Friday, January 31, 2014

How to Check and Migrate the FSMO Owners in Microsoft Active Directory

This post will describe an easy method to determine who currently holds the FSMO roles in Windows Server.

This post will also describe how to migrate the roles by using the GUI tools for Active Directory.

Check All FSMO Roles from Powershell or from Command Prompt

My preferred method is a simple netdom command that is run from command line or from PowerShell.

The command to determine the FSMO roles in your Active Directory domain is netdom /query:fsmo

The output will look like this:


In the example above you see that the Domain Controller AZ-DC1.testlab.local holds all of the FSMO roles.

Check and Migrate RID Master, PDC, and Infrastructure Master Roles

  • From Active Directory Users and Computers (ADUC) right-click on the domain name and select Operations Masters...

  • This will bring up the Operations Masters dialog box.  
    •  If you want to migrate these roles from here, you will need to launch it from the DC that you want to hold the roles.  In our example we are launching the menu from TX-DC1 since this is the central office in our lab.
  • Select each tab for the appropriate FSMO role you would like to migrate and click the Change button to move the role to the DC listed in the lower text box.

  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.
  • Repeat for each FSMO role


Check and Migrate Domain Naming Master Role

  • Launch Active Directory Domains and Trusts
  • Right click Active Directory Domains and Trusts and select Operations Master
    • If the target DC is not the DC you are currently logged into you will need to close the Operations Master dialog box and Right Click Active Directory Domains and Trusts and select Change Active Directory Domain Controller...

    • Change Directory Server: Select the This Domain Controller or AD LDS instance radio button and double-click the DC you want to transfer the role to.
    • Now when you launch the Operations Master dialog box, you will see the correct target DC.
  • Click Change to move the operations master to the target DC
  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.

Check and Migrate the Schema Master Role

The Schema Master MMC is not available by default and must be unlocked by running the following command.
  • From command prompt or PowerShell, run regsvr32 scmmgmt.dll and click OK when it has registered successfully

  • Once the DLL is registered, you need to load the Active Directory Schema MMC 
    • From the run menu, command prompt or PowerShell type mmc to launch a blank MMC console
    • Select the File menu and click Add/Remove Snap-in
    • Double click the Active Directory Schema snap-in from the Available snap-ins menu and click OK

  • Right click Active Directory Schema and select Operations Master...

  • Click Change to move the operations master to the target DC
  • Are you sure you want to transfer the operations master role? Click Yes to transfer the role to the target DC and click OK on the successful message.

Confirm the FSMO Roles have been Migrated to the Correct DC

Re-run the command netdom /query:fsmo


You can now see that all of the FSMO roles are on the TX-DC1 domain controller.

This concludes How to Check and Migrate the FSMO Owners in Microsoft Active Directory.

I hope this was helpful and informative to you and I would appreciate any feedback you may have.


Posted by at

No comments:

Post a Comment

All comments will be reviewed before being posted. The only comments that will not be posted are those that are irrelevant and/or spam.

Subscribe to: Post Comments (Atom)