FSMO roles are very important for your Active Directory. They guarantee the integrity of your directory.
Among your domain controllers, only 1 will have to host the FSMO roles, it will be called the primary domain controller.
In this tutorial we show you how to transfer fsmo roles with the graphical interface but also in Powershell (or command prompt)
When to migrate FSMO roles?
When you change your servers you will surely need transfer roles to your new domain controller server. Indeed, if a server is deleted or if it must disappear, the FSMO roles must be transferred.
Special attention concerns SBS servers (it’s dated). Indeed it is necessary to be sure that the server can be decommissioned before transferring the roles.
Migrating FSMO roles
To find out the server that hosts the FSMO roles, you can enter this command on a domain controller server.
netdom query fsmo
You should get the following output:
With the graphical interface
Migrate RID, CDP, INFRASTRUCTURE
Connect to your new domain controller and you have to open the Active Directory console.
Right at the top of the domain, right-click then operations master:
Now we are going to modify RID, CDP and Infrastructure roles by clicking on “modify” for each tab:
Migrate the Active Directory Schema role
To migrate the Active Directory Schema role, you must first add a dll to add the graphical interface.
You must perform the WINDOWS + R combination and enter the following command to add the Active Directory Schema console
A message confirms the success of the installation.
Now we are going to open the MMC console by doing the Windows + R key combination and entering MMC
Next we need to add schema active directory:
We will then right-click on the active directory schema then operations master:
Then click on modify to modify the domain controller that will host the role:
Transfer the Domain and Trust FSMO role
There remains a final role to transfer that of domain and approval
To do this, you must open the Domain and Approval console accessible in administration tools
As for the other FSMO roles, right click then “Operations master”
Click on modify to transfer the FSMO role to your new controller.
We can also transfer FSMO roles from command line through Powershell or Command Prompt. It’s faster and easier!
Transfer FSMO roles to PowerShell or Command Prompt
The advantage of this solution is to quickly transfer roles:
You have to open a Powershell invites as administrator on your new domain controller:
Then enter the following command:
Move-ADDirectoryServerOperationMasterRole -Identity "NomDeVotreServeurControleur" -OperationMasterRole 0,1,2,3,4 -Force
The -force allows to transfer the role even if the main controller is offline or malfunctions!
You can verify that your domain controller is hosting FSMO roles with the command
netdom query fsmo