Share via

moving FSMO roles

Shahin Mortazave 491 Reputation points
2021-12-10T11:21:45.22+00:00

Hi,
We want to move our AD FSMO roles from a server 2012 to a server 2019, the new server 2019 is already promoted as a DC. We have also an Azure AD connect on a member server in our domain to sync the users to Office 365.
I would like to know moving the FSMO role to the new server will not cause any issue with AAD connect. Personally I don't think so, but because the AAD connect was installed with express mode, I don't know to which DC it use for AD attributes

Any thought on this would be appreciated it.

Thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 40,101 Reputation points
    2021-12-10T15:43:19.44+00:00

    Hello

    Thank you for your question and reaching out.

    Check AD health and replication
    Make sure you know who holds FSMO roles
    Join 2019 to domain
    Promote 2019 to DC
    Check AD health and replication
    Transfer FSMO roles to 2019, I you can use this Powershell script
    Text
    Move-ADDirectoryServerOperationMasterRole -Identity "Insert new DC Name" -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

    On the above, don't use the quotes for the server name
    Transfer Master Time Service using w32tm or Group Policy
    Move DHCP if on other DC. Verify and then make sure old server is deauthorized and the new one is authorized. Use test VM to see if it picks up a dhcp IP
    Hit up static IP servers and devices on network and update DNS on them
    Check AD health and replication
    Demote old DC
    Check AD health and replication
    Unjoin old DC from domain
    When all is good, I will raise Domain and Forest levels to the youngest DC on the domain
    Check AD tools to make sure old DC isn't there
    Remove old DC from Network

    https://techcommunity.microsoft.com/t5/itops-talk-blog/how-to-migrate-active-directory-from-windows-server-2012-r2-to/ba-p/329861

    --If the reply is helpful, please Upvote and Accept as answer--

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Alan Kinane 17,361 Reputation points MVP Volunteer Moderator
    2021-12-10T12:05:50.833+00:00

    The FSMO roles have no bearing on Azure AD Connect so the sync process would not be affected by the FSMO roles are moved to a different DC. I'm not sure if there is an official documentation that states this but I've never seen this mentioned as a concern and I have done a lot of server migrations similar to yours without any issue with AD Connect.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.