Visitors

HOW TO: Migrate FSMO Roles in Windows Server 2016 Active Directory using Powershell

  1. Log in to Windows Server 2016 as a member of Enterprise Administrators group;
  2. Run Powershell as Administrator;
  3. Type netdom query fsmo to get a list of the FSMO roles and their current owners;
    PS C:\Windows\system32> netdom query fsmo
    Schema master               cs-core-adc-01.vstrong.info
    Domain naming master        cs-core-adc-01.vstrong.info
    PDC                         cs-core-adc-01.vstrong.info
    RID pool manager            cs-core-adc-01.vstrong.info
    Infrastructure master       cs-core-adc-01.vstrong.info
    The command completed successfully.
  4. As you can see, cs-core-adc-01.vstrong.info holds all FSMO roles.
    I would like to transfer ALL FSMO roles to another Domain Controller cs-core-adc-02.vstrong.info
  5. Run the following command to move FSMO roles over:
    Move-ADDirectoryServerOperationMasterRole -Identity cs-core-adc-02.vstrong.info -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

    PS C:\Windows\system32> Move-ADDirectoryServerOperationMasterRole -Identity cs-core-adc-02 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster
    Move Operation Master Role
    Do you want to move role 'SchemaMaster' to server 'cs-core-adc-02.vstrong.info' ?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A

    Type A for all.

  6. Type netdom query fsmo again to get a list of the FSMO roles and their current owners;
    PS C:\Windows\system32> netdom query fsmo
    Schema master               cs-core-adc-02.vstrong.info
    Domain naming master        cs-core-adc-02.vstrong.info
    PDC                         cs-core-adc-02.vstrong.info
    RID pool manager            cs-core-adc-02.vstrong.info
    Infrastructure master       cs-core-adc-02.vstrong.info
    The command completed successfully.
  7. You may get ‘Access is denied’ error message as below. Please make sure you ARE a member of Enterprise Admins. Also, you may also need to change your Primary Group to Enterprise Admins. You will need to log off and log back in again.
    Move-ADDirectoryServerOperationMasterRole : Access is denied
    At line:1 char:1
    + Move-ADDirectoryServerOperationMasterRole -Identity cs-core-adc-02 -O ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (cs-core-adc-02:ADDirectoryServer) [Move-ADDirector...ationMasterRole], AD
    Exception
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.MoveADDirectoryServerOperationMasterRole

I hope you find this helpful. As always, Like, Subscribe and Share! :)

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>