Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called

FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active
Directory.

The five FSMO roles are:

• Schema master - Forest-wide and one per forest.

• Domain naming master - Forest-wide and one per forest.
• RID master - Domain-specific and one for each domain.
• PDC - PDC Emulator is domain-specific and one for each domain.
• Infrastructure master - Domain-specific and one for each domain.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot
(or actually, on the same DC) as has been configured by the Active Directory installation
process. However, there are scenarios where an administrator would want to move one or more
of the FSMO roles from the default holder DC to a different DC.

Moving the FSMO roles while both the original FSMO role holder and the future FSMO role
holder are online and operational is called Transferring, and is described in the Transferring
FSMO Roles article.

However, when the original FSMO role holder went offline or became non operational for a long
period of time, the administrator might consider moving the FSMO role from the original, non-
operational holder, to a different DC. The process of moving the FSMO role from a non-
operational role holder to a different DC is called Seizing, and is described in this article.

If a DC holding a FSMO role fails, the best thing to do is to try and get the server online again.
Since none of the FSMO roles are immediately critical (well, almost none, the loss of the PDC
Emulator FSMO role might become a problem unless you fix it in a reasonable amount of time),
so it is not a problem to them to be unavailable for hours or even days.

If a DC becomes unreliable, try to get it back on line, and transfer the FSMO roles to a reliable
computer. Administrators should use extreme caution in seizing FSMO roles. This operation, in
most cases, should be performed only if the original FSMO role owner will not be brought back
into the environment. Only seize a FSMO role if absolutely necessary when the original role
holder is not connected to the network.

What will happen if you do not perform the seize in time? This table has the info:

FSMO Role Loss implications

The schema cannot be extended. However, in the
short term no one will notice a missing Schema
Schema
Master unless you plan a schema upgrade during
that time.
Domain Naming Unless you are going to run DCPROMO, then you
 will not miss this FSMO role.
Chances are good that the existing DCs will have
enough unused RIDs to last some time, unless
RID
you're building hundreds of users or computer
object per week.
Will be missed soon. NT 4.0 BDCs will not be able
to replicate, there will be no time synchronization
PDC Emulator in the domain, you will probably not be able to
change or troubleshoot group policies and
password changes will become a problem.
Group memberships may be incomplete. If you
Infrastructure only have one domain, then there will be no
impact.

Important: If the RID, Schema, or Domain Naming FSMOs are seized, then the original domain
controller must not be activated in the forest again. It is necessary to reinstall Windows if these
servers are to be used again.

The following table summarizes the FSMO seizing restrictions:

FSMO Role Restrictions

Schema
Domain Naming Original must be reinstalled
RID
PDC Emulator
Can transfer back to original
Infrastructure

Another consideration before performing the seize operation is the administrator's group
membership, as this table lists:

FSMO Role Administrator must be a member of

Schema Schema Admins
Domain Naming Enterprise Admins
RID
PDC Emulator Domain Admins
Infrastructure

To seize the FSMO roles by using Ntdsutil, follow these steps:

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active
Directory functionality.

1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then
click OK.

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:'WINDOWS>ntdsutil
ntdsutil:

2. Type roles, and then press ENTER.

ntdsutil: roles
fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and
then press ENTER.

3. Type connections, and then press ENTER.

fsmo maintenance: connections

server connections:

4. Type connect to server <servername>, where <servername> is the name of the server
you want to use, and then press ENTER.

server connections: connect to server server100

Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:

5. At the server connections: prompt, type q, and then press ENTER again.

server connections: q
fsmo maintenance:

6. Type seize <role>, where <role> is the role you want to seize. For example, to seize the
RID Master role, you would type seize rid master:

Options are:

Seize domain naming master

Seize infrastructure master
Seize PDC
Seize RID master
Seize schema master

7. You will receive a warning window asking if you want to perform the seize. Click on Yes.
fsmo maintenance: Seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210300, problem 5002
(UNAVAILABLE)
, data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The

current FSMO holde
r could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "server100" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
PDC - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
RID - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Infrastructure - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
fsmo maintenance:

Note: All five roles need to be in the forest. If the first domain controller is out of the forest then
seize all roles. Determine which roles are to be on which remaining domain controllers so that all
five roles are not on only one server.

