When you demoting the old Domain Controller which
holds any of Single Master Operation Roles or simply known as Flexible
Single Master Operation roles (FSMO), you may wish to
manually transfer them into another Domain Controller.
This is not necessary because during DC
decommission process, they would be transferred automatically to any other DC
within network but it’s nice to control this process.
FSMO roles should be placed in well-connected, reliable location to
prevent disruption in access to them.
There are 2 ways of transferring FSMO roles. You
can do that using graphical consoles available on a DC or any
server/workstation with Administrative Tools / Remote Server Administration
Tools installed or using command-line tool called ntdsutil.
Transferring FSMO roles using command-line tool
There are five FSMO roles. Two of them are
Forest-wide and three are Domain-wide roles. That means, the Forest-wide FSMO
roles are common for entire forest and by default are held on the first Domain
Controller within forest-root domain.
These roles are:- Schema master
- Domain Naming master
- Relative Identifier (RID) master
- PDC Emulator master
- Infrastructure master
To be able to transfer any of them, it’s necessary to use ntdsutil tool and choose a Domain Controller for them.
In this scenario, we transfer FSMO roles from the old Windows Server 2003 to the new one, based on Windows Server 2008 R2.
Important! Before you will start transferring FSMO roles, it’s good to check your forest/domain condition using: dcdiag and repadmin tools to be sure that there is no problem with replication or Domain Controller(s) functionality.
Open command-line console and type: ntdsutil
You will see command prompt. To get help you have to use ? “question mark” and press enter
ntdsutil
First of all you need to connect to Domain Controller to which you want to
transfer FSMO roles. To do that you have to type:ntdsutil: roles (enter)
fsmo maintenance: connections (enter)
server connections: connect to server
server connections: quit (enter)
fsmo maintenance:
and now you will be able to transfer FSMO roles to selected Domain Controller.
- Schema master
click “Yes” button to move role.
Role transfer confirmation
the role is transferred
Role transfer confirmation
- Domain Naming master
In 2003 server:
fsmo maintenance: transfer domain naming master (enter)
In 2008 server:
fsmo maintenance: transfer naming master (enter)
click “Yes” button to move role.
Role transfer confirmation
the role is transferred
Role transfer confirmation
- RID master
click “Yes” button to move role.
Role transfer confirmation
the role is transferred
Role transfer confirmation
- PDC Emulator master
click “Yes” button to move role.
Role transfer confirmation
the role is transferred
Role transfer confirmation
- Infrastructure master
fsmo maintenance: transfer infrastructure master (enter)
click “Yes” button to move role.
Role transfer confirmation
the role is transferred
Role transfer confirmation
fsmo maintenance: quit (enter)ntdsutil: quit (enter)
All FSMO roles have been transferred!
You need to only verify if there are in
place where you wanted to. Open command-line and type: netdom query
fsmo to check that
FSMO roles verification:
ntdsutil (enter)
ntdsutil: roles (enter)
fsmo maintenance: connections (enter)
server connections: connect to server
server connections: quit (enter)
fsmo maintenance: transfer schema master (enter)
2003 server:fsmo maintenance: transfer domain naming master (enter)
2008 server: fsmo maintenance: transfer naming master (enter)
fsmo maintenance: transfer rid master (enter)
fsmo maintenance: transfer pdc (enter)
fsmo maintenance: transfer infrastructure master (enter)
fsmo maintenance: quit (enter)
ntdsutil: quit (enter)
It’s done.
No comments:
Post a Comment