In this blog post, I’ll show you how to move or seize Active Directory FSMO roles using a single PowerShell cmdlet.
In the old days, Moving the FSMO roles involved using multiple consoles and utilities (commands) which was very confusing.
With the release of Windows Server 2012, the process was changed signifying and was made simple.
Using PowerShell to move the FSMO roles is a much cleaner process.
Get Started
To move the FSMO roles Microsoft has created a new PowerShell cmdlet called Move-ADDirectoryServerOperationMasterRole.
The FSMO roles have been numbered as you can see In the table below.
Role Name, Number
- PDCEmulator 0
- RIDMaster 1
- Infrastructure Master 2
- Schema Master 3
- DomainNamingMaster 4
View FSMO Roles
Before I move my FSMO roles I’ll use the cmdlets below to view the current host that hold them.
Get-ADForest | select SchemaMaster,DomainNamingMaster Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster
As you can see below, VDC01 holds all FSMO roles.
Move FSMO Roles
In the example below, I’ll move my FSMO roles from VDC01 to VDC02.
Move-ADDirectoryServerOperationMasterRole -Identity "VDC02" -OperationMasterRole 0,1,2,3,4
To Seize the roles I can use the -Force switch
Move-ADDirectoryServerOperationMasterRole -Identity “VDC02” -OperationMasterRole 0,1,2,3,4 -Force
If I run the Get cmdlets I can see that the roles have moved successfully
To move a single role I can use the cmdlet below
Move-ADDirectoryServerOperationMasterRole -Identity "VDC02" -OperationMasterRole 4
Get-ADForest | select SchemaMaster,DomainNamingMaster
Conclusion
Using PowerShell to manage FSMO roles is a great change and allows us to move or seize roles on the fly.
The days of using consoles and command are gone and it’s good.
YouTube
Update, I just published the YouTube video.