8. Repeat steps 6 and 7 until you've seized all the required FSMO roles.
9. After you seize or transfer the roles, type q, and then press ENTER until you quit the
Ntdsutil tool.

Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global
Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object
information because it does not contain any references to objects that it does not hold. This is
because a GC server holds a partial replica of every object in the forest.

TRANSFERING
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called
FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active
Directory.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot
(or actually, on the same DC) as has been configured by the Active Directory installation
process. However, there are scenarios where an administrator would want to move one or more
of the FSMO roles from the default holder DC to a different DC.

Moving the FSMO roles while both the original FSMO role holder and the future FSMO role
holder are online and operational is called Transferring, and is described in this article.

The transfer of an FSMO role is the suggested form of moving a FSMO role between domain
controllers and can be initiated by the administrator or by demoting a domain controller.
However, the transfer process is not initiated automatically by the operating system, for example
a server in a shut-down state. FSMO roles are not automatically relocated during the shutdown
process - this must be considered when shutting down a domain controller that has an FSMO role
for maintenance, for example.

In a graceful transfer of an FSMO role between two domain controllers, a synchronization of the
data that is maintained by the FSMO role owner to the server receiving the FSMO role is
performed prior to transferring the role to ensure that any changes have been recorded before the
role change.

However, when the original FSMO role holder went offline or became non operational for a long
period of time, the administrator might consider moving the FSMO role from the original, non-
operational holder, to a different DC. The process of moving the FSMO role from a non-
operational role holder to a different DC is called Seizing, and is described in the Seizing FSMO
Roles article.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an
MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of
the following three MMC snap-in tools:

• Active Directory Schema snap-in

• Active Directory Domains and Trusts snap-in
• Active Directory Users and Computers snap-in

To transfer the FSMO role the administrator must be a member of the following group:

FSMO Role Administrator must be a member of

Schema Schema Admins
Domain Naming Enterprise Admins
 RID
PDC Emulator Domain Admins
Infrastructure

Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI

To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO
Roles:

1. Open the Active Directory Users and Computers snap-in from the Administrative Tools
folder.
2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the
icon next to Active Directory Users and Computers and press Connect to Domain
Controller.
3. Select the domain controller that will be the new role holder, the target, and press OK.
4. Right-click the Active Directory Users and Computers icon again and press Operation
Masters.
5. Select the appropriate tab for the role you wish to transfer and press the Change button.
6. Press OK to confirm the change.
7. Press OK all the way out.

Transferring the Domain Naming Master via GUI

To Transfer the Domain Naming Master Role:

1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools
folder.
2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the
icon next to Active Directory Domains and Trusts and press Connect to Domain
Controller.
3. Select the domain controller that will be the new role holder and press OK.
4. Right-click the Active Directory Domains and Trusts icon again and press Operation
Masters.
5. Press the Change button.
6. Press OK to confirm the change.
7. Press OK all the way out.

Transferring the Schema Master via GUI

To Transfer the Schema Master Role:

1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:

regsvr32 schmmgmt.dll
 2. Press OK. You should receive a success confirmation.
3. From the Run command open an MMC Console by typing MMC.
4. On the Console menu, press Add/Remove Snap-in.
5. Press Add. Select Active Directory Schema.
6. Press Add and press Close. Press OK.
7. If you are NOT logged onto the target domain controller, in the snap-in, right-click the
Active Directory Schema icon in the Console Root and press Change Domain Controller.
8. Press Specify .... and type the name of the new role holder. Press OK.
9. Right-click right-click the Active Directory Schema icon again and press Operation
Masters.
10. Press the Change button.
11. Press OK all the way out.

Transferring the FSMO Roles via Ntdsutil

To transfer the FSMO roles from the Ntdsutil command:

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active
Directory functionality.

1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then
click OK.

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:'WINDOWS>ntdsutil
ntdsutil:

2. Type roles, and then press ENTER.

ntdsutil: roles
fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and
then press ENTER.

