Skip to main content

How to transfer FSMO roles in Active Directory? We did add another Domain Controller to existing domain, and now like to transfer FSMO roles to the new server. In this article, you will learn how to transfer FSMO roles to another DC with PowerShell and GUI.

How many FSMO roles

There are five FSMO roles, as listed in the table below:

FSMO role Value
PDCEmulator (one per domain) 0
RIDMaster (one per domain) 1
InfrastructureMaster (one per domain) 2
SchemaMaster (one per forest) 3
DomainNamingMaster (one per forest) 4

Why transfer FSMO roles

Here is a list of why you must transfer FSMO roles:

  1. Demote a Domain Controller
  2. Change IP addresses on a Domain Controller
  3. Take Domain Controller offline for maintenance
  4. Upgrade Operating System
  5. Performance issues

Let’s look at how to transfer FSMO roles in Active Directory with PowerShell and the GUI.

Transfer FSMO roles with PowerShell

Go through the below steps to list the FSMO roles first. After that, move the FSMO roles independently or move all the FSMO roles with a single command in PowerShell. Both options work excellently.

Get FSMO roles with PowerShell

Run the Get-ADDomain cmdlet to get the RID masterPDC emulator, and Infrastructure master roles.

Get-ADDomain | fl PDCEmulator,RIDMaster,InfrastructureMaster

The output appears.

PDCEmulator          : DC01-2019.exoip.local
RIDMaster            : DC01-2019.exoip.local
InfrastructureMaster : DC01-2019.exoip.local

Run the Get-ADForest cmdlet to get the Schema master and Domain naming master roles.

Get-ADForest | fl SchemaMaster,DomainNamingMaster

The output appears.

SchemaMaster       : DC01-2019.exoip.local
DomainNamingMaster : DC01-2019.exoip.local

PDCEmulator (value 0)

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole PDCEmulator -Confirm:$false

RIDMaster (value 1)

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole RIDMaster -Confirm:$false

InfrastructureMaster (value 2)

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole InfrastructureMaster -Confirm:$false

SchemaMaster (value 3)

Note: Your account needs to be a member of the Schema admins group. If it isn’t, an error appears after running the below command. After adding the account to the Schema admins group, you have to sign off and sign back in again to have the changes take effect.

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole SchemaMaster -Confirm:$false

DomainNamingMaster (value 4)

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole DomainNamingMaster -Confirm:$false

Option 2: Transfer FSMO roles with single PowerShell command

Run one of the below commands to move the FSMO roles with a single PowerShell command.

Note: Your account needs to be a member of the Schema admins group. If it isn’t, an error appears after running the below command. After adding the account to the Schema admins group, you have to sign off and sign back in again to have the changes take effect.

Move all FSMO roles by name value.

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster -Confirm:$false

Move all FSMO roles by digits value.

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole 0,1,2,3,4 -Confirm:$false

Transfer FSMO roles with GUI

To transfer the FSMO roles with GUI, follow these steps:

1. Start Active Directory Users and Computers.

2. Right-click on the domain and click on Operations Master.

Transfer FSMO roles in Active Directory Users and Computers operations master

3. Select each tab to see which Domain Controller holds the FSMO roles. Click on Change to move the FSMO roles:

  • RID master
  • PDC emulator
  • Infrastructure master
Transfer FSMO roles in Active Directory RID/PDC/Infrastructure

4. Start Command Prompt as administrator.

5. Type the command regsvr32 schmmgmt.dll and press Enter.

6. A message appears that DllRegisterServer in schmmgmt.dll succeeded. Press OK.

Note: You must register the Active Directory schema MMC snap-in to make it available in the MMC snap-in list.

Transfer FSMO roles in Active Directory schmmgmt.dll

7. Click the start button, search for Run and click on it.

Start run desktop app

8. Type in mmc.exe and click OK.

Open mmc.exe

9. Click File and select Add/Remove Snap-in.

Add/Remove Snap-in

10. Click on Active Directory Schema, select Add, and click OK.

Transfer FSMO roles in Active Directory add Active Directory Schema snap-in

11. Click on Active Directory Schema to load the configuration.

12. Right-click Active Directory Schema and click on Operations Master.

Transfer FSMO roles in Active Directory Schema operations master

13. The Domain Controller that holds the Schema master role will appear. Click on Change to move the FSMO role.

Transfer FSMO roles in Active Directory domain naming master

14. Start Active Directory Domains and Trusts.

15. Right-click on Active Directory Domains and Trusts and click on Operations Master.

Transfer FSMO roles in Active Directory Domains and Trusts operations master

16. The Domain Controller that holds the Domain naming master role will appear. Click on Change to move the FSMO role.

Transfer FSMO roles in Active Directory domain naming master

Seize FSMO roles

When a Domain Controller crashes, or there are hardware failures, and you can’t bring it online anymore, you cannot transfer the FSMO roles with the above steps.

To seize the FSMO roles from an offline Domain Controller, you must use the -Force parameter.

Move-ADDirectoryServerOperationMasterRole "DC02-2019" -OperationMasterRole 0,1,2,3,4 -Force -Confirm:$false

That’s it! Did this help you to transfer FSMO roles to another DC?

Leave a Reply