How to Move Active Directory FSMO Roles to a New Domain Controller

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome to the channel my name is Alex Hubbard I'm a Senior Systems Administrator with over 15 years of experience in the IT industry today we're gonna talk about moving our physical roles are flexible single master operations roles from one domain controller over to another domain controller you would you you would do this if you were you know spinning up a new domain controller or you need to move stuff around you don't do it very often once kind of a set it and forget it type of thing but typically if you're replace your excuse me you're replacing a domain controller and you're your primary domain controller you'd want to transfer your roles you don't want to lose the machine that these roles are on because it can be very tricky to get them back so if you're replacing a domain controller you want to follow these steps not every domain controller has these roles it would only be it's typically one domain controller in your domain that would hold these roles so you have five roles you have the schema master the domain naming master the infrastructure master the rid master and the PDC emulator so let's get into our lab environment and you want to be on your target domain controller in this case our lab DCO one here holds all of our roles in in this in this lab so we want to be on the target DC which is lab d co2 this is the domain controller that we'll be moving the roles to now that we're in our domain controller or D Co to our target domain controller we are going to before we transfer the roles what I like to do is I like to check the replication first make sure before you poke anything that nothing is broken so to do that there's a couple of different commands so we will open up a PowerShell admin command and I do CD backslash because I like to run a lot of C I'll clear it and we are going to do rep admin and we're going to do show repple so this will show your replication your inbound neighbors everything says successful if you see any fail failures here you want to troubleshoot that beforehand and then we're gonna do a replication summary which again will tell you if there's any failures and you want to troubleshoot any failures you have before you start because if you change something while you know if you if something happens or it's it's not replicate you want to know if there's a problem before you start playing with these roles it's very important so at least take a look at those two commands make sure everything says successful if you see any failures figure out why and try and get that straightened out before you move your roles now that we've got that done when you minimize out of this let's go to our control panel and go to Administrative Tools and the first thing we're going to go to is Active Directory users and computers and we are going to come over here and right-click on our domain and we're going to change the opera we're going to click on operations masters and this is where you change three of the five roles so you have your rid your PDC in your infrastructure role it's very easy to do this all you have to do is click this Change button you have to be on the target domain controller you can do it from the source domain controller but you have to actually go into Active Directory users and computers and change the domain controller so you're still on even if you're logged in to your primary or your your source domain controller you still have to be connected to your target domain controller if that makes sense so one thing I forget I forgot before we get started I know all my physical roles are on our lab DCO one but if you're in a bigger environment or you just walk into a new environment you want to see where your FISMA roles lie what we can do is go back to our PowerShell window here and type in the command net dumb query FISMA and this once you run this this is going to tell you exactly which which domain controller holds the specific roles and this is also another command that you can use to help you once you answered the rolls to make sure they've transferred completely so let's go back into Active Directory users and computers and actually launch the change or make the change this time so we'll go into lab dot land operations masters and you can see right now is lab D Co one and we're gonna transfer it for it to lab d co two so we're gonna click the Change button it's going to prompt you are you sure we're gonna say yes it's gonna say it was successful we can click OK and now you can see that both the operations master and the transfer two are both lab D Co two so let's go to the PDC tab click change yes successful we're good there do the same thing for the infrastructure roll yep successful boom okay so that leaves us with two left to go let's minimize this and if we run this net Dom query again we should see some changes so you can see that the roles have changed on a few of them so PDC rid pool manager infrastructure master have been moved over to lab D Co two but the schema master and the domain naming master are still on lab D Co one the next thing we need to do is we need to open up Active Directory domains and trusts double click that and we'll right click up here on domains and trusts make sure we're on lab D Co two and again we're gonna go to operations masters or operation master operations master I can't I can't talk to that so we had word for my vocabulary I guess I don't know and again same thing here we're gonna click change you can see that the current domain naming operations master is lab D Co one which we verified here in powershell and then we're gonna change it to lab d co 2 so go ahead and go ahead and click change we're gonna verify that it's gonna say it was successful we can close or minimize out of this for now it's arrow up and reissue that command we should have just one left the schema master yep that is correct the last role we have to move is the schema master and this one's not complicated but there's a little more to it than moving the other four rules for this what we need to do is we read need to register the schema master management DLL so that we can get into the Microsoft management console for the schema master to do that we're gonna go to run and we are going to type in reg SVR 32 and the DLL file is SCH mm GMT DLL and then we're going to click OK it's going to tell you it's registered it successfully you can click ok now that we've registered the DLL file we need to come back to our run command here and type in MMC for Microsoft management console hit the enter key we need to you can see this is a blank console right now so we need to come up to file and add and remove our add/remove snap-in and find your Active Directory schema snap in which is the second one down here highlight it click the Add button click OK we need to change the Active Directory domain control you want to be on your target controller just like with the other roles so we'll click lab ZD co2 click OK it's gonna warn you and click OK now we need to transfer the role so we come back here you can see it's connected to lab D co2 we're gonna go to operations master and you can see the current schema master is lab D Co one and we're gonna change it to lab D co2 let's go ahead and click change it's gonna ask you are you sure it says it's successful we'll close this and we will come back to our PowerShell window here let me clear it and let's run our net Dom query FISMA roles and all of them should be on lab D co2 and they are so if we arrow up again and take a look at our replication summary looks good there and let's take a look at our replication everything looks good there but it probably it has not replicated yet fully you can see some of the times are prior to the change so basically at this point if you are going to decommission your domain controller that you were moving the or your your source domain controller that you were moving your physical roles off of at this point I would not shut it off yet I would leave it turned on let things replicate for a day or two before you shut it down and just verify that replication is functioning properly by looking at these commands make sure nobody's complaining of anything look at your log files keep an eye on things eye on things because playing with Active Directory sometimes can get here especially if you have a big environment I don't typically see big environments because I walk into small medium businesses which might have a handful of domain controllers at best typically a single domain so just be careful of what you're doing keep an eye on things keep an eye on your event logs but now at this point you have successfully moved your FISMA roles to from one domain controller to a net to the next you verified replication is functioning and you verified all the roles have moved successfully so hopefully you guys liked that video if you did please give it a like you know a thumbs up subscribe turn on your Bell notifications so you can see when I post the latest video leave me a comment I have over 15 years of experience in the IT industry and various different organizations so if there's something you want to see you want to know let me know and we'll see if we can get a video out so stay tuned thanks for watching guys

Info

Channel: Alexander Hubbard

Views: 3,124

Rating: undefined out of 5

Keywords: active directory fsmo, active directory fsmo roles, move active directory fsmo roles, fsmo, fsmo roles transfer, how to transfer fsmo roles, how to transfer fsmo roles server 2016, schema master, domain naming master, infrastructure master, RID master, PDC emulator, ad, ad fsmo, ad fsmo roles, transfer fsmo roles, fsmo roles transfer dc to adc, fsmo role transfer, fsmo roles in active directory, transfer fsmo, fsmo roles, active directory

Id: yfguHm0_ChU

Channel Id: undefined

Length: 10min 23sec (623 seconds)

Published: Tue Dec 17 2019