Powershell: Move (Transfering or Seizing) FSMO Roles to Another Domain Controller
Advantages
Moving the FSMO roles with the AD PowerShell has the following advantages:
- It must not first connect to the future Domain Controller role holders.
- Only Seizing (role holder is offline) the FSMO roles will require an additional parameter, you must use -Force parameter.
- Transfering or Seizing the FSMO roles must not necessarily be done from the role holder or the future role holder. You can run the AD-Powershell command from a Windows 7 Client or Windows Server 2008 R2 member server (after RSAT is installed).
Powershell
The FSMO roles are moved to another Domain Controller by using the command: Move-ADDirectoryServerOperationMasterRole
Transfering all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
Seizing all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force
For example, my target Domain Controller name is DC1.
We use this command to transfer all roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
We use this command to seize all roles only from a permanently offline Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force
Names or numbers?
Instead of typing the Names of the operations master roles, Numbers may also be specified.
Here is table:
| Role Name | Number |
| PDCEmulator | 0 |
| RIDMaster | 1 |
| InfrastructureMaster | 2 |
| SchemaMaster | 3 |
| DomainNamingMaster | 4 |
Transfering all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
Seizing all roles
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4 -Force
For example, my target Domain Controller name isDC1.
We use this command to transfer roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole 0,1,2,3,4
We use this command to seize roles to another Domain Controller:
Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole 0,1,2,3,4 -Force
Transfering or Seizing Domain Naming Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole DomainNamingMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 4
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole DomainNamingMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 4 -Force
Tansfering or Seizing Schema Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 3
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 3 -Force
Transfering or Seizing Infrastructure Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole InfrastructureMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 2
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole InfrastructureMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 2 -Force
Transfering or Seizing RID Master role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole RIDMaster
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 1
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole RIDMaster -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 1 -Force
Tansfering or Seizing PDC Emulator role
Transfering
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole PDCEmulator
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0
Seizing
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole PDCEmulator -Force
OR
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0 -Force
Additional information
You can view FSMO role owner with this AD-Powershell commands:
Get-ADForest | select SchemaMaster,DomainNamingMaster
Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster
References
- Move-ADDirectoryServerOperationMasterRole
- Active Directory Administration with Windows PowerShell
- How To Revert Back or downgrade Windows Server 2008 R2 Forest and Domain functional Level
- AD-Powershell for Active Directory Administrators