Wednesday 12 June 2013

Seize FSMO roles in Server 2012

One of the beautiful things of a test lab is getting to try things you might not get chance to do in a production environment.  So when my main Domain Controller went pop the other day, rather than work on bringing it back online I saw a good chance to test seizing the FSMO roles with PowerShell.

Previously the main way to seize the roles was using the Ntdsutil in Server 2003 & 2008.

Since PowerShell is now my weapon of choice I thought it would be useful to quickly document the method.

Move-ADDirectoryServerOperationMasterRole is the command that is used for this task.  More information on the command can be found here:
http://technet.microsoft.com/en-us/library/ee617229.aspx

You can use either the Role Name or Number to specify which role to move, this table shows the details:

Operation Master Role Name
Number
PDCEmulator
0
RIDMaster
1
InfrastructureMaster
2
SchemaMaster
3
DomainNamingMaster
4
 
 
Use the -Identity switch to specify the target Domain Controller and the –OperationMasterRole to specify which role to transfer. I've also used the -Force command as my current FSMO holder is offline.
 
I'll be moving all the roles to a target DC called TLDC02.
N.B. To move the SchemaMaster role you'll need to be a member of the Schema Admins group.  My account was also a member of Enterprise Admins when I ran this.
  1. Logon to a working Domain Controller and launch an elevated PowerShell session.
  2. Type: Move-ADDirectoryServerOperationMasterRole -Identity TLDC02 -OperationMasterRole 0,1,2,3,4 -Force


  3. Either type Y on each role move prompt, or type A to accept all prompts
  4. After a while, all the roles should be successfully moved.
Last thing, a couple of PowerShell command just to list the FSMO roles and who now owns them:

Get-ADForest DomainName | FT SchemaMaster,DomainNamingMaster
Get-ADDomain DomainName | FT PDCEmulator,RIDMaster,InfrastructureMaster


One thing to note, only seize the roles if you have no intention of bringing the original holding Domain Controller back online.  Domains don't tend to like having two FSMO role holders...

8 comments:

Josh said...

Thanks man, helped me out a lot.

Monika Gupta said...

Nice Post, thank you very much for sharing.

Anonymous said...

Exactly what I needed and to the point!

Thank you Sir!

Anonymous said...

You shared very useful post. Thanks for sharing.

Data recovery services in chennai

Anonymous said...

Good article. Love the simplicity of doing this through powershell vs gui. Thank you

Koteshi said...

You just saved my afternoon. Thank you.

Anonymous said...

This saved me big time. Thanks a lot and God bless you abundantly.

for ict 99 said...

Great Article
Final Year Project Domains for CSE

JavaScript Training in Chennai