Active Directory - FSMO Seizing, DRSM Password Reset and Dc health checks/best practices

As mentioned on old blog posts it is important to know which DCs (in your domain/Forest) are holding five Active directory roles using this command line.

netdom query fsmo

At the same time it is important to test your DCs health.

If you are facing unlike situation that DCs holding all 5 Ad roles (or few of them)  are no longer working you should start planning Seizing roles activity.

Here it is a Microsoft article that well apply to all Microsoft Server versions.

Here they are other important suggests:
  1. Microsoft best practices suggest to have at least a Physical Domain controller indeed to have all them virtualized:
  2. I warmly suggest to check all your server and to have local Administrator password (and account enabled).
  3. To check, on all your servers/Dcs to have indicated DNS1, DNS2 and DNS3 pointing to active DCs/DNS
  4. Have 5 AD roles splitted between at least two domain controllers.
  5. About Domain controllers have DRSM Administrator password, if not known proceed to have it resetted.