transfer fsmo roles windows server 2008, windows server ... · transfer fsmo roles windows server...
TRANSCRIPT
Transfer FSMO Roles Windows Server 2008, Windows Server
2008 R2 to Windows Server 2012 R2 Domain Controller
Prepared by: Sainath K.E.V
Microsoft MVP –Directory Services
TABLE OF CONTENTS
1 . A Brief Introduction ............................................................................................................. 4
2 Transfer FSMO Roles from Windows Server 2008 r2 to WIndows Server 2008 R2 ...................... 5
2.1 Infrastructure ................................................................................................................ 5
2.1.1 Functional Levels.................................................................................................... 5
2.1.2 FSMO Roles............................................................................................................ 6
2.2 Transfer FSMO Roles ...................................................................................................... 7
2.2.1 Transfer Naming Master: Forest Wide...................................................................... 8
2.2.2 Transfer Schema Master – Forest Wide .................................................................... 9
2.2.3 Transfer PDC – Domain Wide................................................................................... 9
2.2.4 Transfer RID Master – Domain Wide .......................................................................10
2.2.5 Transfer Infrastructure Master – Domain Wide........................................................11
2.2.6 Validate FSMO Role transfer...................................................................................12
3 Transfer FSMO Roles from Windows Server 2008 r2 to Windows server 2012 r2 ......................14
3.1 Infrastructure: ..............................................................................................................14
3.1.1 Current State: ........................................................................................................14
3.1.2 The target State .....................................................................................................15
3.1.3 Functional Levels ...................................................................................................15
3.2 Transfer FSMO roles ......................................................................................................15
3.2.1 Transfer Naming Master: Forest Wide.....................................................................16
3.2.2 Transfer Schema Master – Forest Wide ...................................................................17
3.2.3 Transfer PDC – Domain Wide..................................................................................17
3.2.4 Transfer RID Master – Domain Wide .......................................................................18
3.2.5 Transfer Infrastructure Master – Domain Wide........................................................19
3.2.6 Validate FSMO Role transfer...................................................................................20
4 Transfer FSMO Roles from Windows Server 2008 to Windows Server 2012 R2 .........................22
4.1.1 Current State: ........................................................................................................22
4.1.2 The target State .....................................................................................................22
4.1.3 Functional Levels ...................................................................................................22
4.2 Transfer FSMO roles ......................................................................................................23
4.2.1 Transfer Naming Master: Forest Wide.....................................................................23
4.2.2 Transfer Schema Master – Forest Wide ...................................................................24
4.2.3 Transfer PDC – Domain Wide..................................................................................25
4.2.4 Transfer RID Master – Domain Wide .......................................................................26
4.2.5 Transfer Infrastructure Master – Domain Wide........................................................27
4.2.6 Validate FSMO Role transfer...................................................................................28
5 Conclusion: ..........................................................................................................................30
1 . A BRIEF INTRODUCTION
The following document explains the FSMO transfer process and validation steps from Windows
Server 2008, Windows Server 2008 R2 to Windows Server 2012 R2 configured with Forest Functional
Level and Domain Functional Level set to Windows Server 2003. This document does not prov ide steps required to install and configure Forests / Domains / Child Domains / OU and Security.
