Transferring Your FSMO Roles

FSMO Roles KB ID 0000240

Problem

Note: This article is still valid, but this procedure can now be done simply with PowerShell.

Windows Server – Locating, Transferring, and Seizing FSMO Roles

If you are replacing a domain controller, or simply taking one offline for a while, you might want to transfer its FSMO roles to another Domain Controller.

There are 5 FSMO roles which are,

· Schema master – Forest-wide and one per forest. · Domain naming master – Forest-wide and one per forest. · RID master – Domain-specific and one for each domain. · PDC Emulator is domain-specific and one for each domain. · Infrastructure master – Domain-specific and one for each domain.

FSMO Roles Solution

Traditionally we either “Seized” or “Transferred” the FSMO roles from command line using the ntdsutil tool like THIS. But you can transfer the roles with the normal graphical consoles you have.

To see what FSMO roles are where,

Locate your FSMO Role Servers

Moving the RID Master, PDC Emulator, and Infrastructure Master FSMO Roles

See: Windows Server – Locating, Transferring, and Seizing FSMO Roles

1. Start > Administrative tools > Active Directory Users and Computers.

2. Right click the domain > Operations Masters > Select each Tab in turn > Change > Yes > Repeat for the other two tabs.

Moving the Domain Naming Master

1. Start > Administrative tools > Active Directory Domains and Trusts.

2. Right click the top level entry > Operations Master > Change > Yes.

Moving the Schema Master.

1. In the Search/Run box type regsvr32 schmmgmt.dll {enter} > It should say that it succeeded.

2. Now in the Search/Run box type mmc {enter} > A Microsoft Management Console will open > File > Add/Remove Snap-in.

3. Select the “Active Directory Schema” Snap-in > Add.

4. By default you will connect to the Schema Master, you need to be connected to the server you are on, Expand the “Active Directory Schema” > Right click it > Select “Change Active Directory Domain Controller” > Select the NEW one > OK.

5. Now Right click again > Operations Masters > Change > Yes.

If you only have 1 domain in the forest everything goes in that one domain. If not….

Forest Root Domain gets the Domain Naming Master, and the Schema Master roles.

Each Domain gets The PDC Emulator, Infrastructure Master and RID Master roles.

Though not an FSMO role each logon location should have a Global Catalogue server

(Note: Yes you can cache logon requests and have Read only domain controllers now but in an ideal world I still place a GC at each site)

Placement

1. Do not put the Infrastructure Master on a Global Catalogue Server (see below for how to see if a domain controller is a global Catalogue server).

2. The PDC Emulator and RID Master should be on the same Server, If possible NOT on a Global Catalogue Server (though not essential).

3. The Schema Master and Domain Naming Master should be on the same machine that IS a Global Catalogue Server. (This is not true if your forest functional level is Windows Server 2003).

To check if a domain controller is also a global catalogue server

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.

3. Open the Servers folder, and then click the domain controller.

4. In the domain controller’s folder, double-click NTDS Settings.

5. On the Action menu, click Properties.

6. On the General tab, locate the Global Catalogue check box to see if it is selected.

 

Related Articles, References, Credits, or External Links

NA