Patrick Domingues

How to transfer the 5 FSMO (Flexible Single Master Operations) roles and GUI tools that can be used to move these roles between Active Directory Domain Controllers.

• Schema Master – controls all updates and modifications to the Active Directory schema.
  This role can transferred using Active Directory Schema snap-in.
  If Active Directory Schema snap-in is not available you need to register required DLL using following command: regsvr32 schmmgmt.dll. On Windows Server 2008 and later this needs to be done in an elevated command prompt.
• Domain Naming Master – controls the addition or removal of domains in the forest.
  This role can transferred using Active Directory Domains and Trusts snap-in.
   
• Infrastructure Master – responsible for updating references from objects in its domain to objects in other domains.
  This role can transferred using Active Directory Users and Computers snap-in.
• Relative ID (RID) Master – responsible for processing RID pool requests from all domain controllers in a particular domain.
  This role can transferred using Active Directory Users and Computers snap-in.
• PDC Emulator – advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows.
  This role can transferred using Active Directory Users and Computers snap-in.

All roles can also be transferred using Ntdsutil.exe command-line utility.

To quickly check which server is running which FSMO roles run: netdom query fsmo

• Tackling Shadow IT: The Unseen Network Security Risk
• How to Spot and Report Cybercrime Effectively
• IT Management Strategies For Startups
• 3 Common Mistakes in IT Operations You Can’t Afford to Make
• How Generative AI Impacts Email Security