2 TRANSFER FSMO ROLES FROM WINDOWS SERVER 2008 R2 TO
WINDOWS SERVER 2008 R2
2.1 INFRASTRUCTURE
Below is the Active Directory infrastructure setup
Operating System
Domain Number of DC’s
Schema Version
DC Role Roles
Windows Server 2008 R2 Datacentre edition
Corp.cloud.com 1 47 PDC FSMO ( All 5 Roles )
Windows Server 2008 R2 Datacentre edition
US.corp.cloud.com 1 PDC PDC, RID, Infrastructure Master
Schema Version List
Operating System Schema Version Windows 2000 RTM with all Service packs 13
Windows Server 2003 with all Service packs 30 Windows Server 2003 R2 with all Service packs 31
Windows Server 2008 with all Service packs 44 Windows Server 2008 R2 47
Windows Server 2012 56
Windows Server 2012 R2 69
2.1.1 FUNCTIONAL LEVELS
Dn: CN=Partitions,CN=Configuration,DC=corp,DC=cloud,DC=com
msDS-Behavior-Version: 2 = ( WIN2003 );
1. Forest Functional Level = Windows Server 2003
2. Domain Functional Level = Windows Server 2003
msDS-Behavior defines the lowest limit on the Server version that can run as Domain
Controller within a domain. In our scenario the value is 2, which means the following Operating Systems are allowed in the domain
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
2.1.2 FSMO ROLES
FSMO Roles:
1. Domain: Corp.Cloud.com
select operation target: list roles for connected server
Server "am-dc1" knows about 5 roles
Schema - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
Naming Master - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
PDC - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
RID - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
Infrastructure - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
2. Domain: US.corp.cloud.com
select operation target: list roles for connected server
Server "emea-dc1" knows about 5 roles
Schema - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
Naming Master - CN=NTDS Settings,CN=AM-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
PDC - CN=NTDS Settings,CN=EMEA-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
RID - CN=NTDS Settings,CN=EMEA-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
Infrastructure - CN=NTDS Settings,CN=EMEA-DC1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=corp,DC=cloud,DC=com
2.2 TRANSFER FSMO ROLES
Introduction:
In this step a New Windows Server 2008 R2 Domain Controller is installed in the same site as PDC for
Corp.cloud.com domain and FSMO roles are transferred from PDC to New DC. Below is the high
level migration flow diagram
Windows Server 2008 R2
Windows Server 2008 R2
Transfer FSMO
Source Target
Source Dn: CN=AM-DC1,OU=Domain
Controllers,DC=corp,DC=cloud,DC=com
operatingSystem: Window s Server 2008 R2 Datacenter;
operatingSystemServicePack: Service Pack 1;
operatingSystemVersion: 6.1 (7601);
Target Dn: CN=AM-ADC1,OU=Domain
Controllers,DC=corp,DC=cloud,DC=com operatingSystem: Window s Server 2008 R2 Datacenter;
operatingSystemServicePack: Service Pack 1;
operatingSystemVersion: 6.1 (7601);
2.2.1 TR ANS F ER NAMI NG MAS TER : FOR ES T WI D E
Follow the below commands on the Domain Controller on which the FSMO role is being transferred
1. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
2. Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil
utility, type ?, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server AM-ADC1 and then press ENTER, where servername is the
name of the domain controller you want to assign the FSMO role to.
5. At the server connections prompt, type q, and then press ENTER.
6. Type transfer naming master and hit enter
Select Yes and the role gets successfully transferred to AM-ADC1 domain controller as shown below
You can see from the above that Naming Master Server role is successfully moved to AM-ADC1 and other FSMO roles are still with AM-DC1
7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
2.2.2 TR ANS F ER SCH EMA MAS TER – FOR ES T WI D E
When transferring all roles to Target server, you can continue from above ( 1.1.2.2 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Schema master follow 1.1.2.2 section –step 1 through 6 and enter the below command
1. Type transfer Schema master and hit enter
Select Yes and the role gets successfully transferred to AM-ADC1 domain controller as shown below
You can see from the above that Schema Master role is successfully moved to AM-ADC1 and other FSMO roles are still with AM-DC1
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
2.2.3 TR ANS F ER PDC – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 1.1.2.2 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer PDC emulator role follow 1.1.2.2
