here’s a Screenshot of ADRestore.NET

Links

Windowsmaker’s blog

Download ADRestore.NET

Now, to get the SID (Security Identifier) for a specific (AD) Active Directory Object using PowerShell use:

$AdObj = New-Object System.Security.Principal.NTAccount("ObjectName")
$strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

Start a Command Line (cmd.exe)
C:\>ntdsutil.exe
Switch to Roles context
ntdsutil: Roles
Switch to Connections context
fsmo maintenance:Connections
Optionally you can specify the credentials used to connect the the server
The format is server connections:set creds MYDOMAIN MYUSERNAME MYPASSWORD
Connect to the specific server
connect to server SERVERNAME
Quit this context
server connections: quit
Now you can transfer the FSMO Roles using the transfer command.
Transfer Schema Master

possible roles to transfer are:
Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master

To get a list of all the FSMO Roles for a specific server, read here – List FSMO Roles of a Domain Controller

Start a command prompt (cmd.exe)

Start NtdsUtil.exe
C:\>NtdsUtil.exe
Switch to Roles context
ntdsutil:Roles
Swtich to Connections context
fsmo maintenance:Connections
Connect to the server
server connections:Connect to server MYDOMAINCONTROLLER
Quit this context
server connections:Quit
Select the so called Operation Targer
fsmo maintenance:Select Operation Target
Now list the Roles for the Server
select operation target:List roles for connected server

that’s it.

To fully automate these steps, you can use this script (just copy paste it in a .bat or .cmd file and execute it with the servername as the first and only parameter)
@echo off
REM
REM Script to dump FSMO role owners on the server designated by %1
REM
if ""=="%1" goto usage
Ntdsutil roles Connections "Connect to server %1" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit
goto done
:usage
@echo Please provide the name of a domain controller (i.e. dumpfsmos MYDC)
@echo.
:done


Register the DLL using
regsvr32 schmmgmt.dll

Transfer the Schema Master Role

• Run MMC (Microsoft Management Console – Start – run – MMC )

• On the File, menu click Add/Remove Snap-in.

• Click Add.

• Click Active Directory Schema, click Add, click Close, and then click OK.

• In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.

• Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.

• In the console tree, right-click Active Directory Schema, and then click Operations Master.

• Click Change.

• Click OK to confirm that you want to transfer the role, and then click Close.

If you get an error like ‘the requested fsmo operation failed. the current fsmo holder could not be contacted’ then:

Check your DNS. Often this error messages occurs on Domain Controllers with more than one NIC / IP Address. Check your DNS Reverse Lookup Zones. To create a diagnoses, there is a tool called dcdiag.

You can do a DNS Check using Dcdiag:
(The Dcdiag command-line tool is included when you install Windows Server 2003 Support Tools from the product CD)

DCDiag /test:dns