Quickly moving FSMO around Domain Controllers with Powershell AD Cmdlets


Of course, Microsoft provides us with a cmdlet to move FSMO roles between Domain Controllers… But as often, this doesn’t seem to be designed by people who use it.

First, the name of the cmdlet is lengthy: Move-ADDirectoryServerOperationMasterRole
Second, you must indicate every FSMO role you want to move amongst the following values: PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster or DomainNamingMaster.
Of course the wording is slightly different (again) between this cmdlet and the ntdsutil you may have used in Windows 2003 or in Windows 2008 before powershelling everything,

Fortunately the documentation tells us that we can use numbers from 0 to 4 instead of the name. But there is a little nice trick to notice instead of trying to remember which role maps to which number. The FSMO roles for a domain are at the beginning of the sequence, whereas the forest FSMO roles are 3 and 4.
Therefore in a forest where you have top and child domains, you may just to use:

<pre class="lang:ps decode:true " title="Move Domain FSMO Only">Move-ADDirectoryServerOperationMasterRole MyTargetDC (0..2)

for domain-limited move

<pre class="lang:ps decode:true " title="Move ForestFSMO">Move-ADDirectoryServerOperationMasterRole MyTargetDC (0..4)

for forest-wide move.

You may also notice the parenthesis set to create an array from a range