section –step 1 through 6 and enter the below command
1. Type transfer PDC and hit enter
Select Yes and the role gets successfully transferred to AM-ADC1 domain controller as shown below
You can see from the above that PDC role is successfully moved to AM-ADC1 and other FSMO roles are still with AM-DC1
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
2.2.4 TR ANS F ER RID MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 1.1.2.2 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer RID Master role follow 1.1.2.2 section –step 1 through 6 and enter the below command
1. Type transfer RID Master and hit enter
Select Yes and the role gets successfully transferred to AM-ADC1 domain controller as shown below
You can see from the above that RID Master role is successfully moved to AM-ADC1 and other FSMO roles are still with AM-DC1
At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility
2.2.5 TR ANS F ER INF R AS TR UCTUR E MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 1.1.2.2 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Infrastructure Master role follow
1.1.2.2 section –step 1 through 6 and enter the below command
1. Type transfer Infrastructure Master and hit enter
Select Yes and the role gets successfully transferred to AM-ADC1 domain controller as shown below
You can see from the above that Infrastructure Master role is successfully moved to AM-ADC1 and all FSMO roles are now successfully moved to target server
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility
2.2.6 V ALI D ATE FSMO ROLE TR ANS F ER
Schema Master
Search Filter: (&(objectClass=dmd)(fSMORoleOwner=*))
Domain Naming Master
Search Filter: (&(objectClass=crossRefContainer)(fSMORoleOwner=*))
RID Master
Search Filter : (&(objectClass=ridmanager)(fSMORoleOwner=*))
PDC Emulator
Search Filter: (&(objectClass=domainDNS)(fSMORoleOwner=*))
Infrastructure Master
Search Filter: (&(objectClass=infrastructureUpdate)(fSMORoleOwner=*))
3 TRANSFER FSMO ROLES FROM WINDOWS SERVER 2008 R2 TO
WINDOWS SERVER 2012 R2
Introduction: In this scenario, we are adding Windows Server 2012 R2 domain controller to existing
forest and transfer FSMO roles from Windows Server 2008 R2 to Windows Server 2012 R2. This
activity assumes you have necessary Enterprise / Domain Administrator privileges to complete the activity. This section does not cover Domain Controller installation steps.
3.1 I NFRASTRUCTURE:
After successful installation of Windows Server 2012 R2 Domain Controller, the Schema Version gets updated to reflect Windows Server 2012 R2 which is 69.
3.1.1 CUR R ENT STATE :
Operating System
Domain Schema Version
DC Role Roles
Windows Server 2008 R2 Datacentre edition
Corp.cloud.com 69 PDC
Windows Server 2008 R2
Corp.cloud.com ADC1 FSMO
Windows Server 2012 R2
Corp.cloud.com ADC2
Windows Server 2008 R2 Datacentre edition
US.corp.cloud.com PDC PDC, RID, Infrastructure Master
3.1.2 TH E TAR G ET STATE
Operating System
Domain Schema Version
DC Role Roles
Windows Server 2008 R2 Datacentre edition
Corp.cloud.com 69 PDC
Windows Server 2008 R2
Corp.cloud.com ADC1
Windows Server 2012 R2
Corp.cloud.com ADC2 FSMO
Windows Server 2008 R2 Datacentre edition
US.corp.cloud.com PDC PDC, RID, Infrastructure Master
3.1.3 FUNCTI ONAL LEVELS
Forest Functional Level – 2003
Domain Functional Level – 2003
3.2 TRANSFER FSMO ROLES
In this step a New Windows Server 2008 R2 Domain Controller is installed in the same site as PDC for
Corp.cloud.com domain and FSMO roles are transferred from PDC to New DC. Below is the high level migration flow diagram
Windows Server 2008 R2
Windows Server 2012 R2
Transfer FSMO
Source Target
Source Dn: CN=AM-ADC1,OU=Domain
Controllers,DC=corp,DC=cloud,DC=com
operatingSystem: Window s Server 2008 R2 Datacenter;
operatingSystemServicePack: Service Pack 1;
operatingSystemVersion: 6.1 (7601);
Target Dn: CN=AMADC2,OU=Domain
Controllers,DC=corp,DC=cloud,DC=com
operatingSystem: Window s Server 2012 R2 Datacenter;
operatingSystemVersion: 6.3 (9600);
3.2.1 TR ANS F ER NAMI NG MAS TER : FOR ES T WI D E
Follow the below commands on the Domain Controller on which the FSMO role is being transferred
1. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
2. Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil
utility, type ?, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server AMADC2 and then press ENTER, where servername is the name
of the domain controller you want to assign the FSMO role to.
