How to view and transfer FSMO roles

This article describes how to view and transfer FSMO roles.

Original KB number: 324801

Summary

This article describes how to transfer Flexible Single Master Operations (FSMO) roles (also known as operations master roles) by using the Active Directory snap-in tools in Microsoft Management Console (MMC).

FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

• Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
• Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
• Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

• All domain controllers in the domain are Global Catalogs.
• The forest is configured to use the Recycle Bin.

The IM role should still always be set to a valid domain controller to avoid errors being reported in monitoring systems.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:
Active Directory Schema snap-in
Active Directory Domains and Trusts snap-in
Active Directory Users and Computers snap-in
If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe utility.

For additional information about how to use the Ntdsutil.exe utility to seize FSMO roles, click the article number below to view the article in the Microsoft Knowledge Base:

255504 Using Ntdsutil.exe to Seize or Transfer the FSMO Roles to a Domain

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.

Register Schmmgmt.dll

1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role

1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu, click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the Domain Naming Master Role

1. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

Note You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

• In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
  -or-
• In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

Note You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

• In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
  -or-
• In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

References

For more information, see:

• Active Directory FSMO roles in Windows
• FSMO placement and optimization on Active Directory domain controllers
• Flexible Single Master Operation Transfer and Seizure Process
• HOW TO: Use Ntdsutil to find and clean up duplicate security identifiers
• Troubleshoot DNS Event ID 4013 (The DNS server was unable to load AD integrated DNS zones)
• DCPROMO demotion fails if unable to contact the DNS infrastructure master
• FSMO Roles
• Perform initial recovery
• AD Forest Recovery - Seizing an operations master role
• Clean up server metadata using the command line
• Planning Operations Master Role Placement
• Move-ADDirectoryServerOperationMasterRole