definition and transfer of fsmo roles

definition and transfer of fsmo roles

24 November 2019 0 By angelusadeuszabulus

Presentation FSMO roles

“Flexible Single Master Operation”.
There are 5 Flexible Single Master Operation roles, two roles are unique in the forest, and the other three roles are unique in a domain.
A domain controller may have one or more FSMO roles.
To view the FSMO roles, the following command must be run on a domain controller.
netdom query fsmo

Master of attribution of domain names

The operation master is unique within the forest, and is the only one authorized to distribute domain names to domain controllers when creating a new domain.

Schema Controller

The schema designates the structure of the Active Directory, it is unique in the forest, it manages the Active Directory schema that contains all the objects that can be created and the attributes. He is the only one who can modify the schema.

RID Master

It distributes an RID pool to each domain controller to ensure that each SID issued by a DC will be unique

PDC Emulator

It is unique within the domain, it is responsible for the synchronization of the time between the different servers and computers and the modification of the passwords as well as the locking of the accounts.

Master infrastructure

It is unique within the domain, its role is to manage inter-domain references.

Transfer

You may need to transfer roles from one controller to another. There are two methods:
Method 1: Which remains the most common it requires that all the controllers are available.
Method 2: Use if you want to transfer a role from an offline controller.

Method 1

Open a command window in “Administrator” mode and enter the following command:

 

1
Ntdsutil

 

To enter maintenance mode FSMO roles enter:

 

1
Roles

 

Enter the following commands to connect to the server that will receive the role (s):

 

1
2
3
4
5
connections

connect to server ServerName

q

 

To make the transfer (s) enter:

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Master of attribution

transfer naming master

# Schema controller

transfer schema master

# RID Master

transfer RID master

# PDC Emulator

transfer pdc

# Master infrastructure

transfer infrastructure master

 

You will have to confirm your action.

Quit ntdsutil by entering q.

 

 

Method 2

Open a command window in “Administrator” mode and enter the following command:

 

1
Ntdsutil

 

To enter maintenance mode FSMO roles enter:

 

1
Roles

 

To connect to the server that will receive the role (s) enter the following commands:

 

1
2
3
4
5
connections

connect to server nom_du_dc

q

 

To make the transfer (s):

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Master of attribution

seize naming master

# Schema controller

seize schema master

# RID Master

seize RID master

# PDC Emulator

seize pdc

# Master infrastructure

seize infrastructure master

 

You will have to confirm your action.
Quit ntdsutil by entering q.