ActiveDirectory

Option to transfer forest FSMO roles not available in GUI MMC

Option to transfer forest FSMO roles not available in GUI MMC
Brandon LeeMay 22, 2013Last Updated: May 22, 2013
2 minutes read
fsmorole_noGUI
fsmorole_noGUI

Transferring roles from one DC to another DC is a common practice, especially if you may have recently provisioned another domain controller in your environment and are shifting roles around to either provide better performance, or perhaps take down another DC to upgrade to a new server OS. ย The roles are generally a very easy thing to shift around. ย There are five Active Directory roles that are held by domain controllers in a Microsoft AD environment.

Forest Wide Roles

  • Schema Master
  • Domain Naming Master

Domain Wide Roles

  • PDC Emulator Master
  • RID Pool Master
  • Infrastructure Master

Generally to transfer the above roles, you simply login to theย destination serverย which is key. ย You must be on theย target server to transfer the roles. ย Using the noted tools below, you simply transfer the roles:

  • Schema Master – transferred using the Schema Management MMC
  • Domain Naming Master – transfering using theย Domains and Trusts MMC
  • PDC Emulator – transferred usingย Active Dirctory Users and Computers
  • RID Master –ย transferred usingย Active Dirctory Users and Computers
  • Infrastructure Master –ย transferred usingย Active Dirctory Users and Computers

However, I have seen in a couple of cases that when you go to transfer the schema master or the domain naming master from one DC to another, the option is not available to do so. ย In this case, we can bypass the limitations of the GUI tools provided to manage the roles in favor of theย ntdsutil utility which can be a lifesaver in many situations as it gives you the ability to do things that you wouldn’t otherwise be able to do with the GUI MMC consoles.

Transfer roles using ntdsutil

  • Make sure to login as a user that is a member of the Enterprise Admins group
  • Open a command prompt and typeย ntdsutil
  • typeย rolesย and pressย ENTER
  • typeย connectionsย and pressย ENTER
  • typeย connect to %yourservernamegoeshere%ย and pressย ENTERย where the servername is the DC where you want to transfer the roleย to
  • At theย server connectionsย prompt then typeย qย and pressย ENTER
  • typeย transfer roleย where role is the role that you want to transfer. ย For a list of the roles typeย ?ย at theย fsmo maintenanceย prompt
  • typeย qย to exit the prompt andย qย again to quit NTDSUTIL

 

 

Brandon LeeMay 22, 2013Last Updated: May 22, 2013
2 minutes read

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

adrepl1

Active Directory Replication Time Intervals

June 12, 2013
After enforcement the EventIDs are now errors instead of warnings

Domain Controller PacRequestorEnforcement Registry Key – Enable Audit and Enforcement

February 7, 2022
RSATfeat

How to Install Remote Server Administration Tools Windows 7

June 4, 2012
AD Replication Status Tool Open Source Alternative

AD Replication Status Tool New Open Source Alternative

June 28, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com