Overview
Here is a section from my dear friend Ben Finkel’s upcoming text – MCSA 70-742 Cert Guide: Identity with Windows Server 2016
Remember, if you need a refresher on the FSMO roles, see my post here.
Transferring and Seizing Operations Master Roles
The Flexible Single Master Operations (FSMO) roles described earlier in this blog are important pieces for a functioning AD DS deployment. Occasionally you may need to transfer the role from one DC to another. For example, if a controller is being retired or shutdown you will want to transfer the role to another DC prior to that. If the need arises to move these roles from their current DC, there are different management tools required for each role. The following summarizes the tools:
- RID: Active Directory Users and Computers
- PDC: Active Directory Users and Computers
- Infrastructure Master: Active Directory Users and Computers
- Domain Naming Master: Active Directory Domains and Trusts
- Schema Master: Active Directory Schema Snap-In
To change the RID, PDC, or Infrastructure Master role you need to “seize” it from the current master:
- Log onto the domain controller that you wish to host the role.
- Start Server Manager from either the Start Menu or the Taskbar.
- From the navigation menu on the left choose AD DS.
- Right-click your server in the contents pane and click Active Directory Users and Computers. NOTE: This ensures you are launching Active Directory Users and Computers on the domain controller you want to transfer the role to.
- Right-click the domain in the left-hand pane and select Operations Masters…
- On the Operations Masters dialog, choose the tab for the role you wish to seize (RID, PDC, and Infrastructure are available).
- Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
- Click Yes to confirm.
- Once the transfer is complete click OK.
To change the Domain Naming Master you need to “seize” it from the current master:
- Log onto the domain controller that you wish to host the role.
- Start Server Manager from either the Start Menu or the Taskbar.
- From the navigation menu choose AD DS.
- Right-click the server and click Active Directory Domains and Trusts.
- Right-click the Active Directory Domains and Trusts in the left-hand pane and select Operations Masters… (Note: Right-click on the top-level node that reads Active Directory Domains and Trusts, not on the domain itself).
- Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
- Click Yes to confirm.
- Once the transfer is complete click OK.
To change the Schema Master you will first need to activate the Schema snap-in:
- Log onto the domain controller that you wish to host the role.
- Open a command prompt.
- Type regsvr32 schmmgmt.dll and press Enter.
- Click OK on the success dialog.
- At the command prompt type mmc.exe and press Enter.
- The MMC window will launch. Click File then select Add/Remove Snap-in…
- Select the Active Directory Schema snap-in from the list of Available snap-ins on the left then click Add >
- Click OK.
- On the MMC window click to select the Active Directory Schema snap-in. Two folders, classes and attributes, should show up on the right.
- Right-click the Active Directory Schema and select Operations Master… (Note: You might need to right click and choose
- first to ensure you are configuring the correct DC)
- Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
- Click Yes to confirm.
- Once the transfer is complete click OK.