Transferring all FSMO roles
Here we will explain how to transfer all FSMO roles, Primary Domain controller to Additional Domain controller.
Active Directory has five FSMO roles, two of which are “Enterprise Level” and the rest three are “Domain Level”
Enterprise Level or Forest-wide role
Schema master
Domain Naming Master
Domain Level or Domain-wide role
RID Master
PDC Emulator
Infrastructure Master.
Brief Introduction of all FSMO Roles
Schema Master Role
The Schema Master is an enterprise-level FSMO role, there is only one Schema Master in an Active Directory Forest. Any update or modification done to the Schema must go via the Schema master domain controller. To make such updates or modifications to the Schema of a forest, access to Schema master is a must.
Domain naming Master
In a single Active Directory forest, there is only one Domain Naming Master. The Domain Naming master roles are checked to know any domain name is copying in Forest and no other are copying.
For Example- If the xyz.com domain name existing in any forest that another person can’t create the same domain name in the Same Forest.
RID (Relative Identifier) Master role
RID master is a Domain-level role, there is one RID master in each domain in an Active Directory Forest. RID master is responsible for the uniqueness of objects.
RID = Domain name + SID
The RID Master role is responsible for allocating active and standby Relative Identifier (RID) pools to Domain Controllers in its domain. RID pools consist of a unique and contiguous range of RIDs. These RIDs are used during object creation to generate the new object’s unique Security identifier (SID).
Note: – “RID Master role gives a unique number to all data and connecting by these number”
PDC (Primary Domain Controller) Emulator role
PDC Emulator is the most important role for any domain. There is one PDCE in each domain in an Active Directory Forest.
The Primary Domain Controller PDC roles are responsible for several responsibilities
1 – Password Synchronization.
2 – Time Synchronization.
3 – Group policies updates.
4 – Distributed file systems
5 – Backword Compatibility
Infrastructure Master Role
The infrastructure master role is a domain-level role, there is one Infrastructure Master in each domain in an Active Directory Forest. Infrastructure Master Role is responsible for updating group membership and another reference of an object from one domain to another domain, its owner is the domain controller in each domain that is responsible for managing phantom objects.
Configuration of our Primary and Additional Server
In this case, we have two Windows servers 2016 one of the PDC and the second is ADC (Additional Domain Controller) backup of PDC.
PDC (Primary Domain Controller) Configuration
Name – DC1
Domain name – deepak.com
IP address – 192.168.10.1
ADC (Backup of PDC) Configuration
Name – DC3
Domain name – deepak.com
IP address – 192.168.10.2
Showing all operation master in PDC (Primary Domain Controller) Command – netdom query fsmo
Here we see that all FSMO roles are in DC1.deepak.com. It is showing all five roles in PDC (Primary Domain Controller).
And also shown here that our DC1 machine is primary.
After verification, all components like five FSMO roles on DC1 and DC1 are also primary server PDC.
Additional Domain Controller Verification
This is the backup domain controller
We also ensure that on the DC3 machine side all five FSMO roles exist on DC1.deepak.com.
And on the DC3 machine, we show all FSMO roles on DC1.deepak.com
Transfer all five roles on Additional domain controller using Ntdsutil tools
First, open the command prompt with administrator privileges.
Type ntdsutil and press Enter.
Type roles and press Enter.
Type Connections and press Enter.
Type connect to server DC3 and press Enter, where DC3 is the server computer name that will transfer the FSMO roles.
Here we type ntdsutil command after those type roles to connects all roles. After connection roles, we are required to connect our ADC server to type Connections and connect to server DC3 where we transfer all roles. When we press enter all roles are on display.
Now transfer roles to DC3 (ADC)
fsmo maintenance: Transfer RID master
fsmo maintenance: Transfer PDC
fsmo maintenance: Transfer infrastructure master
fsmo maintenance: Transfer schema master
fsmo maintenance: Transfer naming master
After all these steps follow, we transfer all FSMO roles on the DC3 (ADC) machine.
Go DC3 machine and open PowerShell and type netdom query fsmo
Notice that all FSMO roles are successfully transferred on the DC3 machine and you also verify that you ADC make PDC via command net accounts.
In this Blog, we successfully transfer all FSMO roles in the Additional Domain Controller, and now our backup server converts to Primary Server, and our primary server converts into a Backup server.
Now we know that what exactly FSMO roles and how it is transferred in ADC server. It is a very simple and easy way to solve the roles transfer problem. Hope this blog post has been helpful and has helped you save you the headache and precious time by foretelling the issue one could face.
Zindagi Technologies is one of the leading companies that can transform your business with their services like Data Center Services, Network Design and Implementation, Software Development, Managed Services, and many more depending upon your need. We are ready to help you in the implementation and the complete process. Our engineers are the best and will keep you updated with your work at all times. So why the delay, let us have a small talk about your business? You can call us at +919773973971 and get in touch with us.
Author
Deepak Kumar
Linux and Server Administrator
