Windows Server 2008: Transferring FSMO Roles
Overview
This is a must read article for any system administrator who administers Microsoft Windows Servers. One of any system administrator duties would be to upgrade a current domain controller to a new hardware server. One of the crucial steps required to successfully migrate your domain controller is to be able to successfully transfer the FSMO roles to the new hardware server. FSMO stands for Flexible Single Master Operations, and in a forest, there are at least five roles. In this article, we will be showing you how to transfer the FSMO in Windows Server 2008, and in the next article, we will show you the complete steps required to successfully migrate/upgrade your domain controller to a new hardware server.
The five FSMO roles are:
- Schema Master
- Domain Naming Master
- Infrastructure Master
- Relative ID (RID) Master
- PDC Emulator
The first two roles above are forest-wide, meaning there is one of each for the entire forest. The last three are domain-wide, meaning there is one of each per domain. If there is one domain in your forest, you will have five FSMO roles. If you have three domains in your forest, there will be 11 FSMO roles.
The FSMO roles are going to be transferred, using the following three MMC snap-ins:
Active Directory Schema snap-in: Will be used to transfer the Schema Master role
Active Directory Domains and Trusts snap-in: Will be used to transfer the Domain Naming Master role
Active Directory Users and Computers snap-in: Will be used to transfer the RID Master, PDC Emulator, and Infrastructure Master roles
Note: The following steps are done on the Windows Server 2008 machine that we intend to set as the roles holder (transfer the roles to it)
Let's start transferring the FSMO roles.
Using Active Directory Schema snap-in to transfer the Schema Master role
You have to register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in
Click Start > Run
Type regsvr32 schmmgmt.dll
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/1-schmmgmt-snapin.png
Click OK
A pop-up message will confirm that schmmgmt.dll was successfully registered. Click OK
Click Start > Run, type mmc, then click OK
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/3-mmc.png
Click File > then click Add/Remove Snap-in...
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/4-file-add-snapin.png
From the left side, under Available Snap-ins, click Active Directory Schema, then click Add > and then click OK
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/5-click-add-schema.png
Right click Active Directory Schema, then click Change Active Directory Domain Controller...
From the listed Domain Controllers, click the domain controller that you want to be the schema master role holder and then click OK
You will receive a message box stating that the schema snap-in is not connected to a schema operations master. That is for sure, as we have not yet set this Windows Server 2008 domain controller as a Schema Master role holder. This will be done in the next step. Click OK
In the console tree, right-click Active Directory Schema [DomainController.DomainName], and then click Operations Master...
On the Change Schema Master page, the current schema master role holder will be displayed (ex. ELMAJ-DC.ELMAJDAL.NET) and the targeted schema holder as well (ex. ELMAJ-DC2K8.ELMAJDAL.NET). Once you click Change, the schema master holder will become
ELMAJ-DC2K8.ELMAJDAL.NET, click ChangeClick Yes to confirm the role transfer
The role will be transferred and a confirmation message will be displayed. Click OK
Then click Close, as you can see in the below snapshot, the current schema master is ELMAJ-DC2K8.ELMAJDAL.NET
Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role
Click Start > Administrative Tools > then click Active Directory Domains and Trusts
Right-click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller...
From the listed Domain Controllers, click the domain controller that you want to be the Domain Naming master role holder and then click OK
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/14-listed-dc.png
Right-click Active Directory Domains and Trusts, then click Operations Master...
On the Operations Master page, we are going to change the Domain Naming role holder from ELMAJ-DC.ELMAJDAL.NET to ELMAJ-DC2K8.ELMAJDAL.NET, Click Change
Click YES to confirm the transfer of the Domain Naming role
The role will be transferred and a confirmation message will be displayed. Click OK and, then click Close
Till now, we have successfully transferred two FSMO roles, the Schema Master role and the Domain Naming role. The last three roles can be transferred using a single Snap-in.
Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
Click Start > Administrative Tools > then click Active Directory Users and Computers
Right-click Active Directory Users and Computers, then click All Tasks > Operations Master...
You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under each of these three tabs to transfer the roles.
Click Yes to confirm the role transfer
The role will be transferred and a confirmation message will be displayed. Click OK
As for the Infrastructure role, once you click the Change button you will receive the below message
By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. If your environment is a multi-domain/forest, then you should think about structuring your FSMO roles and transfer the Infrastructure role to a none Global Catalog domain controller. Else if you have small number of domain controllers (ex. two domain controllers) then you should not worry about this. Click Yes
The Tabs should now look like this:
http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008/23-RID-PDC-Infra.png
That's it, by now, you have successfully transferred the five FSMO roles to the Windows Server 2008 Domain Controller.
Summary
There is five FSMO roles, two that are forest-wide, and three that are domain-wide. To transfer any of these roles you have to use the appropriate Active Directory snap-in. In the next article, we will be showing you the complete steps required to successfully migrate/upgrade your domain controller to a new hardware server.
Credits
This article was originally posted at ElMajdal.Net website: http://www.elmajdal.net/Win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx