Here is one liner to move all FSMO roles from one server to another. In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the [easyazon_link identifier=”1449320023″ locale=”US” tag=”wn0d5-20″] Active Directory [/easyazon_link] installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC.
You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:
- Active Directory Schema snap-in
- Active Directory Domains and Trusts snap-in
- Active Directory Users and Computers snap-in
To transfer the FSMO role the administrator must be a member of the following group:
Schema | Schema Admins |
Domain Naming | Enterprise Admins |
RID | Domain Admins |
PDC Emulator | |
Infrastructure |
There are two forest wide roles and three domain wide roles:
Forest Wide Roles:
- Schema Master
- Domain naming master
Domain Wide Roles:
- PDC
- RID pool manager
- Infrastructure Master
Currently all FSMO roles are on: s1.company.com and we want to move them to s2.company.com due upgrade.
You can query which server has the roles in your [easyazon_link identifier=”1787289354″ locale=”US” tag=”wn0d5-20″] Active Directory [/easyazon_link] forest by:
netdom query fsmo
Transfer FSMO roles using the NTDSUtil tool
First, open the command prompt with administrative privileges.
Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server S2 and press Enter, where S2 is the server computer name that will transfer the FSMO roles to.
Type quit and press Enter.
Next, we will transfer FSMO roles one by one with the corresponding command, as the case may be. After each Enter appears a confirmation window. Just click Yes to continue.
For Schema Master, type transfer schema master and press Enter.
For RID Master, type transfer rid master and press Enter.
For Domain Naming Master, type transfer naming master and press Enter.
For PDC Emulator, type transfer pdc and press Enter.
For Infrastructure Master, type transfer infrastructure master and press Enter
After transferring the roles you are done, press quit to exit the NTDSUtil
As well you can do the same with [easyazon_link identifier=”1787126307″ locale=”US” tag=”wn0d5-20″] PowerShell [/easyazon_link]:
Import-Module ActiveDirectory Move-ADDirectoryServerOperationMasterRole -Identity “S2” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster
This is same if you use numbers for the roles:
Import-Module ActiveDirectory Move-ADDirectoryServerOperationMasterRole -Identity “S2” –OperationMasterRole 0,1,2,3,4
PDCEmulator | 0 |
RIDMaster | 1 |
InfrastructureMaster | 2 |
SchemaMaster | 3 |
DomainNamingMaster | 4 |
Both ways are fine and will accomplish the task of moving FSMO roles from domain controller to another.