Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Baskets

Article Number: 000193715

How to Transfer or Seize Active Directory FSMO Roles with PowerShell

Summary: This article shows how to transfer or seize Flexible Single Mstr Operations (FSMO) roles using the Move-ADDirectoryServerOperationMasterRole PowerShell command.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

There are several ways to move FSMO roles between Active Directory domain controllers, the graphical AD consoles, the ntdsutil command, and PowerShell. When transferring or seizing multiple roles at a time, PowerShell is likely the fastest and simplest method.

The Move-ADDirectoryServerMstrOperationRole This hyperlink is taking you to a website outside of Dell Technologies. cmdlet is used to transfer or seize FSMO roles. It can be run directly on a DC, or on a domain-joined server or workstation with the ActiveDirectory PowerShell module installed. There are two critical parameters that must be supplied to this command, Identity and OperationMasterRole.

The Identity parameter specifies the destination DC - that is, the DC to which the role or roles are being moved. (It is unnecessary to specify the source DC, since role-holder information is stored within AD.) This is typically the hostname of the destination DC but can also be a fully-qualified domain name, distinguished name, or GUID.

The OperationMasterRole parameter specifies which role or roles are being moved. Possible values of this parameter are PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, and DomainNamingMaster, but there are also numeric shortcuts for each of these:
 
0: PDCEmulator
1: RIDMaster
2: InfrastructureMaster
3: SchemaMaster
4: DomainNamingMaster

This is where the speed and efficiency of PowerShell becomes apparent. To transfer all five FSMO roles to a DC named NewDC, run this cmdlet: 
Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4
PowerShell prompts for confirmation of each role by default, but there is a Yes to All option.

To seize FSMO roles, which should only be done if the existing role holder is permanently offline, add the -Force parameter to the cmdlet. Using the example above, if all five roles were held by a DC which was permanently offline, they could all be seized on NewDC like so: 
Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4 -Force
As you can see, the only difference between this and the previous command is the -Force parameter. You are prompted for each role, as above. Role seizure takes longer to complete than role transfer, because a normal transfer of any roles is attempted before the roles are seized. Assuming the role holder does not respond, a timeout period must expire before the seizure occurs. For this reason, seizing all five roles in this manner takes several minutes.

This video demonstrates the process:

Transfer and Seize FSMO Roles in PowerShell

Duration: 06:02
Closed captions are available in multiple languages. Use the CC icon to change the closed caption language.

Article Properties

Affected Product

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2

Last Published Date

28 Mar 2024

Version

7

Article Type

How To

Back to Top