Active Directory Domain Services (AD DS)
Lesson 5
Lesson 5
transferring fsmo roles
By Sai Kurada
September 08, 2023
Transferring Flexible Single Master Operations (FSMO) roles in Active Directory involves moving the responsibility for a specific role from one domain controller to another. This process is typically done when you need to decommission a domain controller, perform maintenance, or for other administrative reasons.
Here are the steps to transfer FSMO roles:
Transferring FSMO Roles using GUI (Active Directory Users and Computers):
Open Active Directory Users and Computers:
Transferring FSMO Roles using PowerShell:
You can use PowerShell cmdlets to transfer FSMO roles. Open PowerShell with administrative privileges and use the following cmdlets:
# Transfer RID Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole RIDMaster
# Transfer PDC Emulator
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole PDCEmulator
# Transfer Infrastructure Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole InfrastructureMaster
# Transfer Schema Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole SchemaMaster
# Transfer Domain Naming Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole DomainNamingMaster
Remember to replace <NewDC> with the name of the domain controller you're transferring the role to.
Note:
Transferring FSMO Roles using GUI (Active Directory Users and Computers):
Open Active Directory Users and Computers:
- Click on the Windows icon, search for "Active Directory Users and Computers," and open it.
- Right-click on the domain and select "Connect to Domain Controller."
- Choose the domain controller to which you want to transfer the roles.
- Right-click on the domain and select "Operations Masters."
- In the "Operations Masters" dialog box, go to the "RID" tab and click the "Change" button to transfer the RID Master role.
- Go to the "PDC" tab and click the "Change" button to transfer the PDC Emulator role.
- Go to the "Infrastructure" tab and click the "Change" button to transfer the Infrastructure Master role.
- Open the "Active Directory Schema" snap-in (requires additional steps to install).
- Right-click on the "Active Directory Schema" node and select "Operations Masters."
- In the "Operations Masters" dialog box, you can transfer both the Schema Master and Domain Naming Master roles.
Transferring FSMO Roles using PowerShell:
You can use PowerShell cmdlets to transfer FSMO roles. Open PowerShell with administrative privileges and use the following cmdlets:
# Transfer RID Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole RIDMaster
# Transfer PDC Emulator
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole PDCEmulator
# Transfer Infrastructure Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole InfrastructureMaster
# Transfer Schema Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole SchemaMaster
# Transfer Domain Naming Master
Move-ADDirectoryServerOperationMasterRole -Identity <NewDC> -OperationMasterRole DomainNamingMaster
Remember to replace <NewDC> with the name of the domain controller you're transferring the role to.
Note:
- After transferring a role, it's a good practice to wait for some time and verify that the change has been replicated across all domain controllers.
- Ensure that the target domain controller is reachable and functioning properly before initiating the transfer.
- If you're decommissioning a domain controller, remember to gracefully demote it after the role transfer. Use the dcpromo command to initiate the demotion process.
Previous
Understanding FSMO Roles