How to transfer FSMO roles in GUI and Powershell

FSMO roles are very important for your Active Directory. They guarantee the integrity of your directory.

Among your domain controllers, only 1 will have to host the FSMO roles, it will be called the primary domain controller.

In this tutorial we show you how to transfer fsmo roles with the graphical interface but also in Powershell (or command prompt)

When to migrate FSMO roles?

When you change your servers you will surely need transfer roles to your new domain controller server. Indeed, if a server is deleted or if it must disappear, the FSMO roles must be transferred.

Special attention concerns SBS servers (it’s dated). Indeed it is necessary to be sure that the server can be decommissioned before transferring the roles.

example FSMO roles
Here are for example 3 roles FSMO RID, CDP and Infrastructure

Migrating FSMO roles

To find out the server that hosts the FSMO roles, you can enter this command on a domain controller server.

netdom query fsmo

You should get the following output:

FSMO role example
The command returns me the domain controller corresponding to the 5 FSMO roles.

With the graphical interface


Connect to your new domain controller and you have to open the Active Directory console.

Right at the top of the domain, right-click then operations master:

master of active directory operations

Now we are going to modify RID, CDP and Infrastructure roles by clicking on “modify” for each tab:

modify rid cdp infrasctructure
You have to perform the operation for each tab.

Well done, you have just migrated 3 out of 5 FSMO roles!

Migrate the Active Directory Schema role

To migrate the Active Directory Schema role, you must first add a dll to add the graphical interface.

You must perform the WINDOWS + R combination and enter the following command to add the Active Directory Schema console

regsvr32 schmmgmt.dll

dll schema active directory

A message confirms the success of the installation.

add dll
The Dll is added successfully

Now we are going to open the MMC console by doing the Windows + R key combination and entering MMC

mmc console

Next we need to add schema active directory:

MMC console

mmc schema active directory
add the active directory schema and click OK

We will then right-click on the active directory schema then operations master:

master operation diagram

Then click on modify to modify the domain controller that will host the role:

change controller diagram

Well done, you have transferred the Active Directory Schema role or the 4th FSMO role.

Transfer the Domain and Trust FSMO role

There remains a final role to transfer that of domain and approval

To do this, you must open the Domain and Approval console accessible in administration tools

active directory domains and approvals

As for the other FSMO roles, right click then “Operations master”

transfer of areas and operations master approvals

Click on modify to transfer the FSMO role to your new controller.


The last FSMO role is transferred

We can also transfer FSMO roles from command line through Powershell or Command Prompt. It’s faster and easier!

Transfer FSMO roles to PowerShell or Command Prompt

The advantage of this solution is to quickly transfer roles:

You have to open a Powershell invites as administrator on your new domain controller:

Then enter the following command:

Move-ADDirectoryServerOperationMasterRole -Identity "NomDeVotreServeurControleur" -OperationMasterRole 0,1,2,3,4 -Force

The -force allows to transfer the role even if the main controller is offline or malfunctions!

Well done your roles are transferred to the command line

You can verify that your domain controller is hosting FSMO roles with the command

netdom query fsmo

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker