You want to transfer a FSMO role to a different domain controller. This may be necessary if you need to take a current FSMO role holder down for maintenance.
18.104.22.168 Using a graphical user interface
22.214.171.124 Using a command-line interface
The following would transfer the PDC Emulator role to <NewRoleOwner>. See the discussion to see about transferring the other roles.
> ntdsutil roles conn "co t s <NewRoleOwner>" q "transfer PDC" q q
126.96.36.199 Using VBScript
' This code transfers the PDC Emulator role to the specified owner. ' See the discussion to see about transferring the other roles. ' ------ SCRIPT CONFIGURATION ------ strNewOwner = "<NewRoleOwner>" ' e.g. dc2.rallencorp.com ' ------ END CONFIGURATION --------- Set objRootDSE = GetObject("LDAP://" & strNewOwner & "/RootDSE") objRootDSE.Put "becomePDC", 1 objRootDSE.SetInfo
The first domain controller in a new forest is assigned the two forest-wide FSMO roles (schema and domain naming). The first domain controller in a new domain gets the other three domain-wide roles. It is very likely you'll need to move the roles around to different domain controllers at some point. Also, when you need to take down a domain controller that is currently a FSMO role owner, you'll want to transfer the role beforehand. If you plan to install a hotfix or do some other type of maintenance that only necessitates a quick reboot, you may not want to go to the trouble of transferring the FSMO role.
Some FSMO roles are more time critical than others. For example, the PDC Emulator role is used extensively, but the Schema Master is needed only when extending the schema. If a FSMO role owner becomes unavailable before you can transfer it, you'll need to seize the role (see Recipe 3.27).
188.8.131.52 Using a command-line interface
Any role can be transferred using ntdsutil by replacing "transfer PDC" in the solution with one of the following:
184.108.40.206 Using VBScript
FSMO roles can be transferred programmatically by setting the become<FSMORole> operational attribute on the RootDSE of the domain controller to transfer the role to. The following are the available attributes that can be set that correspond to each FSMO role:
3.26.4 See Also
Recipe 3.25 for finding FSMO role holders, Recipe 3.27 for seizing a FSMO role, MS KB 223787 (Flexible Single Master Operation Transfer and Seizure Process), MS KB 255504 (Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller), and MS KB 324801 (HOW TO: View and Transfer FSMO Roles in Windows Server 2003)