Windows Server Active Directory Domain Services uses a multimaster replication model, under which any single server can take over directory functionality, and every full domain controller has a read/write copy of directory objects (except for Read-Only Domain Controllers, which hold a read-only copy). However, there a few big exceptions to this, in which certain forestwide and domainwide functionalities need to be held by a single domain controller in the forest and in each domain. These exceptions are the Operation Master (OM) roles, also known as FSMO (Flexible Single Master Operations) roles. There are five OM roles – shown below:
- Schema master (Scope : Forest)
- Domain naming master (Scope : Forest)
- Infrastructure master (Scope : Domain)
- RID master (Scope : Domain)
- PDC emulator (Scope : Domain)
If the server(s) which hold the OM roles are not directly upgraded to Windows Server 2008 R2 but instead are to be retired, those OM roles will need to be moved over to another server. The optimal tool for such a move is the NTDSUTIL command-line utility.
The below steps demonstrate how to use NTDSUTIL to move forestwide OM roles (schema master and domain naming master) over to one Windows Server 2008 R2 domain controller:
- Open the command prompt on the Windows Server 2008 R2 domain controller (Start, type cmd, and hit Enter).
- Type ntdsutil and hit Enter. The prompt will then display “ntdsutil:”.
- Type roles and hit Enter. The prompt will then display “fsmo maintenance:”.
- Type connections and hit Enter. The prompt will then display “server connections:”.
- Type connect to server [servername], with [servername] as the name of the target Windows Server 2008 R2 domain controller which will hold the OM roles, and then hit Enter.
- Type quit and hit Enter. The prompt will then display “fsmo maintenance:”.
- Type transfer schema master and hitEnter.
- Click Yes at the prompt requesting confirmation of the OM change. The display will then show the location for all five FSMO roles after the operation.
- Type transfer naming master and hit Enter.
- Click Yes to confirm the OM change at the prompt.
- Type quit and hit Enter, then type quit and hit Enter once more to exit NTDSUTIL.
- Type exit to exit the Command Prompt .
The forestwide FSMO roles will now be on a single Windows Server 2008 R2 domain controller. Next, the domainwide FSMO roles (infrastructure master, PDC emulator, and RID master) need to be moved over for each domain to a domain controller within that domain: