SBS Server: How to Transfer or Seize Active Directory FSMO Roles with PowerShell

Type in powershell “NETDOM QUERY FSMO” to show who has all the roles.

 

How to Transfer or Seize Active Directory FSMO (Flexible Single Master Operation) Roles with PowerShell

Moving Roles from old SBS server 2011 to Windows 2019 Server

 

The OperationMasterRole parameter specifies which role or roles are being moved. Possible values of this parameter are PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, and DomainNamingMaster, but there are also numeric shortcuts for each of these:

0: PDCEmulator

1: RIDMaster

2: InfrastructureMaster

3: SchemaMaster

4: DomainNamingMaster

 

This is where the speed and efficiency of PowerShell becomes apparent. To transfer all five FSMO roles to a DC named NewDC, run this cmdlet:

Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4

PowerShell prompts for confirmation of each role by default, but there is a Yes to All option.

 

To seize FSMO roles, which should only be done if the existing role holder is permanently offline, add the -Force parameter to the cmdlet. Using the example above, if all five roles were held by a DC which was permanently offline, they could all be seized on NewDC like so:

Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4 -Force

As you can see, the only difference between this and the previous command is the -Force parameter. You are prompted for each role, as above. Role seizure takes longer to complete than role transfer, because a normal transfer of any roles is attempted before the roles are seized. Assuming the role holder does not respond, a timeout period must expire before the seizure occurs. For this reason, seizing all five roles in this manner takes several minutes.

 

 

 

 

Tags:

Comments are closed

Latest Comments

No comments to show.