FSMO role transfer/migration (Must know)
Transferring or migrating a Flexible Single Master Operations (FSMO) role is not a requirement at this point. However, some of the new features in Windows Server 2012 such as cloning of virtual domain controllers, and so on, won′t be available until the PDC emulator (PDCe) role is transferred to a Windows Server 2012 Domain Controller. To take advantage of improvements in RID Master, this role must be running on Windows Server 2012 Domain Controller. The placement and optimization of FMSO roles is beyond the scope of this book. For this scenario, we will be moving all FMSO roles (Schema, Domain Naming Master, PDCe, Infrastructure Master, and RID) to a new Windows Server 2012 Domain Controller.
How to do it...
Using PowerShell:
- Log on to Windows Server 2012 and open the PowerShell window.
- In the PowerShell window enter the following cmdlet:
Move-ADDirectoryServerOperationMasterRole -Identity "DCName″ -OperationMasterRole SchemaMaster,DomainNamingMaster,PDCEmulator,RIDMaster,InfrastructureMaster - To confirm the FSMO transfer, press Y.
Using MMC:
- Log on to the Windows Server 2012 Server or Windows 8 machine and open the Active Directory User and Computers (ADUC) MMC.
- Right-click on the domain name and select Operations Masters….
- In the Operations Masters tab, click on the Change button to transfer the FMSO role to the new Windows Server 2012 Domain Controller. Repeat these steps for transferring the PDC emulator and Infrastructure Master roles.
The forest-specific role—Domain Naming Master—can be transferred using Active Directory Domains and Trust MMC.
- Log on to the Windows Server 2012 or Windows 8 machine and open the Active Directory Domains and Trust console.
- Right-click on the Active Directory Domains and Trust node and select Operations Master….
- In the Operations Master tab click on the Change button to transfer the Domain Naming Master FMSO role.
The forest-specific role—Schema Master FMSO—can be transferred using the Active Directory Schema MMC. You may need to register schmmgmt.dll using the regsvr32 schmmgmt.dll command in order to view the Active Directory Schema MMC.
- Log on to the Windows Server 2012 or Windows 8 machine and open the Active Directory Schema console.
- Right-click on the Active Directory Schema node and select Operations Master….
- In the Operations Masters tab, click on the Change button to transfer the Schema Master FMSO role.
How it works...
The Move-ADDirectoryServerOperationMasterRole PowerShell cmdlet is part of the Active Directory PowerShell module. Instead of using FSMO roles, you could use numeric values. For example, 0 for PDC emulator, 1 for RID Master, 2 for Infrastructure Master, 3 for Schema Master, and 4 for Domain Naming Maser.
There′s more...
Alternatively, the NTDSUTIL tool can be used to transfer the FSMO roles. The domain-specific roles—RID, PDC, and Infrastructure Master—can be transferred using the Active Directory User and Computer (ADUC) tool.
The FSMO roles can be verified using the Netdom Query FSMO command as shown in the following screenshot:
The following PowerShell cmdlet can also be used to verify the FMSO roles:
Get-ADDomain domain.com | Format-List PDCEmulator,RIDMaster,InfrastructureMaster Get-ADForest domain.com | Format-List SchemaMaster,DomainNamingMaster
Note
The Get-ADDomain PowerShell cmdlet is part of Active Directory PowerShell module.
