FSMO ROLES in ACTIVE DIRECTORY

In this blog post, I will list the five FSMO roles in any Active Directory environment. FSMO stands for Flexible Single Master Operations. The roles are as follows:

  • Schema = forest wide, one per forest
  • Domain Naming = forest wide, one per forest
  • RID = Domain-specific, one per domain
  • PDC Emulator = domain-specific, one per domain
  • Infrastructure = domain-specific, one per domain

Transferring roles: Sometimes you will need to transfer the FSMO roles from one server to another server (in the event that the source server needs to be upgraded or replaced). The following process shows you how to perform the transfer.

Commands to query and transfer FSMO:

The following command shows you which server currently holds the FSMO roles:

netdom query fsmo

  • To transfer schema role: regsvr32 schmmgmt.dll to register. Then use mmc /a to add Active Directory Schema, then use snapin to transfer the role.
  • To transfer Domain Naming: Under Active Directory Domain & Trust
  • To transfer RID, PDC, Infrastructure: Under Active Directory Users and Computers

Transferring roles using ntdsutil.exe (command line tool)

Open the command prompt utility, type ntdsutil.exe and press Enter. Type the following series of commands to transfer (or seize) the roles:

  • roles
  • connections
  • connect to server NEWDC (new server to be transferred to)
  • q
  • transfer schema master, transfer RID master, transfer PDC, transfer Infrastructure master, transfer Domain Naming master
  • q (quit ntdsutil.exe)
  • In the above, instead of transfer, you can type seize: for example, seize rid master, etc… The seizing process is needed if the source server failed and is unrecoverable.