5. At the server connections prompt, type q, and then press ENTER.
6. Type transfer naming master and hit enter
Select Yes and the role gets successfully transferred to AMADC2 domain controller as shown below
You can see from the above that Naming Master Server role is successfully moved to AMADC2 and other FSMO roles are still with AM-ADC1
7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
3.2.2 TR ANS F ER SCH EMA MAS TER – FOR ES T WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Schema master follow 2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer Schema master and hit enter
Select Yes and the role gets successfully transferred to AMADC2 domain controller as shown below
You can see from the above that Schema Master role is successfully moved to AM-ADC1 and other FSMO roles are still with AMADC2
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
3.2.3 TR ANS F ER PDC – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer PDC Emulator role follow 2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer PDC and hit enter
Select Yes and the role gets successfully transferred to AMADC2 domain controller as shown below
You can see from the above that PDC Emulator role is successfully moved to AM-ADC1 and other FSMO roles are still with AMADC2
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
3.2.4 TR ANS F ER RID MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer RID Master role follow 2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer RID Master and hit enter
Select Yes and the role gets successfully transferred to AMADC2 domain controller as shown below
You can see from the above that RID Master role is successfully moved to AM-ADC1 and other FSMO roles are still with AMADC2
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
3.2.5 TR ANS F ER INF R AS TR UCTUR E MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Infrastructure Master role follow
2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer Infrastructure Master and hit enter
Select Yes and the role gets successfully transferred to AMADC2 domain controller as shown below
You can see from the above that Infrastructure Master role is successfully moved to AM-ADC1 and all roles are successfully moved to AMADC2 server successfully.
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
3.2.6 V ALI D ATE FSMO ROLE TR ANS F ER
Schema Master
Search Filter: (&(objectClass=dmd)(fSMORoleOwner=*))
Domain Naming Master
Search Filter: (&(objectClass=crossRefContainer)(fSMORoleOwner=*))
RID Master
Search Filter : (&(objectClass=ridmanager)(fSMORoleOwner=*))
PDC Emulator
Search Filter: (&(objectClass=domainDNS)(fSMORoleOwner=*))
Infrastructure Master
Search Filter: (&(objectClass=infrastructureUpdate)(fSMORoleOwner=*))
4 TRANSFER FSMO ROLES FROM WINDOWS SERVER 2008 TO
WINDOWS SERVER 2012 R2
Introduction: In this scenario FSMO roles are transferred from Windows Server 2008 SP2 Enterprise
Edition Domain Controller to Windows Server 2012 R2 Enterprise Edition Domain Controller. This
section will not cover Active Directory Forest installation and configuration.
4.1.1 CUR R ENT STATE :
Operating System
Domain Schema Version
DC Role Roles
Windows Server 2008 SP2 Enterprise Edition
Aus.cloud.com 44 PDC FSMO
4.1.2 TH E TAR G ET STATE
Operating System
Domain Schema Version
DC Role Roles
Windows Server 2008 R2 Datacentre edition
aus.cloud.com 69 PDC
Windows Server 2012 R2
aus.cloud.com ADC2 FSMO
4.1.3 FUNCTI ONAL LEVELS
Forest Functional Level
Domain Functional Level
4.2 TRANSFER FSMO ROLES
This section assumes the Windows Server 2012 R2 is installed as Additional Domain Controller and is fully functional without errors.
Windows Server 2008 Sp2
Windows Server 2012 R2
Transfer FSMO
Source Target
Source Dn: CN=WIN-XJV5L9U8IOK,OU=Domain
Controllers,DC=aus,DC=c loud,DC=com
operatingSystem: Window s Server 2008 Enterprise;
operatingSystemServicePack: Service Pack 2;
operatingSystemVersion: 6.0 (6002);
Target Dn: CN=WIN-SCHM3Q1LI98,OU=Domain
Controllers,DC=corp,DC=cloud,DC=com
operatingSystem: Window s Server 2012 R2 Datacenter;
operatingSystemVersion: 6.3 (9600);
4.2.1 TR ANS F ER NAMI NG MAS TER : FOR ES T WI D E
Follow the below commands on the Domain Controller on which the FSMO role is being transferred
8. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
9. Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil
utility, type ?, and then press ENTER.
10. Type connections, and then press ENTER.
11. Type connect to server WIN-SCHM3Q1LI98 and then press ENTER, where servername is
the name of the domain controller you want to assign the FSMO role to.
