How to Transfer or Seize Active Directory FSMO Roles with both way (GUI or PowerShell)

How to Transfer or Seize Active Directory FSMO Roles with both way (GUI or PowerShell)

Active directory is a directory structure used on Microsoft Windows-based servers and computers to store data and information about networks and domains. It is necessary to have a well-organized process. In this blog post, we will explore two ways to mgiration AD roles 1. using the graphical user interface (GUI) and Powershell. By understanding both approaches, administrators can choose the method that best suits their preferences and requirements.

Using GUI:

Step 1: Accessing Active Directory Users and Computers

  • Open "Active Directory Users and Computers" from the Administrative Tools menu or by running "dsa.msc" command.
  • Right-click on the domain and select "Operations Masters" to view the current role holders.

Step 2: Transferring FSMO Roles

  1. In the "Operations Masters" window, select the appropriate tab for the role you want to transfer (e.g., "RID," "PDC," or "Infrastructure").
  2. Click the "Change" button to initiate the role transfer process.
  3. Follow the prompts to select the new domain controller that will assume the role.
  4. Schema master:
  5.         Register schmmgmt.dll
    1. Click Start, and then click Run.
    2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
    3. Click OK when you receive the message that the operation succeeded.

  1. Transfer the Schema Master Role

    ·         Click Start, click Run, type mmc in the Open box, and then click OK.

    ·         On the File, menu, click Add/Remove Snap-in.

    ·         Click Add.

    ·         Click Active Directory Schema, click Add, click Close, and then click OK.

    ·         In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.

    ·         Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.

    ·         In the console tree, right-click Active Directory Schema, and then click Operations Master.

    ·         Click Change.

    ·         Click OK to confirm that you want to transfer the role, and then click Close.

    Transfer Domain Naming Master: ADDT (Active Directory Domains and Trusts)  

    Using an account that is a member of the Enterprise Admin group, log on to the DC to which you want to transfer the role.

    2. Open ADDT.

    3. Right-click on the Active Directory Domains and Trusts node and choose Operations Masters.

    4. In the Operations Masters window, you can see the DC that currently holds the Domain Naming Master role and the DC that you are logged on to.

    5. To transfer the role from the current DC to the target DC, click the Change button. When asked to confirm the action, click Yes.

Step 3: Verifying Role Transfer

  • Once the transfer is complete, verify the new role holder by refreshing the "Operations Masters" window.
  • Ensure that the new domain controller is listed as the current role holder for the transferred role.

Using PowerShell:

Step 1: Open PowerShell as Administrator

  • Launch PowerShell with administrative privileges to execute the necessary commands.

Step 2: Transfer FSMO Roles

  • To transfer the Schema Master role:

    Move-ADDirectoryServerOperationMasterRole -Identity "DestinationDC" -OperationMasterRole SchemaMaster

  • To transfer other roles (e.g., RID Master, PDC Emulator, Infrastructure Master, Domain Naming Master):

    Move-ADDirectoryServerOperationMasterRole -Identity "DestinationDC" -OperationMasterRole RIDMaster/PDCEmulator/InfrastructureMaster/DomainNamingMaster

Step 3: Verify Role Transfer

  • After executing the transfer commands, verify the role transfer by checking the role holders on the destination domain controller.
  • Use the following PowerShell command to confirm:

  • powershell
    Get-ADDomain | Select-Object InfrastructureMaster, PDCEmulator, RIDMaster, DomainNamingMaster, SchemaMaster
Share :

Add New Comment

 Your Comment has been sent successfully. Thank you!   Refresh
Error: Please try again