{"id":303,"date":"2019-03-09T15:25:04","date_gmt":"2019-03-09T20:25:04","guid":{"rendered":"http:\/\/itblog.ldlnet.net\/?p=303"},"modified":"2019-03-09T15:25:04","modified_gmt":"2019-03-09T20:25:04","slug":"how-to-transfer-fsmo-roles-using-powershell","status":"publish","type":"post","link":"https:\/\/itblog.ldlnet.net\/index.php\/2019\/03\/09\/how-to-transfer-fsmo-roles-using-powershell\/","title":{"rendered":"How to transfer FSMO Roles using PowerShell"},"content":{"rendered":"\n<p>A rare weekend post for me! HA! I am currently migrating my server environment from VMWare 6.7 to Server 2019 Hyper-V.  I have a separate standalone box that I use for my VM backups and as a tertiary DC. Since I had to shut down my VMs in order to convert them, I needed to quickly move my FSMO roles from the DC Virtual Machine to the Standalone box so things would stay running.<\/p>\n\n\n\n<p>I found this great article on how to do that quickly through PowerShell since it is a pain to go into ADUC, ADDT, and setup an MMC for the Schema snap-in.<br><\/p>\n\n\n\n<p>When you create a domain, all\u00a0FSMO roles\u00a0assigned to the first domain controller in the forest by default. You can transfer FSMO roles from one DC to another both the Active Directory graphics snap-ins and the PowerShell command line. Moving FSMO roles using AD PowerShell has the following benefits:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>You do not need to connect with a MMC snap-ins to the future role owner;<\/li><li>Transferring or seizing FSMO roles does not require a connection to the current or future role owner. You can run AD-PowerShell module cmdlets on a Windows Client or Server running RSAT Tools;<\/li><li>To seize the FSMO role (if the current owner is not available), it suffices to use an additional parameter\u00a0<em>-force<\/em>.<\/li><\/ul>\n\n\n\n<p>Import the Active Directory Module Into PowerShell:<\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Import the Active Directory Module\">Import-Module ActiveDirectory<\/pre>\n\n\n\n<p>To get the current forest level FSMO role owners (Domain Naming Master and Schema Master roles) you can use the following PowerShell cmdlet: <\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Forest Level FSMO Roles\">Get-ADForest ldlnet.net | ft DomainNamingMaster, SchemaMaster -a -wr<\/pre>\n\n\n\n<p>To view domain-wide FSMO roles (Infrastructure Master, PDC Emulator and Relative Identifier Master roles): <\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Domain Level FSMO Roles\">Get-ADDomain ldlnet.net | ft InfrastructureMaster, PDCEmulator, RIDMaster -a -wr<\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"632\" height=\"204\" src=\"http:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2019\/03\/PSFSMOOutput-1.png\" alt=\"\" class=\"wp-image-305\" srcset=\"https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2019\/03\/PSFSMOOutput-1.png 632w, https:\/\/itblog.ldlnet.net\/wp-content\/uploads\/2019\/03\/PSFSMOOutput-1-300x97.png 300w\" sizes=\"auto, (max-width: 632px) 100vw, 632px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Transfer FSMO Roles using PowerShell<\/h2>\n\n\n\n<p>To transfer FSMO roles between Active Directory domain controllers, we use the PowerShell cmdlet:<br><strong>Move-ADDirectoryServerOperationMasterRole<\/strong><\/p>\n\n\n\n<p>To use the\u00a0<em>Move-ADDirectoryServerOperationMasterRole<\/em>\u00a0cmdlet, you must meet the following requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>There must be at least one DC with a version of Windows Server 2008 R2 or higher<\/li><li>PowerShell version 3.0 or newer<\/li><li>Active Directory module (2.0\u00a0 or newer)<\/li><\/ul>\n\n\n\n<p class=\"has-small-font-size\"><strong>NOTE:<\/strong> Unlike the <em>Ntdsutil.exe<\/em>\u00a0utility, the\u00a0<em>Move-ADDirectoryServerOperationMasteRole<\/em>\u00a0cmdlet can be performed from any domain computer to migrate the Operations Master roles if you have the appropriate rights (<em>Domain admins and Enterprise Admins<\/em>).