The Domain Naming Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD) forest. There is only one Domain Controller (DC) in the entire forest that holds this role. By default, this is the first server that was promoted to a DC in the root domain.
The main purpose of the Domain Naming Master is to manage the addition and removal of all directory partitions in forest. This role must be online and accessible when you attempt to perform the following actions:
- Add or remove domains
- Add or remove directory partitions
- Modifying cross-reference objects
- Perform a domain rename
Since these actions are rarely performed in the forest, the Domain Naming Master is rarely put to use. Therefore, if the DC that holds this role is offline, the impact is minimal unless you are attempting to perform one of the actions listed above.
The most common action from the list above is probably adding or removing domains. When you perform this action through the DCPROMO process, the Domain Naming Master is contacted for the domain add or removal process to
continue. This DC ensures consistency in the domain in this respect.
The Domain Naming Master is identified by the value stored in the attribute,
fSMORoleOwner on the partitions container object. This role can be transferred at any time to any other DC in the forest. This role can be combined well with the Schema Master role.
This is because both roles are used infrequently and do not add additional resource requirements on the server holding these roles. If this role needs to be transferred, you can use the Active Directory Domains and Trusts snap-in or by using the
ntdsutil command-line utility.
Using the Active Directory Domains and Trust snap-in, connect to the target DC. Then, right click the Active Directory Domains and Trusts heading and click on Operations Master… In the top box, the current DC holding the role should be displayed. In the lower box, you should see the name of the DC to that you wish to transfer the role.
Or, using the
ntdsutil.exe command, type
roles and hit enter. Then type
connections and hit enter. Next type
connect to server servername and hit enter. The system will bind and continue.
quit then hit enter. Then type
transfer naming master and hit enter. A confirmation dialog box will be displayed. Click on Yes. The system will provide some feedback in regards to this action.
The process of transferring the Domain Naming Master role is complete.