Active Directory

Migrating FSMO Roles and Removing DC with Metadata Cleanup

author

Hello! In this article, Active Directory Domain within the structure Domain Controller in our machines FSMO how to carry their roles and Metadata Cleanup We will cover how to do the process.

Earlier How to Install Active Directory on Server Core? ve How to Install Additional Domain Controller We have mentioned the topics, you can access them via the links below.

What are FSMO Roles and What is Their Importance?

FSMO (Flexible Single Master Operation), undertakes some critical tasks to ensure the healthy and orderly operation of Active Directory. These are:

  • Schema Master: It is unique throughout the forest and holds all updates, replicated with other DCs.
  • Domain Naming Master: It is unique throughout the forest and manages the information about objects entering and exiting the domain.
  • PDC Emulator: It handles tasks such as clock synchronization, password changes and resets.
  • RID Master: Manages SID information of objects in Active Directory.
  • Infrastructure Master: It provides information transfer between domains and keeps it updated.

These roles, Active Directory is critical to the stability and reliability of the structure. Therefore, in case of any problems, these roles can be safely transferred to another Domain ControllerIt needs to be moved to.

In the current situation, Primary Domain Controller has become unusable due to a physical or software problem. In this case, we will move the FSMO roles to the Additional Domain Controller in the environment by "seizing"..Transportation process, Active DirectoryIt is critical for the company to continue operating without interruption.

Migrating FSMO Roles (FSMO Seizing)

FSMO To determine which server the roles are on, we can use the following command from the command prompt:

netdom query fsmo

This command is available FSMO Lists which server the roles are on. This information is required for the migration of roles.

fsmo cengizyilmaz

The process of migrating FSMO roles involves safely transferring the roles to another Domain Controller. This process is especially critical in the event of a Domain Controller failure or backup requirements. You can also use this method we use to perform FSMO Seizing when you lose access to your Primary DC server.

  • Command Prompt (Command Prompt) open it and run the following command.
ntdsutil
  • FSMO to access the maintenance console;
roles
  • Server & Hosting Switch to the connections console:
connections
  • FSMO Connect to the server to which the roles will be migrated. Since you cannot connect to a server whose access has been cut off, you need to connect to a Domain Controller server that is UP in the environment.
connect to server ADC1.cengizyilmaz.local
fsmo cengizyilmaz 1

Once the connection is established, FSMO Maintenance We need to go back to the section;

quit
fsmo6

Transferring the Schema Master Role:

Schema Master To move the role to the new server, you must use the following command. Role Seizure Confirmation Dialog in the window YES You must confirm with

seize schema master
schema master seize cengizyilmaz

Moving the Domain Naming Master Role:

Domain Name Master To move the role to the new server, you must use the following command. Role Seizure Confirmation Dialog in the window YES You must confirm with

seize naming master
domain naming master seize cengizyilmaz

Moving the PDC Emulator Role:

PDC Emulator To move the role to the new server, you must use the following command. Role Seizure Confirmation Dialog in the window YES You must confirm with .

seize pdc
please pdc cengizyilmaz

Moving the RID Master Role:

RID Master To move the role to the new server, you must use the following command. Role Seizure Confirmation Dialog in the window YES You must confirm with .

seize rid master
seize rid master cengizyilmaz

Moving the Infrastructure Master Role:

Infrastructure Master To move the role to the new server, you must use the following command. Role Seizure Confirmation Dialog in the window YES You must confirm with .

seize infrastructure master
infrastructure master cengizyilmaz

DCM on the screen "quitWe need to exit by typing ”, then FSMO We need to perform a check for the roles.

Our FSMO role seizing process is complete, now we need to check the FSMO roles.

netdom query fsmo

The checks we have made also show that FSMO their roles ADC1.cengizyilmaz.local successfully to our server seizing we can see it being done.

netdom query fsmo

Removing Domain Controller Server with Metadata Cleanup

Metadata Cleanup process, Active Directoryfrom is no longer used or accessible Domain ControllerUsed to safely remove . This process ensures that old or broken servers are completely and correctly removed from your system. Below, Metadata Cleanup I will explain how to do the process step by step:

  • DCM Open the screen and start the ntdsutil tool with the following command
ntdsutil
Ntdsutil
  • in ntdsutil metadata cleanup It is necessary to switch to mode
metadata cleanup
  • For the server to connect to connections It is necessary to switch to mode and establish a connection with the server.
connections
connect to server ADC1.cengizyilmaz.local
  • After the connection to the server is established, we need to continue the Metadata Cleanup process by logging out.
quit
meta5
  • Metadata Cleanup We need to specify the Operation target for .
select operation target
select operation target cengizyilmaz
  • Domain We need to provide the current SITE selection by listing the SITES in our environment.
list sites
  • List of sites with the command domain in all environments SITE It seems that here is the relevant SITE for selection SELECT SITE We will use the command. (You can change your site number according to your own)
select site 0
meta8
  • SITE after making your selection, DOMAIN we need to make a choice.
list domains in site
  • We will select for the listed DOMAIN
select domain 0
select domain
  • Active Directory in our environment Domain Controller We need to list whichever ones are to be deleted first.
list server in site
  • Which Domain Controller If we are going to remove the server, the relevant Domain Controller with server Select we need to perform the operation.
select server 0
meta12
  • We need to list the Naming Contexts in our domain structure and then make a selection.
list naming contexts
  • After listing the Naming Contexts, we can perform the selection process with SELECT.
select naming context 2
meta14
  • We have completed all our listing and selection operations, now to delete our Domain Controller server, we need to leave the select operation target console and return to the metadata cleanup console.
quit
  • metadata cleanup We have returned to the console with the "quit" option, now we can delete the Domain Controller server we selected from our environment.
remove selected server
  • With the Remove Selected Server command, we need to give an additional CONFIRMATION to delete the Domain Controller server from the environment. After the relevant confirmation process, our Domain Controller server will be deleted from the environment.
meta16
  • Active Directory Users and Computers (ADUC) which we deleted when we opened it Domain Controller We cannot view our server.
bring
  • Since we do not perform this operation with the GUI, we need to clean up the remains via the Active Directory Sites and Services console and the DNS Server console.

With these steps, you have successfully removed a problematic or unused Primary Domain Controller from your Active Directory environment. This process is important to maintain Active Directory health and prevent future replication issues.

Similar Posts – Migrating FSMO Roles and Removing DC with Metadata Cleanup

One comment on “Migrating FSMO Roles and DC Removal with Metadata Cleanup”

  1. Trackback: Active Directory Time Synchronization (NTP Sync)

Comment

© 2025 Cengiz YILMAZ
TermsContact