3. Type connections, and then press ENTER.

fsmo maintenance: connections

server connections:

4. Type connect to server <servername>, where <servername> is the name of the server
you want to use, and then press ENTER.

server connections: connect to server server100

Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:
 5. At the server connections: prompt, type q, and then press ENTER again.

server connections: q
fsmo maintenance:

6. Type transfer <role>. where <role> is the role you want to transfer.

For example, to transfer the RID Master role, you would type transfer rid master:

Options are:

Transfer domain naming master

Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master

7. You will receive a warning window asking if you want to perform the transfer. Click on
Yes.
8. After you transfer the roles, type q and press ENTER until you quit Ntdsutil.exe.
9. Restart the server and make sure you update your backup.

MICROSOFT DOCUMENTATION

Certain domain and enterprise-wide operations that are not good for multi-master updates are performed by

a single domain controller in an Active Directory domain or forest. The domain controllers that are assigned

to perform these unique operations are called operations masters or FSMO role holders.

The following list describes the 5 unique FSMO roles in an Active Directory forest and the dependent

operations that they perform:

• Schema master - The Schema master role is forest-wide and there is one for each forest. This role

is required to extend the schema of an Active Directory forest or to run the adprep /domainprep

command.
• Domain naming master - The Domain naming master role is forest-wide and there is one for each

forest. This role is required to add or remove domains or application partitions to or from a forest.
• RID master - The RID master role is domain-wide and there is one for each domain. This role is

required to allocate the RID pool so that new or existing domain controllers can create user

accounts, computer accounts or security groups.

• PDC emulator - The PDC emulator role is domain-wide and there is one for each domain. This role is

required for the domain controller that sends database updates to Windows NT backup domain
 controllers. The domain controller that owns this role is also targeted by certain administration tools

and updates to user account and computer account passwords.

• Infrastructure master - The Infrastructure master role is domain-wide and there is one for each

domain. This role is required for domain controllers to run the adprep /forestprep command

successfully and to update SID attributes and distinguished name attributes for objects that are

referenced across domains.

The Active Directory Installation Wizard (Dcpromo.exe) assigns all 5 FSMO roles to the first domain

controller in the forest root domain. The first domain controller in each new child or tree domain is assigned

the three domain-wide roles. Domain controllers continue to own FSMO roles until they are reassigned by

using one of the following methods:

• An administrator reassigns the role by using a GUI administrative tool.

• An administrator reassigns the role by using the ntdsutil /roles command.

• An administrator gracefully demotes a role-holding domain controller by using the Active Directory

Installation Wizard. This wizard reassigns any locally-held roles to an existing domain controller in

the forest. Demotions that are performed by using the dcpromo /forceremoval command leave

FSMO roles in an invalid state until they are reassigned by an administrator.

We recommend that you transfer FSMO roles in the following scenarios:

• The current role holder is operational and can be accessed on the network by the new FSMO owner.

• You are gracefully demoting a domain controller that currently owns FSMO roles that you want to

assign to a specific domain controller in your Active Directory forest.

• The domain controller that currently owns FSMO roles is being taken offline for scheduled

maintenance and you need specific FSMO roles to be assigned to a “live” domain controller. This

may be required to perform operations that connect to the FSMO owner. This would be especially

true for the PDC Emulator role but less true for the RID master role, the Domain naming master role

and the Schema master roles.

We recommend that you seize FSMO roles in the following scenarios:

• The current role holder is experiencing an operational error that prevents an FSMO-dependent

operation from completing successfully and that role cannot be transferred.

• A domain controller that owns an FSMO role is force-demoted by using the dcpromo

/forceremoval command.
 • The operating system on the computer that originally owned a specific role no longer exists or has

been reinstalled.

As replication occurs, non-FSMO domain controllers in the domain or forest gain full knowledge of changes

that are made by FSMO-holding domain controllers. If you must transfer a role, the best candidate domain

controller is one that is in the appropriate domain that last inbound-replicated, or recently inbound-

replicated a writable copy of the “FSMO partition” from the existing role holder. For example, the Schema

master role-holder has a distinguished name path of CN=schema,CN=configuration,dc=<forest root

domain>, and this mean that roles reside in and are replicated as part of the CN=schema partition. If the

domain controller that holds the Schema master role experiences a hardware or software failure, a good

candidate role-holder would be a domain controller in the root domain and in the same Active Directory site

as the current owner. Domain controllers in the same Active Directory site perform inbound replication every

5 minutes or 15 seconds.

