In this demo, we view and move FSMO Roles in a forest. The lab environment has two writable domain controllers in the same domain. We deployed Read-Only domain controller in the previous lab because that domain controllers read only, it won't work for this demo. Let's get started in the second domain controller added to the domain. Here we are logged into the second domain controller added to the domain. This domain controller is new and should not have any FSMO roles assigned to it. Let's verify that by viewing the FSMO roles next.

We can find the RID, PDC emulator and infrastructure FSMO role holders from Active Directory users and computers. These roles are scoped to the domain, open AD users in computers. Be sure to set the view to advanced features. This will show all the options available in the management console. Right click on the domain and go to operation masters. Here chose the RID Master, Windows DC1. The PDC Master. Here again, Operations Master is Windows DC1 and Infrastructure Master.

Notice we have the option to transfer the role. If for example, while removing this domain controller from the domain, we can use this to transfer the roles to the new domain controller. This has to be initiated by the domain controller, we're transferring the roles to. We're on Windows DC2, let's transfer the RID Master role from Windows DC1. We'll go back to RID Master, change, and click 'Yes', and 'OK'. Now our RID Master is on Windows DC2. We can close this and close Active Directory users in computers.

Next, we'll review the schema FSMO role holder. To do this from the graphical interface, we first have to register the schema management dll. Search for run, that brings up the run box. Next, run the command on the screen to register the schema management dll. Click 'OK' to run and that run successfully, click 'OK'. Next, run mmc.exe to open the management console. Go to file then add remove snap-ins, add Active Directory schema, 'OK'. Right click on Active Directory schema and go to Operations Master. Here chose the current schema Master and we have the option to change it if needed.

Close that and let's find the domain naming FSMO role holder next. We don't need to save the console. Open Active Directory domains and trusts. Right click on Active Directory domains and trusts and go to Operation Master. It shows the current domain name in Operation Master and the option to transfer the role. Notice that both options are showing Windows DC1 but we're on Windows DC2. What if we want to change it to Windows DC2. Let's close this, right click, change Active Directory domain controller and we'll select Windows DC2. Now right click again, go to Operations Master, and now we have the option to change Operations Master to Windows DC2. Let's change and yes, click 'OK'.

Now it's updated to Windows DC2. Close this and we can close Active Directory domains and trusts. That's a lot of clicking, let's look at another option. We can get the FSMO roles with the DCdiag tool as well. Open the command prompt cmd. We'll make this a little bigger and from here we'll type the command on the screen. Hit 'Enter' to run the command. That returns a lot of information, scroll back towards the top to doing primary tests. Under starting test, notes of role holders. It shows the role and the computer that holds the role. We have schema owner, Windows DC1. Domain owner, Windows DC2. PDC owner is Windows DC1. RID owner is Windows DC2 and Infrastructure Update owner is Windows DC1. That is how to view and transfer FSMO roles in a forest and a domain.