12. At the server connections prompt, type q, and then press ENTER.
13. Type transfer naming master and hit enter
Select Yes and the role gets successfully transferred to WIN-SCHM3Q1LI98 domain controller as shown below
You can see from the above that Naming Master Server role is successfully moved to WIN-SCHM3Q1LI98 and other FSMO roles are still with WIN-XJV5L9U8IOK
14. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
4.2.2 TR ANS F ER SCH EMA MAS TER – FOR ES T WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Schema master follow 2.2.1.1 section –step 1 through 6 and enter the below command
3. Type transfer Schema master and hit enter
Select Yes and the role gets successfully transferred to WIN-SCHM3Q1LI98 domain controller as shown below
You can see from the above that Schema Master role is successfully moved to WIN-
SCHM3Q1LI98 and other FSMO roles are still with WIN-XJV5L9U8IOK
4. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
4.2.3 TR ANS F ER PDC – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer PDC Emulator role follow 2.2.1.1 section –step 1 through 6 and enter the below command
3. Type transfer PDC and hit enter
Select Yes and the role gets successfully transferred to WIN-SCHM3Q1LI98 domain controller as shown below
You can see from the above that PDC Emulator role is successfully moved to WIN-
SCHM3Q1LI98 and other FSMO roles are still with WIN-XJV5L9U8IOK
4. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
4.2.4 TR ANS F ER RID MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer RID Master role follow 2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer RID Master and hit enter
Select Yes and the role gets successfully transferred to WIN-SCHM3Q1LI98 domain controller as shown below
You can see from the above that RID Master role is successfully moved to WIN-SCHM3Q1LI98 and other FSMO roles are still with WIN-XJV5L9U8IOK
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
4.2.5 TR ANS F ER INF R AS TR UCTUR E MAS TER – DOMAI N WI D E
When transferring all roles to Target server, you can continue from above ( 2.2.1.1 ) 6th step of
transferring all roles, or you can perform at later stage. To transfer Infrastructure Master role follow 2.2.1.1 section –step 1 through 6 and enter the below command
1. Type transfer Infrastructure Master and hit enter
Select Yes and the role gets successfully WIN-SCHM3Q1LI98 transferred to domain controller as shown below
You can see from the above that Infrastructure Master role is successfully moved to WIN-
SCHM3Q1LI98 and all roles are successfully moved to WIN-SCHM3Q1LI98 server successfully.
2. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
4.2.6 V ALI D ATE FSMO ROLE TR ANS F ER
Schema Master
Search Filter: (&(objectClass=dmd)(fSMORoleOwner=*))
Domain Naming Master
Search Filter: (&(objectClass=crossRefContainer)(fSMORoleOwner=*))
RID Master
Search Filter : (&(objectClass=ridmanager)(fSMORoleOwner=*))
PDC Emulator
Search Filter: (&(objectClass=domainDNS)(fSMORoleOwner=*))
Infrastructure Master
Search Filter: (&(objectClass=infrastructureUpdate)(fSMORoleOwner=*))
5 CONCLUSION:
This document outlines different scenarios for transferring FSMO roles from Windows Server 2008,
Windows Server 2008 R2 to Windows Server 2012 R2 Domain controllers. This document also
outlines the steps required to validate the changes post FSMO role transfer. Functional Levels do not have dependency on FSMO roles placement
It is possible to
a) Add Windows Server 2012 R2 Domain Controller to existing Windows Server 2008 domain
controller infrastructure running with Forest Functional Level and Domain Functional Level
set to Windows Server 2003
b) Add Windows Server 2012 R2 Domain Controller to existing Windows Server 2008 R2
domain controller infrastructure running with Forest Functional Level and Domain Functional
Level set to Windows Server 2003
c) Transfer FSMO roles from Windows Server 2008 Primary Domain Controller to Windows
Server 2012 R2 Additional Domain Controller With Forest Functional Level and Domain
Functional Level set to Windows Server 2003
d) Transfer FSMO roles from Windows Server 2008 R2 Primary Domain Controller to Windows
Server 2008 R2 Additional Domain Controller With Forest Functional Level and Domain
Functional Level set to Windows Server 2003
e) Transfer FSMO roles from Windows Server 2008 R2 Primary Domain Controller to Windows
Server 2012 R2 Additional Domain Controller With Forest Functional Level and Domain
Functional Level set to Windows Server 2003