Scribd
Upload
106 views6 pages

Transferring FSMO Roles From Command-Line

The document details how to transfer FSMO roles from one domain controller to another using the ntdsutil command line tool. It lists the five FSMO roles and provides the ntdsutil commands to connect to a domain controller and transfer each role, confirming the transfer for each. It recommends checking domain conditions before transferring and verifying the roles were transferred correctly after.

Uploaded by

Nguyễn Văn Cường
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
106 views6 pages

Transferring FSMO Roles From Command-Line

The document details how to transfer FSMO roles from one domain controller to another using the ntdsutil command line tool. It lists the five FSMO roles and provides the ntdsutil commands to connect to a domain controller and transfer each role, confirming the transfer for each. It recommends checking domain conditions before transferring and verifying the roles were transferred correctly after.

Uploaded by

Nguyễn Văn Cường
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Transferring FSMO roles from command-line

When you demoting the old Domain Controller which holds any of Single Master Operation Roles or
simply known as Flexible Single Master Operation roles (FSMO), you may wish to manually transfer
them into another Domain Controller.
This is not necessary because during DC decommission process, they would be transferred
automatically to any other DC within network but it’s nice to control this process.

FSMO roles should be placed in well-connected, reliable location to prevent disruption in access to
them.

There are 2 ways of transferring FSMO roles. You can do that using graphical consoles available on
a DC or any server/workstation with Administrative Tools / Remote Server Administration Tools
installed or using command-line tool called ntdsutil.
Transferring FSMO roles using command-line tool
There are five FSMO roles. Two of them are Forest-wide and three are Domain-wide roles. That
means, the Forest-wide FSMO roles are common for entire forest and by default are held on the first
Domain Controller within forest-root domain.

These roles are:

• Schema master
• Domain Naming master
other three Domain-wide roles are:

• Relative Identifier (RID) master


• PDC Emulator master
• Infrastructure master
and they are separate for each domain within the forest.

To be able to transfer any of them, it’s necessary to use ntdsutil tool and choose a Domain
Controller for them.
In this scenario, we transfer FSMO roles from the old Windows Server 2003 to the new one, based
on Windows Server 2008 R2.
Important! Before you will start transferring FSMO roles, it’s good to check your forest/domain
condition using: dcdiag and repadmin tools to be sure that there is no problem with replication or
Domain Controller(s) functionality.
Open command-line console and type: ntdsutil
You will see command prompt. To get help you have to use ? “question mark” and press enter

ntdsutil

First of all you need to connect to Domain Controller to which you want to transfer FSMO roles. To
do that you have to type:

ntdsutil: roles (enter)


fsmo maintenance: connections (enter)
server connections: connect to server <DC-Name> (enter)
server connections: quit (enter)
fsmo maintenance:
and now you will be able to transfer FSMO roles to selected Domain Controller.

• Schema master
fsmo maintenance: transfer schema master (enter)
click “Yes” button to move role.

Role transfer confirmation

the role is transferred


Role transfer confirmation

• Domain Naming master


To transfer Domain Naming master, you need to know small syntax difference between ntdsutil in
2003 and 2008.

In 2003 server:

fsmo maintenance: transfer domain naming master (enter)


In 2008 server:

fsmo maintenance: transfer naming master (enter)


click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation


• RID master
fsmo maintenance: transfer rid master (enter)
click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

• PDC Emulator master


fsmo maintenance: transfer pdc (enter)
click “Yes” button to move role.

Role transfer confirmation

the role is transferred


Role transfer confirmation

• Infrastructure master
Important! In multi-domain environment where not all Domain Controllers are Global Catalogs,
Infrastructure master has to be placed on a non-Global Catalog Domain Controller to prevent
conflicts between them.
fsmo maintenance: transfer infrastructure master (enter)
click “Yes” button to move role.

Role transfer confirmation

the role is transferred

Role transfer confirmation

fsmo maintenance: quit (enter)


ntdsutil: quit (enter)
All FSMO roles have been transferred!

You need to only verify if there are in place where you wanted to. Open command-line and
type: netdom query fsmo to check that
FSMO roles verification

To summarize ntdsutil commands:


ntdsutil (enter)
ntdsutil: roles (enter)
fsmo maintenance: connections (enter)
server connections: connect to server <DC-Name> (enter)
server connections: quit (enter)
fsmo maintenance: transfer schema master (enter)
2003 server:fsmo maintenance: transfer domain naming master (enter)
2008 server: fsmo maintenance: transfer naming master (enter)
fsmo maintenance: transfer rid master (enter)
fsmo maintenance: transfer pdc (enter)
fsmo maintenance: transfer infrastructure master (enter)
fsmo maintenance: quit (enter)
ntdsutil: quit (enter)

You might also like