Posted by: Raj Perumal
Active Directory, FSMO, FSMO Roles, IT consultant, Microsoft Windows, ntdsutil, seize FSMO roles, seize roles, transfer FSMO roles, transfer roles
It is important to note that when removing an old domain controller from the environment that holds the FSMO roles and bringing in a new DC, that you transfer the FSMO roles. Unfortunately I have run into many a person who haven’t even heard of them before. The FSMO roles are the 5 major roles in Active Directory that need to be hosted by an Active Directory domain controller. It is very important that you transfer these roles during this process otherwise Active Directory functionality will cease to function.
I have seen many a network administrator think they have somehow botched their Active Directory installation of a new DC and then started fresh because they didn’t know they had to transfer the FSMO roles.
If a domain controller dies on you (for example the hardware fails), and you don’t have a way to transfer the roles, than you can “seize” the roles using the same utility. This utility is called “NTDSUTIL” and is used to either transfer or seize roles in Active Directory. It is a command line utility you can use on a domain controller.
The five roles in question are:
- Domain naming master
- Infrastructure master
- Relative ID (RID) Master
- PDC Emulator
- Schema Master
You can read more about these roles here: http://support.microsoft.com/kb/197132
You can transfer them using the instructions here: http://support.microsoft.com/kb/255504
Finally, understanding FSMO roles and how they affect Active Directory can help you to solve many an Active Directory related problem.