Noel Pulis Blog

When moving roles, the right way to do it is to view exactly where the roles are at the moment. Firstly to check this one can open the command prompt and use the following command.

Netdom /query FSMO

This will show the roles and who is the owner like below.

C:\Users\Administrator.dom>netdom /query fsmo Schema master srv01.mydomain.com Domain naming master srv01.mydomain.com PDC srv01.mydomain.com RID pool manager srv01.mydomain.com Infrastructure master srv01.mydomain.com The command completed successfully.

Now, to change the FSMO owner one must change the settings in the Active Directory Users and Computers, Active Directory Domains and Trusts and Active Directory Schema. This operation would be best to be done on the new server to transfer to.

1. Open the Active Directory Users and Computers and right click on the domain name node, in my case mydomain.com and select Operations Master. Make sure that the entry is the old server on the top dialog box and the new server on the bottom dialog box. Click on the Change button. Switch to the PDC tab and Instrastructure and do the the same operation.

2. Open theActive Directory Domains and Trusts. Right click on the root of the node and select Operations Master. Make sure that the entry is the old server on the top dialog box and the new server on the bottom dialog box. Click on the Change button.

3. Open a command prompt as Administrator and type regsvr32 schmmgmt.dll to register the schema DLL file. Open MMC.EXE and click on File/Add remove Snap-in. Now find the Active Directory Schema from the list. Click on Add and OK. Right-click on the Active Directory Schema node and select Change Active Directory Controller. Select the new server, in this case srv02.mydomain.com. Right-click on the Active Directory Schema node and select Operations Master. Make sure that the entry is the old server on the top dialog box and the new server on the bottom dialog box. Click on the Change button.

If you will run below command, Netdom /query FSMO, you will notice that the roles are now pointing to the new server i.e. srv02.mydomain.com.

(994)

Sometimes when you install a Lync setup and change the server, you might have problems when adding the clients back to the newly created server. Some issues might be that that you cannot log in or mostly you get an error on the management panel on Lync when you enable a user as below:

"RegistrarPool" with identity "1234567890" assigned to "sip:sysadmin@noelpulis.com" has been removed from the configuration store.

You may also encounter the error,

Cannot move user in enable operation. Use the Move user cmdlet instead

To cleanup the user you will need to edit the Active Directory schema. Open the ADSI Edit from your domain controller. Connect as the Default naming context, find the user you need to change (in this case sysadmin) and select properties. Change the below properties to either blank or .

msRTCSIP-ArchivingEnabled msRTCSIP-FederationEnabled msRTCSIP-InternetAccessEnabled msRTCSIP-OptionFlags msRTCSIP-PrimaryHomeServer msRTCSIP-PrimaryUserAddress msRTCSIP-UserEnabled msRTCSIP-UserPolicies

After you set the below, exit the ADSI Edit and retry on Lync. The user should be able to work.

(7499)

Noel Pulis Blog

Tag Archives: schema

How to: Move all FSMO roles on a domain controller

How to: Clean User’s Active Directory Schema from previous Lync installation

Technical help and scripts for everyday issues of a sysadmin day