How to: Move all Active Directory Roles (FSMO) from one server to another in Windows Server 2016
How to: Move all Active Directory Roles (FSMO) from one server to another in Windows Server 2016
Thankfully over time Microsoft has made it easy to move the Active Directory Roles (currently 5) from one server to another. Back in the day, most of them used to be “hidden” all over the place but now we observe that they are getting grouped together and the change can easily be made via the UI. For example, your Active Directory Users and Machines GUI allows you to easily move 3 of the 5 roles. Back in the day you needed to register some weird Dll and open a mysterious snap-in for the Management Console… but those days are over. Today though I am going to focus on how we can move all 5 roles from within Powershell. This is important as with just one simple but powerful command, we can achieve the transfer of all the roles without having to go to different places to do it.
Step 1: Identify the current master(s):
This can be easily achieved using the netdom query fsmo command, it will return something like this:
PS C:\Windows\system32> netdom query fsmo
Schema master DC-01.CloudIngenium.com
Domain naming master DC-01.CloudIngenium.com
PDC DC-01.CloudIngenium.com
RID pool manager DC-01.CloudIngenium.com
Infrastructure master DC-01.CloudIngenium.com
The command completed successfully.
Step 2: Move the roles to another server:
This is done using the following command: Move-ADDirectoryServerOperationMasterRole -Identity DC-02 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster
As you can observe from the command, you are specifying the five Operation Master Roles you wish to transfer over to the DC-02.Cloudingenium.com server. You could, however, specify only one or more roles. This allows you to spread the roles around as you best see fit. The command will then ask you to confirm if you wish to move each of the roles to the server. You can chose between Yes, Yes to All, No, No to All, Suspend and Help.
Step 3: Validate the Move
Run again the netdom query fsmo to make sure the change happened correctly. Keep in mind the replication of the roles could take some time.
Love
Can we use Let's Encrypt, the free and open certificate authority?
Hola! gracias por la info, me sirvió el comando sacandole el nombre del server. En mi caso, fue una migración…
Yes 3rd option helped me too. I removed the WC key Values from config file then started working.
I know this is from 2014. But really, thank you!