Transferring FSMO Roles to Another Active Directory Controller

IT

Transferring FSMO Roles to Another Active Directory Controller

With virtualization continuing to grow into the small and medium business marketplace, it is now affordable for many IT administrators to implement many common best practices such as having a minimum of two domain controllers. Virtualization also has many transitioning/upgrading to operating much easier. 

When considering doing an upgrade for Active Directory for small to medium businesses, in many cases all five Flexible Single Master Operation (FSMO) roles can be held on one domain controller. In cases where an old primary domain controller will be decommissioned, it becomes imperative that a new primary is assigned for these roles. This article describe how to transfer all five FSMO roles from the Windows GUI to a Windows 2012R2 Active Directory Controller.

This article is the third segment of a series of articles:

  1. Creating a Windows 2012 or 2012R2 Domain Controller
  2. Promoting a Windows 2012R2 Server Domain Controller
  3. Transferring FSMO Roles to a New Domain Controller
  4. Decommissioning a Windows 2003 or Windows 2008 Domain Controller

How to Transfer FSMO Roles

To transfer FSMO roles via the Windows GUI, you will need access to the following three Active Directory snap-ins:

  • Active Directory Schema (Schema Master Role) Note: The snap-in is not enabled by default. Instructions provided below.
  • Active Directory Domains and Trusts (Domain Naming Master Role)
  • Active Directory Users and Computers (RID, PDC and Infrastructure Roles)

Enabling Active Directory Schema Snap-In

To enable the Active Directory Schema Snap-In, open up a command prompt and select Run as administrator.

Run as Administrator

In the command prompt, type in regsvr32 schmmgmt.dll.

A window will pop up displaying DllRegisterServer in schmmgmt.dll succeeded.

Regsvr32 schmmgmt.dll

Accessing Snap-ins and Microsoft Management Console

The easiest way to gain access to all three Active Directory Snap-ins is to go through the Microsoft Management Console. In most cases, I log onto the server which I want to house all the roles so the Snap-in’s will automatically connect to the local machine. To do this, type in mmc in the run command.

MMC

Once MMC has opened up, the necessary Snap-ins can be added.

Note: the Active Directory Schema does not appear under administrative tools by default and must be accessed through MMC.

By default, the snap-in will authenticate to whatever server it has been opened from. If you are already on the new domain controller, see the screenshots below on where to right click to be able to modify the Operations Master via the GUI. Otherwise, you will need to select Change Active Directory Domain Controller and type in the new domain controller. 

Operations Master

Active Directory Domains and Trusts

Active Directory Users and Computers

Although each Operations Master window displays different text, each one will show the “Current Operations Master” and will also display something similar to “To transfer the X master role to the targeted FSMO folder, click Change.”

Operations Master RID

Once change has been clicked, a confirmation should appearing showing the “New Operations Master.”

New Operations Master

Once the new Operations Master has been confirmed, the same process can be repeated for the other remaining four FSMO roles.

Once all FSMO roles have been transferred off the 2003 and 2008 servers, the older severs can now be removed off the domain (Note: this assuming that your domain controller is not running any other functions such as DHCP). To do this, the servers will need to be properly decommissioned. http://www.interworks.com/blogs/ijahanshahi/2014/02/03/decommissioning-windows-2003-or-windows-2008-domain-controller 

 

Resources Used:

Install the Active Directory Schema Snap-In: http://technet.microsoft.com/en-us/library/cc732110.aspx. Accessed Oct. 1, 2013.

More About the Author

Ideen Jahanshahi

Solutions Architect
Veeam NAS Backup: Integrating with Dell EMC Isilon Those of us who have been in the backup realm a long time remember when Veeam Backup and Replication (Veeam B&R) was one of the top ...
The InterWorks Approach to Great Consulting: Part 3 If you’ve been following along, you know that this blog miniseries is all about dissecting the shared traits that some of my most ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072