15.19. Transferring or Seizing a FSMO Role

Problem

You want to transfer a FSMO role to a different domain controller. This is necessary if you need to take a current FSMO role holder down for maintenance. If a current FSMO role holder is unavailable, you'll need to seize the role on another domain controller.

Solution

Using a graphical user interface

  1. Use the same directions as described in Recipe 15.18 for viewing a specific FSMO, except target (i.e., right-click and select Connect to Domain Controller) the domain controller you want to transfer the FSMO to before selecting Operations Master.

  2. Click the Change button.

  3. Click OK twice.

  4. You should then see a message stating whether the transfer was successful.

Using a command-line interface

The following transfers the PDC Emulator role to <NewRoleOwner>. See the discussion for more about transferring the other roles:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "transfer PDC" q q

The following seizes the PDC Emulator role to run on <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Using VBScript

' This code transfers the PDC Emulator role to the specified owner. 
' See the discussion to see about transferring the other roles.
' ------ SCRIPT CONFIGURATION ------
strNewOwner = "<NewRoleOwner>"  ' e.g., dc2.rallencorp.com
' ------ END CONFIGURATION ---------
Set objRootDSE = GetObject("LDAP://" & strNewOwner & "/RootDSE")
objRootDSE.Put "becomePDC", 1
objRootDSE.SetInfo

Seizing a FSMO role is typically not something ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.