The Domain Naming Master

Friday, October 28, 2011

The Domain Naming Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD) forest. There is only one Domain Controller (DC) in the entire forest that holds this role. By default, this is the first server that was promoted to a DC in the root domain. The main purpose of the Domain Naming Master is to manage the addition and removal of all directory partitions in the forest. This role must be online and accessible when you attempt to perform the following actions:

  • Add or remove domains
  • Add or remove directory partitions
  • Modifying cross-reference objects
  • Perform a domain rename

Since these actions are rarely performed in the forest, the Domain Naming Master is rarely put to use. Therefore, if the DC that holds this role is offline, the impact is minimal unless you are attempting to perform one of the actions listed above.

The most common action from the list above is probably adding or removing domains. When you perform this action through the DCPROMO process, the Domain Naming Master is contacted for the domain add or removal process to continue. This DC ensures consistency in domain in this respect.

The Domain Naming Master is identified by the value stored in the attribute, fSMORoleOwner on the partitions container object. This role can be transferred at any time to any other DC in the forest. This role can be combined well with the Schema Master role. This is because both roles are used infrequently and do not add additional resource requirements on the server holding these roles. If this role needs to be transferred, you can use the Active Directory Domains and Trusts snap-in or by using the ntdsutil command line utility.

Using the Active Directory Domains and Trust snap-in, connect to the target DC.  Then, right click the Active Directory Domains and Trusts heading and click on Operations Master...  In the top box, the current DC holding the role should be displayed.  In the lower box, you should see the name of the DC that you wish to transfer the role to.


Or, using the ntdsutil.exe command, type "roles" and hit [enter].  Then type "connections" and hit [enter].  Next type "connect to server servername" and hit [enter].  The system will bind and continue.  Type quit then hit [enter]. Then type "transfer naming master" and hit [enter].  A confirmation dialog box will be displayed.  Click on "Yes".   The system will provide some feedback in regards to this action.



The process of transfering the Domain Naming Master role is complete.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

Windows Server 2008 R2 Unleashed MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647