Quickly moving FSMO around Domain Controllers with Powershell AD Cmdlets


Of course, Microsoft provides us with a cmdlet to move FSMO roles between Domain Controllers… But as often, this doesn’t seem to be designed by people who use it.

First, the name of the cmdlet is lengthy: Move-ADDirectoryServerOperationMasterRole
Second, you must indicate every FSMO role you want to move amongst the following values: PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster or DomainNamingMaster.
Of course the wording is slightly different (again) between this cmdlet and the ntdsutil you may have used in Windows 2003 or in Windows 2008 before powershelling everything,

Fortunately the documentation tells us that we can use numbers from 0 to 4 instead of the name. But there is a little nice trick to notice instead of trying to remember which role maps to which number. The FSMO roles for a domain are at the beginning of the sequence, whereas the forest FSMO roles are 3 and 4.
Therefore in a forest where you have top and child domains, you may just to use:

for domain-limited move
or

for forest-wide move.

 

You may also noticeĀ  the parenthesis set to create an array from a range

Leave a comment

Your email address will not be published. Required fields are marked *