<\/p>\n\n\n\n<p>Import the AD Module:<\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Import the Active Directory Module\">Import-Module ActiveDirectory<\/pre>\n\n\n\n<p>I needed to move all the roles from one server to the other, so, I ran the following to do so:<\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Transfer All FSMO Roles\">Move-ADDirectoryServerOperationMasterRole -Identity \u201cservername\u201d \u2013OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster -Confirm:$False<\/pre>\n\n\n\n<p class=\"has-small-font-size\"><strong>NOTE:<\/strong> To simplify the command, you can replace the names of roles with numbers from 0 to 4. The correspondence of names and numbers is given in the table:<\/p>\n\n\n\n<table class=\"wp-block-table is-style-stripes\"><tbody><tr><td>PDCEmulator<\/td><td>0<\/td><\/tr><tr><td>RIDMaster<\/td><td>1<\/td><\/tr><tr><td>InfrastructureMaster<\/td><td>2<\/td><\/tr><tr><td>SchemaMaster<\/td><td>3<\/td><\/tr><tr><td>DomainNamingMaster<\/td><td>4<\/td><\/tr><\/tbody><\/table>\n\n\n\n<p>So, by having knowledge of these numbers, you can simplify your cmdlet:<\/p>\n\n\n<pre class=\"lang:PowerShell nums:False\" title=\"Transfer All FSMO Roles\">Move-ADDirectoryServerOperationMasterRole -Identity \u201cservername\u201d \u2013OperationMasterRole 0,1,2,3,4 -Confirm:$False<\/pre>\n\n\n\n<p class=\"has-small-font-size\"><strong>NOTE:  <\/strong>In the event that the current owner of one or all of the FSMO roles fails, the forced transfer of FSMO roles is performed by the same command, but with the <em><strong>-Force<\/strong><\/em> option. Also, after the FSMO roles have been seized, the domain controller from which the roles was seized should never be connected to the domain.  You will need to preform a metadata cleanup of the Schema before even thinking about putting that failed server back into production.<\/p>\n\n\n\n<p>Once completed, I ran the previous cmdlets of Get-ADForest and Get-ADDomain to verify that the FSMO roles moved to the destination server.<\/p>\n\n\n\n<p>As of now, my conversion to Hyper-V is going smoothly, although it takes quite a bit of time to convert the hard disks. Thanks again!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-align:center\">HAPPY TROUBLESHOOTING! KEEP SCRIPTING!<br>PLEASE COMMENT!<\/h3>\n\n\n\n<p class=\"has-small-font-size\"><strong>Reference:<\/strong><br><strong><em><a href=\"https:\/\/theitbros.com\/transfer-fsmo-roles-using-powershell\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"How To Transfer FSMO Roles Using PowerShell (opens in a new tab)\">How To Transfer FSMO Roles Using PowerShell<\/a><\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A rare weekend post for me! HA! I am currently migrating my server environment from VMWare 6.7 to Server 2019 Hyper-V. I<\/p>\n<p class=\"link-more\"><a class=\"myButt \" href=\"https:\/\/itblog.ldlnet.net\/index.php\/2019\/03\/09\/how-to-transfer-fsmo-roles-using-powershell\/\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":136,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,2,3,16],"tags":[41,15,137,134,139,8,138,135,136,13],"class_list":["post-303","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-general","category-powershell","category-windows","tag-active-directory","tag-cmdlet","tag-domain-naming","tag-fsmo","tag-infrastructure","tag-powershell","tag-rid","tag-roles","tag-schema","tag-script","odd"],"_links":{"self":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/comments?post=303"}],"version-history":[{"count":1,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/303\/revisions"}],"predecessor-version":[{"id":306,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/posts\/303\/revisions\/306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media\/136"}],"wp:attachment":[{"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/media?parent=303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/categories?post=303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itblog.ldlnet.net\/index.php\/wp-json\/wp\/v2\/tags?post=303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}