Todays post will help you when transferring FSMO roles from one DC to another ?
The issue:
We wont go into what FSMO roles are, what they do etc there are plenty of resources on the net that go into that in great detail.
In this example, we want to transfer our FSMO roles from an older DC to get it ready to decommission.
The resolution:
First thing to do is to find out who has control of your roles! If you only have one DC this is an easy question to answer, but if you have more than one, you may have your roles spread across multiple servers but in our case one DC has them all and we want to move them over to a new DC.
You can identify the current owner by hopping onto any DC, running an elevated cmd prompt and typing the following:
“Netdom query fsmo”
As you can see we have 5 roles to move all together:
Schema master
Domain naming master
PDC
RID pool manager
Infrastructure master
The first thing you need to do is hop on to the server that is wanting to take over these roles, (we assume you have already build a Windows server, installed the DC role, and promoted it) and open up “Active Directory Users and Computers” and right click the “Operations Masters”
From here we can instantly change 3 of the 5 roles, RID, PDC and Infra:
Changing each role is pretty much the same, so I will show it once but you will get the same confirmations for each one:
This will show you the current owner (at the top) and as long as you are viewing this from the new DC the one you want to transfer the roles to (at the bottom)
You can go ahead and click “Change” this will give you a warning:
ans clicking yes will confirm:
Do this process for the PDC and the Infra master.
Next, we are opening “Active Directory Domains and Trusts” to do the “Domain naming master”, from here you will more than likely need to change the DC the node is pointing to as default it will point to the existing master and you wont be able to take over the role, to do this, click on “Change Active Directory Domain Controller” and select “This domain controller or AD LDS instance” and pick the new DC:
Next, right click the “Operations Masters” and do the same as the last ones (theres only one in here so should be nice and straight forward)
Finally, we need to change the schema master, this is a little less straight forward as the schema has more protection, to mess with the schema you should really know what you are doing so they hide it away a little for this reason.
You will need to open an elevated cmd prompt first of all to register the dll which will allow you access:
Type in the following and hit enter:
“regsvr32 schmmgmt.dll”
Once registered, you need to open up an elevated mmc:
and go to file, “Add/Remove Snap-in”:
Add the “Active Directory Schema” node:
Once opened, you will be familiar with this part, you once again need to change the DC the node is pointing to as default it will point to the existing master and you wont be able to take over the role, you may get the following error:
to do this, as before, click on “Change Active Directory Domain Controller” and select “This domain controller or AD LDS instance” and pick the new DC:
Next, click “Operations Masters”:
and change the role to the new DC as before:
Once you have done that you can check to make sure all of your roles have been migrated by running another elevated cmd prompt and typing:
“Netdom query fsmo”
You have successfully completed transferring FSMO roles ?
For more tips on anything to do with Migration services, or anything else, please feel free to get in touch ?
