Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

Transfer and Seize FSMO roles Using PowerShell

·314 words·2 mins· 100 views · 5 likes ·
Get-ADDomain Get-ADForest Microsoft Microsoft Windows

Today, in this post, I want to show you how to transfer or seize one or more flexible single master operations (FSMO) roles from one Domain Controller to another using PowerShell.

PowerShell Workaround>

PowerShell Workaround #

Requirements:

  • PowerShell version 3.0 or higher
  • PowerShell Active Directory module. To learn how to install this module, see this link.

You can view FSMO role owner (Domain Naming Master and Schema Master roles) using the Get-ADForest cmdlet with the following syntax:

Get-ADForest `
    | select SchemaMaster,DomainNamingMaster

get-adforest
To view FSMO roles (Infrastructure Master, PDC Emulator, and Relative Identifier Master roles), use the Get-ADDomain cmdlet with the following syntax:

Get-ADDomain `
    | select PDCEmulator,RIDMaster,InfrastructureMaster

get-addomain

Transferring roles>

Transferring roles #

The process of moving the FSMO role when both the original FSMO role holder and the future FSMO role holder are online and operational is called Transferring To transfer the FSMO roles between domain controllers, use the Move-ADDirectoryServerOperationMasterRole cmdlet with the following syntax:

Move-ADDirectoryServerOperationMasterRole `
    -Identity <Target-DC> `
    -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

If you prefer, instead of typing the names of the functions of the operations master, you can also specify the numbers. To specify multiple operation master roles, use a comma-separated list.

  • PDCEmulator or 0
  • RIDMaster or 1
  • InfrastructureMaster or 2
  • SchemaMaster or 3
  • DomainNamingMaster or 4
Move-ADDirectoryServerOperationMasterRole `
    -Identity <Target-DC> `
    -OperationMasterRole 0,1,2,3,4

Move-ADDirectoryServerOperationMasterRole

Seizing roles>

Seizing roles #

The process of moving the FSMO role from a non-operational role holder to a different DC is called Seizing. if you must seize one or more roles, use the Move-ADDirectoryServerOperationMasterRole -force cmdlet with the following syntax:

Move-ADDirectoryServerOperationMasterRole `
    -Identity <Target-DC> `
    -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator `
    -Force

or

Move-ADDirectoryServerOperationMasterRole `
    -Identity <Target-DC> `
    -OperationMasterRole 0,1,2,3,4 `
    -force

FSMO PowerShell
You can verify the tasks performed by running the Get-ADForest and Get-ADDomain cmdlets again.

Thanks for reading my post. I hope you find it helpful.

If you want to know more about FSMO roles, check out this link.