<

How to Transfer FSMO Roles

Published on
3,676 Points
576 Views
1 Endorsement
Last Modified:
Shaun Hardneck
Passionate and Experienced IT Professional with experience in Microsoft Exchange Messaging and Office 365 solutions.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval

How to Transfer FSMO Roles


In this quick and short but powerful post, I will look how to transfer FSMO roles from one server to another. I will be doing this using CMD as well as PowerShell.


To get start CMD needs to be run as Administrator and the following cmdlet can be used.


Ntdsutil.exe



Then type: Roles and press ENTER



From the FSMO Maintenance Menu type?, to view the list of available commands

Now let’s go ahead and transfer the Roles to TCLDC02, in order to do that we need to connect to TCLDC02 by typing the following.


Connections

Then type: Connect to Server TCLDC02

before we start the transfer process we need to go back to the prevoise menu and then can be done by typing the following.

Type: Q and press ENTER

To start the transfer process, type the following


Type: Transfer Schema master

select “Yes” on the pop up box to move the role.


The remaining roles are:

-Infrastructure Master

-Naming Master

-PDC

-RID Master




To view the current FSMO role holder, type the following in CMD.


NETDOM /Query FSMO and press ENTER

As we can see the “Schema Master” role has been move to TCLDC02.



Now let’s look at how we can do the same using Windows PowerShell.


To transfer all 5 roles to another domain controller the following can be run.


Move-ADDirectoryServerOperationMasterRole -Identity “TCLDC01” –OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster



All 5 Roles has been transferred to TCLDC02, but let’s verify that TCLDC02 holds all the roles now.

To verify this type the following in CMD.


NETDOM /Query FSMO



You can also move individual roles to a different domain controller using PowerShell.

The following list details the role number for each of the five FSMO roles.

PDC Emulator – 0

RID Master – 1

Infrastructure Master – 2

Schema Master – 3

Domain Naming Master – 4

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_Name” –OperationMasterRole 0,1,2,3,4

seize the roles using the –Force parameter.

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name” –OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster -Force

Of course, could have used the short version

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_Name” –OperationMasterRole 0,1,2,3,4 -force


#ThatLazyAdmin

1
Comment
2 Comments
LVL 28

Expert Comment

by:Tom Cieslik
Very useful information but I don't get it one thing:

Move-ADDirectoryServerOperationMasterRole -Identity “TCLDC01”
- -identity is a TARGET server right ? So this is a server where role will be transfered to.

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name”

So if yes, then why you checking other server if all roles were moved

All 5 Roles has been transferred to TCLDC02

Or maybe I don't get it.
0
LVL 20

Expert Comment

by:Brian
@Tom - It looks like the PowerShell screenshots are incorrect. Using the get-help Move-ADDirectoryServerOperationMasterRole command it clearly states "The Identity parameter specifies the directory server that receives the roles." In the screenshot above it should have shown TCLDC02.
0

Featured Post

Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

Join & Write a Comment

This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month