Over the long weekend we worked on two projects:
- Upgrade the Hyper-V hosts on the cluster at the data center
- Finish prepping a new Hyper-V host and Domain Controller for a new branch office with a new subnet
Since the cluster at the data center holds all of the Active Directory FSMO roles we needed to transfer the roles to an alternate location on the MPLS network so that project 1 didn’t slow down or stop project 2.
PowerShell to the rescue!
WHICH SERVER HOLDS THE FSMO ROLES?
Open PowerShell as an Administrator and type:
netdom query fsmo
You’ll see each of the 5 FSMO roles and which domain controller holds them.
The 5 FSMO roles are numbered 0-4:
0 – PDCEmulator
1 – RIDMaster
2 – InfrastructureMaster
3 – SchemaMaster
4 – DomainNamingMaster
Why do we care what those numbers are? Because we can move the FSMO roles very quickly and save a lot of typing.
For example, which PowerShell command is easier to type?
Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator
Or this one?
Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
Personally, if you’re moving all the roles at once to the same DC (like when doing some server maintenance) the 0,1,2,3,4 is easy.
Once you type in either of those commands you are prompted with several options for confirmation.
Y, A, N, L, S or ?
OPTIONS:
If you choose “Y” for Yes, PowerShell will prompt you to move each role,
then move to the next role, like this.
If you choose “N” for No, PowerShell will skip transferring that role.
If you choose “A” for All, PowerShell will try to transfer all 5 roles to Target-DC.
If the transfer of a FSMO role fails PowerShell will let you know loud and clear.
CONFIRMATION:
Unfortunately, if the transfer is successful you basically don’t get any confirmation of the role transfer.
You’ll need to run NETDOM QUERY FSMO to double-check who has the roles. 
Side note – Once nice thing about using PowerShell to transfer the FSMO roles is that you can script the transfer to run at a scheduled time (so you don’t forget to put the roles back where they should be later).
Also, I didn’t have to load the Active Directory PowerShell module – Windows Server 2012 does that for me automatically.
Is the command (Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4) run from the current FSMO holder or from the target?
Run it from the FSMO holder. Make sure the "Target-DC" is only the NetBIOS name, not the FQDN. (dc1 not dc1.mydomain.local)
Soooo easy! The last time I did this I was recovering the roles from a busted domain controller. This is much more to my liking!
Very good article and how to move one role
Wow that was too easy. I really need to learn PowerShell… Thanks for posting the directions. They were a great help.
just add on -Confirm:$false on the end if you hate pressing Y and enter all the time
Just for informations: It looked as it did not work for me because it needed several minutes (!) to perform it.
Great article. If you wanted to use PowerShell exclusively, this cmdlet will replace the NETDOM command (I'm not saying its better, just an alternative)
Get-ADDomainController -Filter { OperationMasterRoles -ne ""} | Select HostName, OperationMasterRoles | Format-Table -AutoSize
Good point, Chad.
Nice done! 🙂
Thank you
Daniel
I came here to find the FSMO query command, glad I found the command to transfer rolls as well!
Glad to have!
I am new to power shell but your document made everything very easy. Thanks!
Glad to hear it, Thomas.
Very nice summary and example of how to move the FSMO roles. The best one I've seen so far. Thank you!
Thanks Ed!
Works great, just some extra info: if your current RID is down or not recoverable anymore, just add -Force at the end of this command in powershell and it still does the trick.
The other way to check the successful transfer is to look for Event 1458 in the Directory Service log on the target DC.
Each of the FSMO roles that were moved should log its own 1458 event.
will this command work transferring the FSMO roles from sbs 2003
What is the minimum version of power shell required?