The partition for each FSMO role is in the following list:

FSMO role Partition

Schema CN=Schema,CN=configuration,DC=<forest root domain>

Domain Naming Master CN=configuration,DC=<forest root domain>

PDC DC=<domain>

RID DC=<domain>

Infrastructure DC=<domain>

A domain controller whose FSMO roles have been seized should not be permitted to communicate with

existing domain controllers in the forest. In this scenario, you should either format the hard disk and

reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a

private network and then remove their metadata on a surviving domain controller in the forest by using the

ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has

been seized into the forest is that the original role holder may continue to operate as before until it inbound-

replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles

include creating security principals that have overlapping RID pools, and other problems.

Back to the top

Transfer FSMO roles

To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
 1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or

domain controller that is located in the forest where FSMO roles are being transferred. We

recommend that you log on to the domain controller that you are assigning FSMO roles to. The

logged-on user should be a member of the Enterprise Administrators group to transfer Schema

master or Domain naming master roles, or a member of the Domain Administrators group of the

domain where the PDC emulator, RID master and the Infrastructure master roles are being

transferred.

2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.

3. Type roles, and then press ENTER.

Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?,

and then press ENTER.

4. Type connections, and then press ENTER.

5. Type connect to server servername, and then press ENTER, where servername is the name of

the domain controller you want to assign the FSMO role to.

6. At the server connections prompt, type q, and then press ENTER.

7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can

transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at

the start of this article. For example, to transfer the RID master role, type transfer rid master.

The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc

emulator.

8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil

prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Back to the top

Seize FSMO roles

To seize the FSMO roles by using the Ntdsutil utility, follow these steps:

1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or

domain controller that is located in the forest where FSMO roles are being seized. We recommend

that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user

should be a member of the Enterprise Administrators group to transfer schema or domain naming

master roles, or a member of the Domain Administrators group of the domain where the PDC

emulator, RID master and the Infrastructure master roles are being transferred.

2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3. Type roles, and then press ENTER.

4. Type connections, and then press ENTER.

5. Type connect to server servername, and then press ENTER, where servername is the name of

the domain controller that you want to assign the FSMO role to.

6. At the server connections prompt, type q, and then press ENTER.

7. Type seize role, where role is the role that you want to seize. For a list of roles that you can seize,

type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start

of this article. For example, to seize the RID master role, type seize rid master. The one exception

is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.

8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil

prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Notes
o Under typical conditions, all five roles must be assigned to “live” domain controllers in the

forest. If a domain controller that owns a FSMO role is taken out of service before its roles

are transferred, you must seize all roles to an appropriate and healthy domain controller.

We recommend that you only seize all roles when the other domain controller is not

returning to the domain. If it is possible, fix the broken domain controller that is assigned

the FSMO roles. You should determine which roles are to be on which remaining domain

controllers so that all five roles are assigned to a single domain controller. For more

information about FSMO role placement, click the following article number to view the

article in the Microsoft Knowledge Base:

223346 FSMO placement and optimization on Windows 2000 domain controllers

o If the domain controller that formerly held any FSMO role is not present in the domain and

if it has had its roles seized by using the steps in this article, remove it from the Active

Directory by following the procedure that is outlined in the following Microsoft Knowledge

Base article:

216498 How to remove data in active directory after an unsuccessful domain controller

demotion

o Removing domain controller metadata with the Windows 2000 version or the Windows

Server 2003 build 3790 version of the ntdsutil /metadata cleanup command does not

relocate FSMO roles that are assigned to live domain controllers. The Windows Server 2003
 Service Pack 1 (SP1) version of the Ntdsutil utility automates this task and removes

additional elements of domain controller metadata.

o Some customers prefer not to restore system state backups of FSMO role-holders in case

the role has been reassigned since the backup was made.
o Do not put the Infrastructure master role on the same domain controller as the global

catalog server. If the Infrastructure master runs on a global catalog server it stops updating

object information because it does not contain any references to objects that it does not

hold. This is because a global catalog server holds a partial replica of every object in the

forest.

