Transfer FSMO Roles

In this post, we describe how we easily transfer FSMO roles using the graphical user interface. All 5 Active Directory FSMO roles are covered. For more information on FSMO roles see https://support.microsoft.com/en-ca/help/197132/active-directory-fsmo-roles-in-windows.

First, a couple of prerequisites before we can transfer FSMO roles:

  • Your machine must have Remote Server Administration Tools (RSAT) installed. Alternatively, you can perform the steps on any domain controller.
  • The Active Directory Schema snap-in must be available on your machine. To register its dll, open command prompt and run regsvr32 schmmgmt.dll.

Best Practices for dividing up FSMO holders:

Place the following FSMO roles on one domain controller:

  • PDC
  • RID Pool Manager
  • Infrastructure Master

Place the following FSMO roles on another domain controller:

  • Schema Master
  • Domain Naming Master

How to Transfer FSMO Roles using GUI

1. Open the MMC console. To open the MMC console, click Start, type mmc.exe and press enter.

Easily transfer FSMO roles - 1

2. In the MMC console, click File and then select Add/Remove Snap-in (or just press Ctrl+M).

Easily transfer FSMO roles - 2

a. Select Active Directory Domains and Trusts and click Add.

Easily transfer FSMO roles - 3

b. Select Active Directory Schema and click Add.

Easily transfer FSMO roles - 4

c. Select Active Directory Users and Computers and click Add.

Easily transfer FSMO roles - 5

3. At this point we should have all 3 snap-ins in the Selected snap-ins window on the right. Once verified click OK.

Easily transfer FSMO roles - 6

4. The PDC, RID pool manager and Infrastructure master roles are changed via Active Directory Users and Computers.

a. Right-click the Active Directory Users and Computers snap-in and select Change Active Domain Controller.

Easily transfer FSMO roles - 7

b. Select the domain controller you want to change the FSMO role(s) to and click OK. In this example we select dc1 to change the FSMO role(s) to dc1.

Easily transfer FSMO roles - 8

c. Right-click the Active Directory Users and Computers snap-in and select Operations Master.

Easily transfer FSMO roles - 9

d. Select an appropriate FSMO role tab and click Change. You can select from RID, PDC, and Infrastructure.

Easily transfer FSMO roles - 10

e. Click Yes.

Easily transfer FSMO roles - 11

f. Click OK.

Easily transfer FSMO roles - 12

5. The Domain naming master role can be transferred via Active Directory Domains and Trusts whereas the Schema master role can be transferred via Active Directory Schema. Use the following procedure to change either of these FSMO roles.

Note: if the Active Directory Schema snap-in is not available, run regsvr32 schmmgmt.dll via command prompt to register its dll and then try adding it again.

a. Right-click the snap-in and then select Change Active Directory Domain Controller.

Easily transfer FSMO roles - 13

c. Select the domain controller you want to change the FSMO role to and click OK. In this example we select dc1 to change the FSMO roles to dc1.

Easily transfer FSMO roles - 14

d. Right-click the snap-in and select Operations Master.

Easily transfer FSMO roles - 15

e. Click Change to transfer the role from the current FSMO role holder to the new one.

Easily transfer FSMO roles - 16

f. Select Yes to confirm.

Easily transfer FSMO roles - 17

g. Click OK.

Easily transfer FSMO roles - 18

 

6. Launch a command prompt and verify the results using the command netdom /query fsmo.

Easily transfer FSMO roles - netdom query fsmo

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *