Moving FSMO Roles

One of the advantages of moving Active Directory from Windows Server 2003 to Windows Server 2012 R2 is that you get to take advantage of all the new Windows PowerShell cmdlets. Many found finding or moving a Flexible Single Operations Master (FSMO) roles in Windows Server 2003 using the command line to be an exercise in frustration. Luckily from Server 2008 R2 onward it’s really straightforward.

You can use the Get-ADForest, Get-ADDomain, and Move-ADDirectoryServerOperationMasterRole cmdlets from your newly promoted Windows Server 2012 R2 domain controller. It’s important to note that you won’t be able to run them from your Windows Server 2003 domain controller.

You can use these cmdlets in the following way. To find which server is currently hosting each of the roles, use the following commands:

Get-ADForest windowsitpro.ocm | FT SchemaMaster

Get-ADForest windowsitpro.com | FT DomainNamingMaster

Get-ADDomain windowsitpro.com | FT PDCEmulator

Get-ADDomain windowsitpro.com | FT InfrastructureMaster

Get-ADDomain tailspintoys.com | FT RIDMaster

You can use the Move-ADDirectoryServerOperationMasterRole cmdlet to move these roles. For example, to move the Schema Master role to a server named SYDNEY-DC2, issue the following command using an account that has Enterprise Admins and Domain Admins privileges:

Move-ADDirectoryServerOperationMasterRole –Identity SYDNEY-DC2 –OperationMasterRole SchemaMaster

In the event that the server that hosts the Schema Master (or another FSMO role) is offline, you can use the –Force parameter to force the move.

When moving FSMO roles, you should start by moving all the roles in the root domain of a forest from Server 2003 to Server 2012 R2 hosts before moving roles in the forest’s child domains. Remember that the Schema Master and Domain Naming Master roles are “Forest” roles, and PDC Emulator, Infrastructure Master, and RID Master roles exist for each domain.