Created: 12/12/19

I’m a very strong supporter of properly placing FSMO roles on a 2 to 3 servers depending upon network designs.

But I’ve always done this the old fashion way but recently ran into an issues where the Schema master bugged out in Server 2019 and found that the Powershell manner of doing stuff way way easier. In the past I’ve covered how you should place FSMO roles, here.

One thing I’d add to that article is the placement of the Infrastructure Master on a solo DC all to itself without a Global Catalog installed with it. Why? – the Infra Master is the FSMO holder that updates the GC for all the domain controllers. Call me crazy but having the GC local to the same server that updates the GC seems like the old adverb of “you can’t call home if your already home”, so because of this, if the network allows I usually have 3 DC’s with the 3rd have AD,DNS, but with the FSMO Infra holder on the server without a local GC present.

It’s important to note that typically people are unaware of the 5 Operations Master Roles, and 3 of them are for the domain and 2 are for the forest, as discussed in the article linked above. If all 5 roles are on one DC and the server fails it can be a death sentence for your domain; do you want that?

Let get started:

Moving the PDC

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator

Moving the RID

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole RIDMaster

Moving the Infrastructure

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole InfrastructureMaster

Moving the Domain Naming

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole DomainNamingMaster

Moving the Schema

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole SchemaMaster

Moving the Domain FSMO Roles all to One Server

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster

Moving all of the Forest FSMO Roles to One Server

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole SchemaMaster,DomainNamingMaster

Forcing the transfer of FSMO role(s) in the event of a FSMO Holder failure

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster – Force

Specialized: Moving the Infrastructure FSMO Master to a DC and removing the Global Catalog.

Note: it’s important to ensure you have enough servers (2 or more) who do have GC’s on them to ensure replica’s are stored in multiple locations, but in large multi-domain forests, having the Infra roled DC having a GC can be a problem when issues when say partial replica’s become a problem when a DC dies and replication issues happen.

PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”

PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole InfrastructureMaster

PS C:\> repadmin.exe /options $TargetFSMOServer –IS_GC

I hope this helps someone as it’s recently my new way of doing this, and I can just copy and paste this from the blog, make one simple servername change and whalla!

Cheers!

-Trevor