How Can the User Find an FSMO Master?

Basically, in Active Directory-based domains (Windows 2000 and Windows .NET), there are five FSMO roles, and every forest contains at least five Active Directory objects, which "know" the names of these operations' masters. Windows .NET domains support application directory partitions, and each created partition has its own Infrastructure Master. Thus, the total number of operation masters in a single domain forest can exceed five. In addition, every new domain in the forest introduces three operation masters within that domain, since the PDC, RID, and Infrastructure FSMO roles are specific to each domain.

You can easily find all operation masters in a forest by using Ldp.exe. Make a synchronous search with the following parameters:

• Base DN — the forest root distinguished name

• Filter — fSMORoleOwner=*

• Scope — Subtree

• Attributes — objectClass

• Chase referrals — on

The results — the distinguished names of the objects as well as their types — must be similar to those shown in Table 17.2. The table contains an example of application partition — forestDnsZones.net.dom.

The fSMORoleOwner attribute (syntax DN) of each found object holds the distinguished name of the DSA (an object of the nTDSDSA class) that possesses the appropriate FSMO role. Here is an example of such a name (the elements that will retain their names in all Active Directory installations are in bold):

    CN=NTDS Settings, CN=NETDC1,CN=Servers,CN=NET-Site,CN=Sites,     CN=Configuration, DC=net, DC=dom 

You can bind to a specific DSA and ask for its parent object (by using the Parent method) — this will be the ADsPath of the server that holds the appropriate FSMO role (see Listing 17.25).