Active Directory

Move all FSMO roles from server to another in Active Directory

Here is one liner to move all FSMO roles from one server to another. In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the [easyazon_link identifier=”1449320023″ locale=”US” tag=”wn0d5-20″] Active Directory [/easyazon_link] installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

  • Active Directory Schema snap-in
  • Active Directory Domains and Trusts snap-in
  • Active Directory Users and Computers snap-in

To transfer the FSMO role the administrator must be a member of the following group:

Schema Schema Admins
Domain Naming Enterprise Admins
RID Domain Admins
PDC Emulator
Infrastructure

There are two forest wide roles and three domain wide roles:

Forest Wide Roles:

  • Schema Master
  • Domain naming master

Domain Wide Roles:

  • PDC
  • RID pool manager
  • Infrastructure Master

Currently all FSMO roles are on: s1.company.com and we want to move them to s2.company.com due upgrade.
You can query which server has the roles in your [easyazon_link identifier=”1787289354″ locale=”US” tag=”wn0d5-20″] Active Directory [/easyazon_link] forest by:

 netdom query fsmo

Transfer FSMO roles using the NTDSUtil tool

First, open the command prompt with administrative privileges.

Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server S2 and press Enter, where S2 is the server computer name that will transfer the FSMO roles to.
Type quit and press Enter.

Next, we will transfer FSMO roles one by one with the corresponding command, as the case may be. After each Enter appears a confirmation window. Just click Yes to continue.

For Schema Master, type transfer schema master and press Enter.
For RID Master, type transfer rid master and press Enter.
For Domain Naming Master, type transfer naming master and press Enter.
For PDC Emulator, type transfer pdc and press Enter.
For Infrastructure Master, type transfer infrastructure master and press Enter

After transferring the roles you are done, press quit to exit the NTDSUtil

As well you can do the same with [easyazon_link identifier=”1787126307″ locale=”US” tag=”wn0d5-20″] PowerShell [/easyazon_link]:

Import-Module ActiveDirectory
Move-ADDirectoryServerOperationMasterRole -Identity “S2” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster

This is same if you use numbers for the roles:

Import-Module ActiveDirectory
Move-ADDirectoryServerOperationMasterRole -Identity “S2” –OperationMasterRole 0,1,2,3,4
PDCEmulator 0
RIDMaster 1
InfrastructureMaster 2
SchemaMaster 3
DomainNamingMaster 4

Both ways are fine and will accomplish the task of moving FSMO roles from domain controller to another.

Leave a Reply