FSMO (Flexible Single Master Operations) roles are specialized domain controller tasks in a Windows Server Active Directory (AD) environment. These roles are crucial for the proper functioning of the AD infrastructure. There are five FSMO roles, divided into two categories: forest-wide and domain-wide.
While working on an Active Directory Environment you might have come across this challenge where you are required to decommission a DC or take a DC Offline, However, that DC has an FSMO Role on it. Without transferring the FSMO Role out of that Domain Controller you will not be able to bring down the Domain Controller.
In This article, we will learn How to Transfer the FSMO Role from a Domain Controller easily using Few Commands.
Follow the Below set of Commands to Transfer the FSMO Role out of one Domain Controller to another.
- Note down the Name of the DC on which you want to move the FSMO Role.
- Get Remote Access to the DC from which you want to move the FSMO Role and Run the below command:
netdom query fsmo
C:\Users\administrator.VMLABS>netdom query fsmo
Schema master sddc-dc.vmlabs.com
Domain naming master sddc-dc.vmlabs.com
PDC sddc-dc.vmlabs.com
RID pool manager sddc-dc.vmlabs.com
Infrastructure master sddc-dc.vmlabs.com
The command completed successfully.
Here we can see that all the FSMO Roles are currently residing on sddc-dc.vmlabs.com, However, we want to transfer these roles to another DC so that we can decommission this Domain Controller
Run the below command to open the ntdsutil:
C:\Users\administrator.VMLABS>ntdsutil
Type connections to establish a Server Connection.
fsmo maintenance: connections
- Connect to the DC to which you want to move the Role i.e. in my case it’s jumphost.vmlabs.com.
server connections: connect to server jumphost.vmlabs.com
Binding to jumphost.vmlabs.com ...
Connected to jumphost.vmlabs.com using credentials of locally logged-on user.
- Once the connection is established you can type quit to come out of Server Connection:
server connections: quit
- Type? To find the Exact connections that you need to run:
fsmo maintenance: ?
? - Show this help information
Connections - Connect to a specific AD DC/LDS instance
Help - Show this help information
Quit - Return to the prior menu
Seize infrastructure master - Overwrite infrastructure role on connected server
Seize naming master - Overwrite Naming Master role on connected server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master - Make connected server the infrastructure master
Transfer naming master - Make connected server the naming master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
- Type the Command above one by one to transfer the FSMO Roles:
Transfer schema masterYou will get a prompt as below:
Once done you will get the below Output:
fsmo maintenance: Transfer infrastructure master
Server "jumphost.vmlabs.com" knows about 5 roles
Schema - CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Naming Master - CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
PDC - CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
RID - CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Infrastructure - CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
fsmo maintenance: Transfer naming master
Server “jumphost.vmlabs.com” knows about 5 roles
Schema – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Naming Master – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
PDC – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
RID – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Infrastructure – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
fsmo maintenance: Transfer PDC
Server “jumphost.vmlabs.com” knows about 5 roles
Schema – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Naming Master – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
PDC – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
RID – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Infrastructure – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
fsmo maintenance: Transfer RID master
Server “jumphost.vmlabs.com” knows about 5 roles
Schema – CN=NTDS Settings,CN=SDDC-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Naming Master – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
PDC – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
RID – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Infrastructure – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
fsmo maintenance: Transfer schema master
Server “jumphost.vmlabs.com” knows about 5 roles
Schema – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Naming Master – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
PDC – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
RID – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Infrastructure – CN=NTDS Settings,CN=JUMPHOST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vmlabs,DC=com
Once done you can quit the ntdlutil.
Now making the above changes you can easily decommission the Domain Controller out of the Environment.
