Scribd
Upload
27 views

FSMO Transfer Process

This document describes the process for transferring the five Flexible Single Master Operations (FSMO) roles from an old domain controller server to a new server. The five FSMO roles are: Primary Domain Controller (PDC) Emulator, Rid Master, Infrastructure Master, Domain Naming Master, and Schema Master. The document provides step-by-step instructions for using NTDSUTIL at the command prompt to connect to the servers and transfer each FSMO role one by one. It also includes steps for changing the global catalog setting and verifying the new server is holding all five FSMO roles.

Uploaded by

Mari Kani
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views

FSMO Transfer Process

This document describes the process for transferring the five Flexible Single Master Operations (FSMO) roles from an old domain controller server to a new server. The five FSMO roles are: Primary Domain Controller (PDC) Emulator, Rid Master, Infrastructure Master, Domain Naming Master, and Schema Master. The document provides step-by-step instructions for using NTDSUTIL at the command prompt to connect to the servers and transfer each FSMO role one by one. It also includes steps for changing the global catalog setting and verifying the new server is holding all five FSMO roles.

Uploaded by

Mari Kani
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

FSMO Transfer Process 2003 SERVER

(Flexible Single Master Operations)

The Five FSMO Roles

There are just five operations where the usual multiple master model breaks
down, and the Active Directory task must only be carried out on one Domain
Controller.  FSMO roles:

1. PDC Emulator - Most famous for backwards compatibility with NT


4.0 BDC's.  However, there are two other FSMO roles which
operate even in Windows 2003 Native Domains, synchronizing the
W32Time service and creating group policies.  I admit that it is
confusing that these two jobs have little to do with PDCs and
BDCs. 

2. RID Master - Each object must have a globally unique number


(GUID).  The RID master makes sure each domain controller issues
unique numbers when you create objects such as users or
computers.  For example DC one is given RIDs 1-4999 and DC two
is given RIDs 5000 - 9999.

3. Infrastructure Master - Responsible for checking objects in other


other domains.  Universal group membership is the most important
example.  To me, it seems as though the operating system is
paranoid that, a) You are a member of a Universal Group in
another domain and b) that group has been assigned Deny
permissions.  So if the Infrastructure master could not check your
Universal Groups there could be a security breach.

4. Domain Naming Master - Ensures that each child domain has a


unique name.  How often do child domains get added to the
forest?  Not very often I suggest, so the fact that this is a FSMO
does not impact on normal domain activity.  My point is it's worth
the price to confine joining and leaving the domain operations to
one machine, and save the tiny risk of getting duplicate names or
orphaned domains.

5. Schema Master - Operations that involve expanding user


properties e.g. Exchange 2003 / forestprep which adds mailbox
properties to users.  Rather like the Domain naming master,
changing the schema is a rare event.  However if you have a team
of Schema Administrators all experimenting with object properties,
you would not want there to be a mistake which crippled your
forest.  So its a case of Microsoft know best, the Schema Master
should be a Single Master Operation and thus a FSMO role.
Go to Run Command
Type CMD and Press Enter
Type NTDSUTIL and Press Enter
(Type ? Mark for Help)
Type ROLES and Press Enter
Type ? Mark for Help
Type CONNECTIONS and Press Enter
Type ? Mark for Help
Type CONECT TO SERVER SERVERNAME(New Server name where to transfer)
and Press Enter
Type QUIT and Press Enter
Type ? Mark for Help
Type TRANSFER PDC and Press Enter and Click YES (1)
Type ? Mark for Help
Type TRANSFER RID MASTER and Press Enter and Click YES (2)
Type ? Mark for Help
Type TRANSFER INFRASTRUCTURE MASTER and Press Enter and Click YES (3)
Type ? Mark for Help
Type TRANSFER DOMAIN NAMING MASTER and Press Enter and Click YES (4)
Type ? Mark for Help
Type TRANSFER SCHEMA MASTER and Press Enter and Click Yes (5)
Type QUIT Press Enter

Type QUIT Press Enter


Now Go to Start
Click Programs and Click Administrative Tools
Click Active Directory Sites and Services
Click Sites and Click Default-first-site
Click Servers and Click OLDSERVER
Right Click NTDS SETTINGS go to Properties
Uncheck GLOBAL CATALOG and Click Apply and Click Ok
Go to New SERVER
Now Go to Start
Click Programs and Click Administrative Tools
Click Active Directory Sites and Services
Click Sites and Click Default-first-site
Click Servers and Click NEWSERVER
Right Click NTDS SETTINGS go to Properties
Check GLOBAL CATALOG and Click Apply and Click Ok

Insert 2003 CD to New Server Install SUPPORT TOOLS


Click Programs and Click Windows Support Tools Click Command Prompt
Type NETDOM QUERY FSMO Press Enter
Conform FSMO 5 Roles are Running in NEWSERVER
Then Shut down The OLDSERVER AND Conform in client side
This is the Method

You might also like