In my last article, I discussed the function of each of the 5 FSMO Roles in Active Directory. This time, I will be focussing on how to transfer these roles between Domain Controllers.
In most cases, the FSMO roles are all held by one Domain Controller in the domain, although there are particular situations in which the administrator may wish to move the roles around, be it for a performance benefit, or for redundancy. The process of moving a role from one DC to another is called transferring - which is specifically the "graceful" method of moving the role(s). There is another method of moving a role, called siezing, which should only be used in cases where the original role holder has crashed or become unusable. I will cover this in a future article.
Unfortunately, the 5 FSMO Roles are not all moved using the same tool, when using the graphical method - as I will be doing in this article. The tools that I will be using are the Active Directory Users and Computers console, the Active Directory Domains and Trusts console, and the Active Directory Schema console.
ADUC is used to move 3 of the 5 roles, so I shall start with this tool. It is opened from Administrative Tools, and should be opened using the server that will become the new role holder. Using the tree view on the left of the console, right click the domain you will be altering, and choose Operations Masters....
This tool allows you to transfer the RID Master, PDC Emulator, and Infrastructure Master roles.
The current FSMO role holder is shown in the upper box marked Operations master, and the server to which you can transfer the role to is shown in the bottom box. To transfer the role, click Change...
If you wish to change the role to a server that is not specified in the bottom box, or the same server is specified in both boxes, click Close to go back to the ADUC console, right click the domain object in the tree, and click Connect to Domain Controller..., then specify the name of the DC you wish to transfer the role to. When you open the Operations Masters tool again, the chosen DC should be shown in the bottom box.
To transfer the Domain Naming Master role, the Active Directory Domains and Trusts console is used (also located in Administrative Tools). The process is exactly the same as for the previous 3 roles.
For the Schema Master Role, however, the process is a bit more complicated. First, the Active Directory Schema console must be registered, so that we can use it. Microsoft did not include this in the Administrative Tools folder by default, so we must load the console ourself. To do this, first register the dll file - by going to Start->Run, and typing regsvr32 schmmgmt.dll.
You should then be presented with a success dialog:
Now the .dll has been registered, the schema snap-in will be available to the Microsoft Management Console. To access this, go to Start->Run and type mmc. Then go to File->Add/Remove Snap-In. Choose Add... from the diaglog box. You will now see a list of snap-ins. Choose the Active Direcory Schema snap-in, and add it to the console. Click OK a few times, to start using the schema console.
From this console, right click the Active Directory Schema object at the top of the tree on the left, and choose Change Domain Controller.... Then connect to the domain controller that you plan to transfer the role to. Once you have connected to the destination Domain Controller, right click the Active Directory Schema object again, and choose Operations Master.... The process here is exactly the same as with the other roles, simply click the change button, checking that the source and destination boxes specify the correct domain controllers.
And there you have it! Believe it or not, this is actually quite a fast process once you have done it a few times, just registering the schmmgmt.dll is a bit of a pain first time round, but you only have to do it once on a server, so it speeds up the process in the future.
Related Articles: