When you want to find the FSMO role holders on Server 2008 you may find yourself going into multiple graphical windows and properties tabs to track down each FSMO role. In the case of the Schema role you even have to first enable the schema management snap-in first.

An easier way is to use dcdiag. Dcdiag can display a lot of useful information for general info gathering or troubleshooting. For this particular case we only want very specific information. You will find simply running dcdiag without any parameters is both too verbose and not verbose enough to identify the FSMO role holders.

Using the following command specifes you are only running the test “KnowsOfRoleHolders” with the parameter “v” which means verbose output which presents extended information. In this case the actual DN of the role holders will not be shown without it.

dcdiag -test:KnowsOfRoleHolders -v

To make it easier to read you may want to redirect this to a text file:

dcdiag -test:KnowsOfRoleHolders -v » c:\DCdiag_FSMO_Roles.txt

Sample output from a test lab DC

Directory Server Diagnosis

Performing initial setup:

Trying to find home server…

  • Verifying that the local machine IBM-DC-X21, is a Directory Server.

Home Server = IBM-DC-X21

  • Connecting to directory service on server IBM-DC-X21.

  • Identified AD Forest.

Collecting AD specific global data

  • Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),…….

The previous call succeeded

Iterating through the sites

Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

Getting ISTG and options for the site

  • Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),…….

The previous call succeeded….

The previous call succeeded

Iterating through the list of servers

Getting information for the server CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

objectGuid obtained

InvocationID obtained

dnsHostname obtained

site info obtained

All the info for the server collected

  • Identifying all NC cross-refs.

  • Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\IBM-DC-X21

Starting test: Connectivity

  • Active Directory LDAP Services Check

Determining IP4 connectivity

  • Active Directory RPC Services Check

……………………. IBM-DC-X21 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\IBM-DC-X21

Test omitted by user request: Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Test omitted by user request: FrsEvent

Test omitted by user request: DFSREvent

Test omitted by user request: SysVolCheck

Test omitted by user request: KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

Role Domain Owner = CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

Role PDC Owner = CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

Role Rid Owner = CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

Role Infrastructure Update Owner = CN=NTDS Settings,CN=IBM-DC-X21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=IBMEurope,DC=EU

……………………. IBM-DC-X21 passed test KnowsOfRoleHolders

Test omitted by user request: MachineAccount

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: Replications

Test omitted by user request: RidManager

Test omitted by user request: Services

Test omitted by user request: SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Test omitted by user request: DNS

Running partition tests on : ForestDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : DomainDnsZones

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Schema

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running partition tests on : IBMEurope

Test omitted by user request: CheckSDRefDom

Test omitted by user request: CrossRefValidation

Running enterprise tests on : IBMEurope.EU

Test omitted by user request: DNS

Test omitted by user request: DNS

Test omitted by user request: LocatorCheck

Test omitted by user request: Intersite