FSMO – Flexible Single Master Operations (aka Operation Master Roles)
FSMO are divided into five roles and they are:
- Schema master – holds a read-write copy of your AD’s entire schema.
- Domain naming master – responsible for verifying domains.
- RID master – ensures uniqueness between different objects in the active directory. (Think everytime you create a username, this will have its own unique identification called a sid)
- PDC emulator – is the master clock for all the domain controllers in your domain.
- Infrastructure master – keeps cross-domain references up to date.
So why Transfer FSMO Roles? ( A transfer is a planned transfer of role)
- For one if you demoting a current Domain controller and you wish to demote it assign the roles to a new one.
- Under Maintenance conditions if you need to power down the primary DC that has the roles assigned.
A Transfer that is done by Seizing the Role is an unexpected cause forcing you to move the Roles over.
- This can be caused when the current role holder is having issues and the role is not transferred by a planned transfer.
- This can also be done by forcing the DC to be demoted via dcpromo command.
Remember that when FSMO Roles have been seized they should no longer be able to communicate with the original Role holder. You should demote this DC as it may cause conflicts with the new holder
There are a variety of ways to Transfer the FSMO roles I will go through some below for you: