Active Directory


By default, Group Policy does not offer a facility to easily disable drives containing removable media, such as USB ports, CD-ROM drives, Floppy Disk drives and high capacity LS-120 floppy drives. However, Group Policy can be extended to use customised settings by applying an ADM template. The ADM template in this article allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.

Import this administrative template into Group Policy as a .adm file.


Before you can introduce Windows Server 2003 domain controllers, you must prepare the forest and domains with the ADPrep utility.

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation).

The five FSMO roles are:

  • Schema master - Forest-wide and one per forest.

  • Domain naming master - Forest-wide and one per forest.

  • RID master - Domain-specific and one for each domain.

  • PDC - PDC Emulator is domain-specific and one for each domain.

  • Infrastructure master - Domain-specific and one for each domain.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC.

In order to better understand your AD infrastructure and to know the added value that each DC might possess, an AD administrator must have the exact knowledge of which one of the existing DCs is holding a FSMO role, and what role it holds. With that knowledge in hand, the administrator can make better arrangements in case of a scheduled shut-down of any given DC, and better prepare him or herself in case of a non-scheduled cease of operation from one of the DCs.

How to find out which DC is holding which FSMO role? Well, one can accomplish this task by many means. This article will list a few of the available methods.

Use the Netdom command

The FSMO role holders can be easily found by use of the Netdom command.

Netdom.exe is a part of the Windows 2000/XP/2003 Support Tools. You must either download it separately or by obtaining the correct Support Tools pack for your operating system. The Support Tools pack can be found in the \Support\Tools folder on your installation CD.

  1. On any domain controller, click Start, click Run, type CMD in the Open box, and then click OK.

  2. In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).




Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in  Understanding FSMO Roles in Active Directory.

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.