Header Ads

recent

Transferring, Move or Seizing FSMO Roles with AD-Powershell Command to Another Domain Controller

Moving the FSMO roles with the AD PowerShell has the following benefits :
  •  It must not first connect to the future Domain Controller role holders.
  •  Only Seizing (role holder is offline) the FSMO roles will require an additional parameter, you must use -Forceparameter.
  •  Transfering or Seizing the FSMO roles must not necessarily be done from the role holder or the future role holder. You can run the AD-Powershell command from a Windows 7 Client or any Windows member server (after RSAT is installed).

The FSMO roles are can be moved to another Domain Controller by using the command: Move-ADDirectoryServerOperationMasterRole

Transfering all roles, command syntax:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator


Seizing all roles, command syntax:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force


For example, my target Domain Controller name is DC01.

We use this command to transfer all roles to another Domain Controller:

PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

We use this command to seize all roles from a permanently offline Domain Controller:

PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force



Instead of typing the Names of the operations master roles, Numbers may also be specified.

Here is table:
Role Name
Number
PDCEmulator
0
RIDMaster
1
InfrastructureMaster
2
SchemaMaster
3
DomainNamingMaster
4



Transfering all roles, command syntax: 
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
Seizing all roles, command syntax: 
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4 -Force
For example, my target Domain Controller name is DC01.

We use this command to transfer roles to another Domain Controller:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole 0,1,2,3,4

We use this command to seize roles to another Domain Controller:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole 0,1,2,3,4 -Force


View Role Placement

You can view FSMO role owner with this AD-Powershell commands:
PS> Get-ADForest | select SchemaMaster,DomainNamingMaster

PS> Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster




1 comment:

Systemadminworld. Powered by Blogger.