Transfer/Seizure of schema FSMO

[SKM]

Hi

What privileges are required for a user to successfully transer the Schema
FSMO role to another server via the MMC Schema snapi and tools such as
NTDSUTIL?

Thanks

 

[Matjaz Ladava [MVP]]

This information is stored in fSMORoleOwner attribute in
CN=Schema,CN=Configuration,DC=yourdomain partition, you can use ADSI edit to
see who has permission to write to this attributes. You will find out, that
only users that are part of Schema Admin group can modify this value and
thous change fSMORoleOwner attribute value.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Mike Aubert]

By default, Schema Admins (located in the forest root domain) have the
permission to change the schema master. Alternatively, a user or group can
be given the Change Schema Master permission on the schema (right click the
Active Directory Schema node in the Active Directory Schema snap-in and
select Permissions) which will allow them to change the schema master. See
this KB article for more info:

Setting User Rights for Designating FSMO Roles in an Enterprise
http://support.microsoft.com/?id=228776

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.