Scribd
Upload
15 views

Transferring FSMO Roles From GUI

Uploaded by

build.test456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Transferring FSMO Roles From GUI

Uploaded by

build.test456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Transferring FSMO roles from GUI

When you demoting the old Domain Controller which holds any of Single Master Operation
Roles or simply known as Flexible Single Master Operation roles (FSMO), you may wish to
manually transfer them into another Domain Controller.

This is not necessary because during DC decommission process, they would be transferred
automatically to any other DC within network but it’s nice to control this process.

FSMO roles should be placed in well-connected, reliable location to prevent disruption in access
to them.

There are 2 ways of transferring FSMO roles. You can do that using graphical consoles available
on a DC or any server/workstation with Administrative Tools / Remote Server Administration
Tools installed or using command-line tool called ntdsutil.

Transferring FSMO roles using GUI consoles

There are five FSMO roles. Two of them are Forest-wide and three are Domain-wide roles. That
means, the Forest-wide FSMO roles are common for entire forest and by default are held on the
first Domain Controller within forest-root domain.

These roles are:

 Schema master
 Domain Naming master

other three Domain-wide roles are:

 Relative Identifier master (RID)


 PDC Emulator master
 Infrastructure master

and they are separate for each domain within the forest.

To be able to transfer any of them, it’s necessary to use appropriate console(s) and choose a
Domain Controller for them.

In this scenario, we transfer FSMO roles from the old Windows Server 2003 to the new one,
based on Windows Server 2008 R2.
Important! Before you will start transferring FSMO roles, it’s good to check your forest/domain
condition using: dcdiag and repadmin tools to be sure that there is no problem with replication
or Domain Controller(s) functionality.

 Schema Master

This role can be transferred using Active Directory Schema snap-in. It’s possible only, when you
register appropriate library within a system. By default AD Schema snap-in is not available in OS.

To do that, you need to run in command-line on a DC or a system with Administrative Tools /


Remote Server Administration Tools installed this syntax

regsvr32 schmmgmt.dll

Registration Active Directory Schema snap-in

When snap-in is registered, we can add it into MMC console. Open run box and type mmc to
open empty console.

Running MMC
then add “Active Directory Schema” from menu “File -> Add/Remove snap-in”

Active Directory Schema snap-in

Now, we can select Domain Controller to which we want to transfer this role. Click right mouse
button (RMB) on “Active Directory Schema” node and choose “Change Active Directory Domain
Controller”. From the list select target Domain Controller for Schema Master role.

Choosing Domain Controller

You will be informed that you cannot do any schema changes on a DC which is not a Schema
Master owner. Don’t worry, you won’t be modifying any schema object, we will change Schema
owner only.
Warning

We are now connected to a DC to which we want to transfer Schema Master role. To finalize this
operation click once again “Active Directory Schema” node by RMB and choose “Operations
Master”. You will see two fields. The first is pointing to actual FSMO holder and the second
shows to which the role can be transferred. Click on “Change” button

Schema master

confirm that you are sure you want to change Operation Master owner

Role transfer confirmation


and you will get information that it’s transferred

Role transfer information

Schema master changed

Close MMC console without saving changes.

 Domain Naming Master

This role can be transferred using “Active Directory Domains and Trusts” console. It’s available
on any DC or server/workstation with Administrative Tools / Remote Server Administrative Tools
installed. Run the console and click RMB on “Active Directory Domains and Trusts”, choose
“Change Active Directory Domain Controller” and select from the list this one to which you want
to move role.
Domain Controller selection

Now, click root node once again, and choose “Operations Master” then click on “Change” button

Domain Naming master

confirm that you want to transfer role


Role transfer confirmation

Role transfer information

Close “Active Directory Domains and Trusts” console.

 RID, PDC Emulator and Infrastructure Masters

These Domain-wide roles can be moved to another Domain Controller from common console. To
do that, you need to run “Active Directory Users and Computers” console.

Click root node and choose “Change Domain Controller”, select appropriate target DC.
Domain Controller selection

Select domain within console for which you want to transfer roles and choose “Operations
Master”. You will see a windows with three tabs:

 RID master
 PDC master
 Infrastructure master

On each of them you can move role to selected Domain Controller.

Select each tab separately and transfer particular roles to target DC(s).

Important! In multi-domain environment where not all Domain Controllers are Global Catalogs,
Infrastructure master has to be placed on a non-Global Catalog Domain Controller to prevent
conflicts between them.

 RID master
Relative Identifier (RID) master

confirm role transfer

Role transfer confirmation

a window with information will appear


Role transfer information

 PDC Emulator master

PDC Emulator master

confirm role transfer


Role transfer confirmation

a window with information will appear

Role transfer information

 Infrastructure master
Infrastructure master

confirm role transfer

Role transfer confirmation

a window with information will appear


Role transfer information

All of FSMO roles have been transferred!

It’s time to verify if all of them are in place where we wanted to. The most simple way is review
each console and check “Operations Master” or use netdom a command-line tool. The last one
method is very fast and shows output in one window.

Open command-line and type: netdom query fsmo

FSMO roles verification

If you wish, you may also check the article about Transferring FSMO roles with PowerShell

You might also like