To test whether a domain controller is also a global catalog server:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory

Sites and Services.

2. Double-click Sites in the left pane, and then locate the appropriate site or click Default-first-site-

name if no other sites are available.

3. Open the Servers folder, and then click the domain controller.

4. In the domain controller's folder, double-click NTDS Settings.

5. On the Action menu, click Properties.

6. On the General tab, view the Global Catalog check box to see if it is selected.

For more information about FSMO roles, click the following article numbers to view the articles in the

Microsoft Knowledge Base:

197132 Windows 2000 Active Directory FSMO roles

223787 Flexible Single Master Operation transfer and seizure process

FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The

five FSMO roles are:

• Schema Master: The schema master domain controller controls all updates and modifications to the

schema. To update the schema of a forest, you must have access to the schema master. There can

be only one schema master in the whole forest.

• Domain naming master: The domain naming master domain controller controls the addition or

removal of domains in the forest. There can be only one domain naming master in the whole forest.
 • Infrastructure Master: The infrastructure is responsible for updating references from objects in its

domain to objects in other domains. At any one time, there can be only one domain controller

acting as the infrastructure master in each domain.

• Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all

domain controllers in a particular domain. At any one time, there can be only one domain controller

acting as the RID master in the domain.

• PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain

controller (PDC) to workstations, member servers, and domain controllers that are running earlier

versions of Windows. For example, if the domain contains computers that are not running Microsoft

Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft

Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is

also the Domain Master Browser, and it handles password discrepancies. At any one time, there can

be only one domain controller acting as the PDC emulator master in each domain in the forest.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool.

Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in

tools:

Active Directory Schema snap-in

Active Directory Domains and Trusts snap-in

Active Directory Users and Computers snap-in

If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe utility.

Back to the top

Transfer the Schema Master Role

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use

this snap-in, you must register the Schmmgmt.dll file.

Register Schmmgmt.dll

1. Click Start, and then click Run.

2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.

3. Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role

 1. Click Start, click Run, type mmc in the Open box, and then click OK.

2. On the File, menu click Add/Remove Snap-in.

3. Click Add.

4. Click Active Directory Schema, click Add, click Close, and then click OK.

5. In the console tree, right-click Active Directory Schema, and then click Change Domain

Controller.

6. Click Specify Name, type the name of the domain controller that will be the new role holder, and

then click OK.

7. In the console tree, right-click Active Directory Schema, and then click Operations Master.

8. Click Change.

9. Click OK to confirm that you want to transfer the role, and then click Close.

Back to the top

Transfer the Domain Naming Master Role

1. Click Start, point to Administrative Tools, and then click Active Directory Domains and

Trusts.

2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain

Controller.

NOTE: You must perform this step if you are not on the domain controller to which you want to

transfer the role. You do not have to perform this step if you are already connected to the domain

controller whose role you want to transfer.

3. Do one of the following:

o In the Enter the name of another domain controller box, type the name of the domain

controller that will be the new role holder, and then click OK.

-or-
o In the Or, select an available domain controller list, click the domain controller that will

be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations

Master.

5. Click Change.

6. Click OK to confirm that you want to transfer the role, and then click Close.

Back to the top

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1. Click Start, point to Administrative Tools, and then click Active Directory Users and

Computers.

2. Right-click Active Directory Users and Computers, and then click Connect to Domain

Controller.

NOTE: You must perform this step if you are not on the domain controller to which you want to

transfer the role. You do not have to perform this step if you are already connected to the domain

controller whose role you want to transfer.

3. Do one of the following:

o In the Enter the name of another domain controller box, type the name of the domain

controller that will be the new role holder, and then click OK.

-or-
o In the Or, select an available domain controller list, click the domain controller that will

be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and

then click Operations Master.

5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and

then click Change.

6. Click OK to confirm that you want to transfer the role, and then click Close.