Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Advantages
Moving the FSMO roles with the AD PowerShell has the following advantages:
- It must not first connect to the future Domain Controller role holders.
- Only Seizing (role holder is offline) the FSMO roles will require an additional parameter, you must use -Force parameter.
- Transfering or Seizing the FSMO roles must not necessarily be done from the role holder or the future role holder. You can run the AD-Powershell command from a Windows 7 Client or Windows Server 2008 R2 member server (after RSAT is installed).
Powershell
The FSMO roles are moved to another Domain Controller by using the command: Move-ADDirectoryServerOperationMasterRole
Transfering all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
Seizing all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force
For example, my target Domain Controller name is DC1.
We use this command to transfer all roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
We use this command to seize all roles only from a permanently offline Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force
Names or numbers?
Instead of typing the Names of the operations master roles, Numbers may also be specified.
Here is table:
| Role Name | Number |
| PDCEmulator | 0 |
| RIDMaster | 1 |
| InfrastructureMaster | 2 |
| SchemaMaster | 3 |
| DomainNamingMaster | 4 |
Transfering all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
Seizing all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4 -Force
For example, my target Domain Controller name isDC1.
We use this command to transfer roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole 0,1,2,3,4
We use this command to seize roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole 0,1,2,3,4 -Force
Transfering or Seizing Domain Naming Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole DomainNamingMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 4
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole DomainNamingMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 4 -Force
Tansfering or Seizing Schema Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 3
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 3 -Force
Transfering or Seizing Infrastructure Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole InfrastructureMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 2
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole InfrastructureMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 2 -Force
Transfering or Seizing RID Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole RIDMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 1
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole RIDMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 1 -Force
Tansfering or Seizing PDC Emulator role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole PDCEmulator
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole PDCEmulator -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0 -Force
Additional information
You can view FSMO role owner with this AD-Powershell commands:
Get-ADForest | select SchemaMaster,DomainNamingMaster
Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster
References
- Move-ADDirectoryServerOperationMasterRole
- Active Directory Administration with Windows PowerShell
- How To Revert Back or downgrade Windows Server 2008 R2 Forest and Domain functional Level
- AD-Powershell for Active Directory Administrators