September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
3.26. Transferring a FSMO Role
Problem
You want to transfer a FSMO role to a different domain controller. This may be necessary if you need to take a current FSMO role holder down for maintenance.
Solution
Using a graphical user interface
Use the same directions as described in Recipe 3.25 for viewing a specific FSMO, except target (i.e., right-click and select Connect to Domain Controller) the domain controller you want to transfer the FSMO to before selecting Operations Master.
Click the Change button.
Click OK twice.
You should then see a message stating whether the transfer was successful.
Using a command-line interface
The following would transfer the PDC Emulator role to
<NewRoleOwner>. See the discussion
to see about transferring the other roles.
> ntdsutil roles conn "co t s <NewRoleOwner>" q "transfer PDC" q qUsing VBScript
' This code transfers the PDC Emulator role to the specified owner.
' See the discussion to see about transferring the other roles.
' ------ SCRIPT CONFIGURATION ------
strNewOwner = "<NewRoleOwner>" ' e.g. dc2.rallencorp.com
' ------ END CONFIGURATION ---------
Set objRootDSE = GetObject("LDAP://" & strNewOwner & "/RootDSE")
objRootDSE.Put "becomePDC", 1
objRootDSE.SetInfoDiscussion
The first domain controller in a new forest is assigned the two forest-wide FSMO roles (schema and domain naming). The first domain controller in a new domain gets the other three domain-wide roles. It is very likely you’ll need to move the roles around to different domain controllers ...