FSMO Roles
In Microsoft Windows domain, there are five FSMO roles that are assigned to one or more domain controllers. There are two operations master roles for each forest and three FSMO roles for each domain as following:
• Schema Master: The schema master domain controller manages all updates and modifications to the schema. At any one time, you can have only one schema master in the whole forest.
• Domain naming master: The domain naming master domain controller manages the addition or removal of domains in the forest. As the same as Schema Master, you can have only one domain naming master in the whole forest.
• Infrastructure Master: The infrastructure is in charge of updating references from objects in its domain to objects in other domains. You can have only one domain controller acting as the infrastructure master in each domain.
• Relative ID (RID) Master: The RID master is in charge of processing RID pool requests from all domain controllers in a particular domain. As the same as Infrastructure Master, you can have only one domain controller acting as the RID master in the domain.
• PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to all workstations, member servers, and domain controllers that are running earlier versions of Windows. The PDC is also the Domain Master Browser, and it handles password discrepancies. You can have only one domain controller acting as the PDC emulator master in each domain in the forest.
FSMO Guideline
In general, keep the operations roles on as few domain controllers as possible to simplify tracking the role locations. Place these domain controllers hosting FSMO roles in a location that has the most users for that domain and that has a highly reliable network.
In a single domain forest, leave the five FSMO roles on a single DC. There is no benefit to separating the roles. In the forest root domain of multi-domain forests, leave all the operations master roles on the same domain controller, provided that all domain controllers in the forest root domain are also global catalog servers. There is no benefit to separating the roles.
If you have a single-domain forest, you can setup the infrastructure master on a global catalog server. Otherwise, the infrastructure master should never be placed on a global catalog server.
Transfer the Schema Master Role
To transfer the schema master role, you need to register the Schmmgmt.dll and then run the Active Directory Schema Master snap-in to .
Register Schmmgmt.dll
1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.
Transfer the Schema Master Role
1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Active Directory Domain Controller.
6. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the Domain Naming Master Role
1. Open Active Directory Domains and Trusts from the Administrative Tools.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.
NOTE: You need to perform this step only if you are not on the domain controller to which you want to transfer the role.
3. Select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
1. Open Active Directory Domains and Trusts from the Administrative Tools.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.
NOTE: You need to perform this step only if you are not on the domain controller to which you want to transfer the role.
3. Do one of the following:
• In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
-or-
• In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.
Ref & Credits:
http://www.howtonetworking.com/server/2008fsmo1.htm
