsutil, type quit
  As you can imagine, this is a dangerous task. Don't attempt to bring the crashed RID master back online. When a role master dies, kill the partition and start over.
• Schema Master
  The Schema is the dna for Active Directory. The schema master is created on the first DC in the domain. If the DC running as schema master is going out of service as part of a network change, you can transfer the role using the Active Directory Schema MMC snap-in:
  • Right-click Active Directory Schema in the console windows
  • Choose Change Domain Controller in the console windows
  • Change the focus to the controller which you want to take over the Schema Master role
  • Right-click Active Directory Schema in the console windows
  • Choose Operations Master from the shortcut menu
  • Click the Change button
  • Click OK

  If the Schema Master DC crashes, you will have to seize the schema master role and force it to another DC. Choose Run from the Start menu or open a commandline shell, and run the program ntdsutil . Within ntdsutil you will issue a series of commands:

  • Type roles
  • At fsmo maintenance:, type connections
  • At server connenctions:, type connect to server , that is, the FQDN of the DC you want to take over the role.
  • At server connenctions:, type quit
  • At fsmo maintenance:, type seize schema master
  • At ntdsutil, type quit
  Setting the schema master is radical. Don't attempt to bring the crashed Schema Master back online. It could corrupt your domain and you are dead. When a role master dies, kill the partition and start over.