What is FSMO? What are it roles?

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers.
The five FSMO roles are:
•

Schema Master: The schema master domain controller controls all updates and
modifications to the schema. To update the schema of a forest, you must have access to
the schema master. There can be only one schema master in the whole forest.
•

Domain naming master: The domain naming master domain controller controls the addition
or removal of domains in the forest. There can be only one domain naming master in the
whole forest.
•

Infrastructure Master: The infrastructure is responsible for updating references from objects
in its domain to objects in other domains. At any one time, there can be only one domain
controller acting as the infrastructure master in each domain.
•

Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all
domain controllers in a particular domain. At any one time, there can be only one domain controller
acting as the RID master in the domain.
•

PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary
domain controller (PDC) to workstations, member servers, and domain controllers that are
running earlier versions of Windows. For example, if the domain contains computers that
are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client
software, or if it contains Microsoft Windows NT backup domain controllers, the PDC
emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it
handles password discrepancies. At any one time, there can be only one domain controller
acting as the PDC emulator master in each domain in the forest.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC
snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the
following three MMC snap-in tools:
Active Directory Schema snap-in
Active Directory Domains and Trusts snap-in
Active Directory Users and Computers snap-in
Transferring the Roles

Transfer the Schema Master Role

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can
use this snap-in, you must register the Schmmgmt.dll file.
Register Schmmgmt.dll

1.ClickStart, and then clickR un.

2.Type regsvr32 schmmgmt.dll in theOpen box, and then clickOK.
3.ClickOK when you receive the message that the operation succeeded.
Transfer the Schema Master Role

1.ClickStart, clickRun, typemmc in theOp en box, and then clickOK.

2.On theFile, menu click Add/Remove Snap-in.
3.ClickAd d.
4.Click Active Directory Schema, clickAd d, clickClos e, and then clickOK.
5.In the console tree, right-click Active Directory Schema, and then click Change Domain
Controller.
6.Click Specify Name, type the name of the domain controller that will be the new role
holder, and then clickOK.
7.In the console tree, right-click Active Directory Schema, and then clickOperations
Master.
8.ClickChange.
9.ClickOK to confirm that you want to transfer the role, and then clickClos e
Transfer the Domain Naming Master Role

1.ClickStart, point to Administrative Tools, and then click Active Directory Domains
and Trusts.
2.Right-click Active Directory Domains and Trusts, and then click Connect to Domain
Controller.
NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already connected
to the domain controller whose role you want to transfer.
3. Do one of the following:
o
In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then clickOK.
-or-
o
In the Or, select an available domain controller list, click the domain controller
that will be the new role holder, and then clickOK.
4.In the console tree, right-click Active Directory Domains and Trusts, and then click
Operations Master.
5.ClickChange.
6.ClickOK to confirm that you want to transfer the role, and then clickClos e
Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1.ClickStart, point to Administrative Tools, and then click Active Directory Users and
Computers.
2.Right-click Active Directory Users and Computers, and then click Connect to Domain
Controller.
NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already connected
to the domain controller whose role you want to transfer.
3. Do one of the following:
o
In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then clickOK.
-or-
o
In the or, select an available domain controller list, click the domain controller
that will be the new role holder, and then clickOK.
4.In the console tree, right-click Active Directory Users and Computers, point toAll
Tasks, and then click Operations Master.
5.Click the appropriate tab for the role that you want to transfer (RID,PDC, or
Infrastructure), and then click Change.
6.ClickOK to confirm that you want to transfer the role, and then clickClos e