In today’s article, we will see how to transfer one or more FSMO roles from one Domain Controller to another. This can be done in a variety of ways, but we will focus more on using the graphical user interface (GUI), PowerShell and NTDSUtil.
To proceed with the transfer of FSMO roles, we consider that DCs that already have a role are active in our infrastructure. Otherwise, if a DC holding a FSMO role is no longer online and operational, then we use the seize method instead of simple transfer.
Before you move a role, you need to know where the FSMO roles are in the Domain Controllers.
Transfer FSMO roles using the GUI
To transfer domain-specific FSMO roles, ie RID Master, Infrastructure Master and PDC Emulator, follow the steps below.
Open the Active Directory Users and Computers console, right-click the domain and then in Operations Masters. Here, each tab displays the three FSMO roles.
To transfer one of the three FSMO roles to another DC, click Change and confirm your action.
To transfer the forest-specific FSMO Domain Naming Master role, follow these steps.
Open the Active Directory Domain and Trusts console, right-click the icon and then Operations Masters. If you are not already connected to the DC you are about to transfer the role, then you can do so by clicking Change Active Directory Domain Controller in the same menu.
In the same way, you will see who is the current role holder and by clicking the Change button you can transfer the role to another DC.
To transfer the forest-specific FSMO Schema Master role, follow the steps below.
First, in a command-line window with administrator rights, type the following command to register the AD Schema snap-in.
regsvr32 schmmgmt.dll
Then, open an MMC console (for example, pressing mmc on the Search or Run), and from the File – Add / Remove Snap-in menu, add the Active Directory Schema console.
Here, right click on the icon and then in Operations Masters. You will need to be connected to the corresponding DC you are going to transfer the role you can do through the Change Active Directory Domain Controller option in the menu.
As before, by clicking the Change button you can move the Schema Master role to another DC.
Transfer FSMO roles using PowerShell
Transferring FSMO roles through PowerShell is a much easier and faster process without unnecessary clicks.
You can transfer one or more FSMO roles to a DC using the following command. For example, to transfer the PDC Emulator.
Move-ADDirectoryServerOperationMasterRole -Identity <TargerDC> -OperationMasterRole pdcemulator
On the -OperationMasterRole switch you can declare one or more FSMO roles separated by a comma (,). So you can transfer all 5 roles with just one command.
For example.
-OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster
After pressing Enter you will be prompted to confirm the transfer action.
Finally, you can confirm that the roles were transferred using the corresponding PowerShell commands.
Transfer FSMO roles using the NTDSUtil tool
First, open the command prompt with administrative privileges.
Type ntdsutil and press Enter.
Type roles and press Enter.
Type connections and press Enter.
Type connect to server DC01 and press Enter, where DC01 is the server computer name that will transfer the FSMO roles to.
Type quit and press Enter.
Next, we will transfer FSMO roles one by one with the corresponding command, as the case may be. After each Enter appears a confirmation window. Just click Yes to continue.
For Schema Master, type transfer schema master and press Enter.
For RID Master, type transfer rid master and press Enter.
For Domain Naming Master, type transfer naming master and press Enter.
For PDC Emulator, type transfer pdc and press Enter.
For Infrastructure Master, type transfer infrastructure master and press Enter.
After transferring the roles you want, press quit to exit the NTDSUtil environment.
