Skip to main content

πŸ“˜ Transferring FSMO Roles to Another Domain Controller

FSMO (Flexible Single Master Operations) roles are critical for Active Directory functionality. This guide shows how to transfer all FSMO roles to a new Domain Controller (HQ-DC01) using both GUI and PowerShell.

πŸ“Œ FSMO Roles Overview

  • Schema Master
  • Domain Naming Master
  • PDC Emulator
  • RID Master
  • Infrastructure Master

πŸ”§ Method 1: Transfer FSMO Roles via PowerShell

  1. Open PowerShell as Administrator on any DC.
  2. Run the following command to transfer all FSMO roles to HQ-DC01:
Import-Module ActiveDirectory
Move-ADDirectoryServerOperationMasterRole -Identity "HQ-DC01" -OperationMasterRole 0,1,2,3,4 -Confirm:$false

This command transfers all five roles at once:

  • 0 – PDC Emulator
  • 1 – RID Master
  • 2 – Infrastructure Master
  • 3 – Schema Master
  • 4 – Domain Naming Master

βœ… Verify the Transfer

Get-ADForest | Select-Object SchemaMaster, DomainNamingMaster
Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster

πŸ–₯️ Method 2: Transfer FSMO Roles via GUI

1. Transfer RID, PDC, Infrastructure Master

  1. Open Active Directory Users and Computers (dsa.msc)
  2. Right-click the domain β†’ click Operations Masters
  3. Go through the RID, PDC, and Infrastructure tabs
  4. Click Change on each tab to transfer the role to HQ-DC01

2. Transfer Domain Naming Master

  1. Open Active Directory Domains and Trusts (domain.msc)
  2. Right-click Active Directory Domains and Trusts at the top left
  3. Select Operations Master
  4. Click Change

3. Transfer Schema Master

  1. Run the following to register the Schema snap-in:
regsvr32 schmmgmt.dll
  1. Run mmc β†’ Add Snap-in β†’ Active Directory Schema
  2. Right-click Active Directory Schema β†’ Change Active Directory Domain Controller…
  3. Select HQ-DC01
  4. Then right-click again β†’ Operations Master β†’ Click Change

πŸ“„ Notes

  • You must be a Domain Admin and a Schema Admin to transfer all roles.
  • The Schema Master snap-in only connects to DCs that are writable and have a replica of the schema.
  • If a DC is unreachable, roles must be seized rather than transferred.

βœ… Final Tip

Use netdom query fsmo to check current FSMO role holders at any time.

netdom query fsmo
No Comments
Back to top