Transferring FSMO roles from command-line

 

When you demoting the old Domain Controller which holds any of Single Master Operation Roles or simply known as Flexible Single Master Operation roles (FSMO), you may wish to manually transfer them into another Domain Controller.

This is not necessary because during DC decommission process, they would be transferred automatically to any other DC within network but it’s nice to control this process.

 FSMO roles should be placed in well-connected, reliable location to prevent disruption in access to them.

There are 2 ways of transferring FSMO roles. You can do that using graphical consoles available on a DC or any server/workstation with Administrative Tools / Remote Server Administration Tools installed or using command-line tool called ntdsutil.

 Transferring FSMO roles using command-line tool

There are five FSMO roles. Two of them are Forest-wide and three are Domain-wide roles. That means, the Forest-wide FSMO roles are common for entire forest and by default are held on the first Domain Controller within forest-root domain.

These roles are:

  • Schema master
  • Domain Naming master

other three Domain-wide roles are:

  • Relative Identifier (RID) master
  • PDC Emulator master
  • Infrastructure master

and they are separate for each domain within the forest.

To be able to transfer any of them, it’s necessary to use ntdsutil tool and choose a Domain Controller for them.

In this scenario, we transfer FSMO roles from the old Windows Server 2003 to the new one, based on Windows Server 2008 R2.

Important! Before you will start transferring FSMO roles, it’s good to check your forest/domain condition using: dcdiag and repadmin tools to be sure that there is no problem with replication or Domain Controller(s) functionality.

Open command-line console and type: ntdsutil

You will see command prompt. To get help you have to use ? “question mark” and press enter

ntdsutil

First of all you need to connect to Domain Controller to which you want to transfer FSMO roles. To do that you have to type:

ntdsutil: roles (enter)

fsmo maintenance: connections (enter)

server connections: connect to server <DC-Name> (enter)

server connections: quit (enter)

fsmo maintenance:

and now you will be able to transfer FSMO roles to selected Domain Controller.

  • Schema master

fsmo maintenance: transfer schema master (enter)

click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

  • Domain Naming master

To transfer Domain Naming master, you need to know small syntax difference between ntdsutil in 2003 and 2008.

In 2003 server:

fsmo maintenance: transfer domain naming master (enter)

In 2008 server:

fsmo maintenance: transfer naming master (enter)

click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

  •  RID master

fsmo maintenance: transfer rid master (enter)

click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

  • PDC Emulator master

fsmo maintenance: transfer pdc (enter)

click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

  • Infrastructure master

Important! In multi-domain environment where not all Domain Controllers are Global Catalogs, Infrastructure master has to be placed on a non-Global Catalog Domain Controller to prevent conflicts between them.

fsmo maintenance: transfer infrastructure master (enter)

click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

fsmo maintenance: quit (enter)

ntdsutil: quit (enter)

All FSMO roles have been transferred!

 You need to only verify if there are in place where you wanted to. Open command-line and type: netdom query fsmo to check that

FSMO roles verification

To summarize ntdsutil commands:

ntdsutil (enter)

ntdsutil: roles (enter)

fsmo maintenance: connections (enter)

server connections: connect to server <DC-Name> (enter)

server connections: quit (enter)

fsmo maintenance: transfer schema master (enter)

2003 server:fsmo maintenance: transfer domain naming master (enter)

2008 server: fsmo maintenance: transfer naming master (enter)

fsmo maintenance: transfer rid master (enter)

fsmo maintenance: transfer pdc (enter)

fsmo maintenance: transfer infrastructure master (enter)

fsmo maintenance: quit (enter)

ntdsutil: quit (enter)

If you wish, you may also check the article about Transferring FSMO roles with PowerShell

It’s done.

Author: Krzysztof Pytko

Facebooktwittergoogle_plusredditpinterestlinkedinmail

12 responses to “Transferring FSMO roles from command-line”

  1. BadLand says :

    very good manual.
    thx.

     
  2. amit malik says :

    gr8.. thanks a lot

     
  3. sudheer says :

    thanks allot

     
  4. Raj84 says :

    thanks for your valuable notes

     
  5. Pablo says :

    Kr… jak zawsze świetnie napisane 😉 ale to google mnie tu sprowadziło 😀

     
  6. Pablo says :

    Pewnie dopiszesz jeszcze manual do PS bo jest bardzo wygodny.
    Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_Name” –OperationMasterRole 0,1,2,3,4 -Force
    i właściwie pozamiatane

     
    • iSiek says :

      Tak, jest to oczywiscie w planach, jak tylko odkopie sie ze wszystkich zaleglych tamatow, ktore chce umiescic na blogu 🙂

      Dziekuje za komentarz!

       
  7. Thomas says :

    thanks for your valuable notes

     

Leave a Reply

Your email address will not be published. Required fields are marked *