3.4.4.6.2.3.1 Transferring a FSMO Role
The OperationMasterRole element contains a string as specified in section 2.2.5.3. Each role triggers a write to the appropriate rootDSE attribute, as listed in the following table.
Not all DCs/instances support all FSMO roles. The following table also lists which types of DCs/instances support which roles.
|
Role to transfer |
rootDSE!attribute |
Value |
(AD DS DC)/(AD DS RODC)/(AD LDS) |
|---|---|---|---|
|
Domain Naming Master FSMO |
rootDSE!becomeDomainMaster |
1 |
Yes/No/Yes |
|
Infrastructure Master FSMO |
rootDSE!becomeInfrastructureMaster |
1 |
Yes/No/No |
|
PDC Emulator FSMO |
rootDSE!becomePdc |
Domain SID** |
Yes/No/No |
|
RID Master FSMO |
rootDSE!becomeRidMaster |
1 |
Yes/No/No |
|
Schema Master FSMO |
rootDSE!becomeSchemaMaster |
1 |
Yes/No/Yes |
Additional constraints, such as control access rights, apply to AD DS and AD LDS; see [MS-ADTS] section 3.1.1.3.3.
** The domain SID must be in binary format ([MS-DTYP] section 2.4.2). The domain SID is the domainDNS!objectSID attribute on the domain NC root object. See also [MS-ADTS] section 3.1.1.3.3.3.