How to Transfer or Seize Active Directory FSMO Roles with PowerShell (2024)

There are several ways to move FSMO roles between Active Directory domain controllers, the graphical AD consoles, the ntdsutil command, and PowerShell. When transferring or seizing multiple roles at a time, PowerShell is likely the fastest and simplest method.

The Move-ADDirectoryServerMstrOperationRole How to Transfer or Seize Active Directory FSMO Roles with PowerShell (1) cmdlet is used to transfer or seize FSMO roles. It can be run directly on a DC, or on a domain-joined server or workstation with the ActiveDirectory PowerShell module installed. There are two critical parameters that must be supplied to this command,Identity and OperationMasterRole.

The Identity parameter specifies the destination DC - that is, the DC to which the role or roles are being moved. (It isunnecessary to specify the source DC, since role-holder information is stored within AD.) This is typically the hostname of the destination DC but can also be a fully-qualified domain name, distinguished name, or GUID.

See Also
NtdsutilTransfer or seize Operation Master roles - Windows ServerClean up AD DS server metadataTransfer FSMO roles to another Domain Controller - Dimitris Tonias

The OperationMasterRole parameter specifies which role or roles are being moved. Possible values of this parameter arePDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, and DomainNamingMaster, but there are also numeric shortcuts for each of these:

0: PDCEmulator
1: RIDMaster
2: InfrastructureMaster
3: SchemaMaster
4: DomainNamingMaster

This is where the speed and efficiency of PowerShell becomes apparent. To transfer all five FSMO roles to a DC named NewDC, run this cmdlet:

See Also
Active Directory Flexible Single Master Operation (FSMO) roles in Windows - Windows Server

Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4

PowerShell prompts for confirmation of each role by default, but there is a Yes to All option.

To seize FSMO roles, which should only be done if the existing role holder is permanently offline,add the -Force parameter to the cmdlet. Using the example above, if all five roles were held by a DC which was permanently offline, they could all be seized on NewDC like so: 

Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4 -Force

As you can see, the only difference between this and the previous command is the -Force parameter. You are prompted for each role, as above. Role seizure takes longer to complete than role transfer, because a normal transfer of any roles is attempted before the roles are seized. Assuming the role holder does not respond, a timeout period must expire before the seizure occurs. For this reason, seizing all five roles in this manner takes several minutes.

This video demonstrates the process:

Transfer and Seize FSMO Roles in PowerShell

Duration: 06:02
Closed captions are available in multiple languages. Use the CC icon to change the closed caption language.

How to Transfer or Seize Active Directory FSMO Roles with PowerShell (2024)

FAQs

What is the PowerShell command to seize the FSMO role? ›

How to seize FSMO roles using PowerShell
  1. -Identity specifies the DC you want to assign the role or roles to.
  2. -OperationMasterRole specifies the role or roles you want to seize (specified by either the role name or the role number, as shown below)
  3. -Force indicates that the roles will be seized rather than transferred.
Dec 8, 2023

Tell Me More
What is the PowerShell command to transfer all FSMO roles? ›

One alternative to using the Microsoft consoles to transfer FSMO roles is to use the PowerShell cmdlet Move-ADDirectoryServerOperationMasterRole. You can run this cmdlet on either a domain-joined server or workstation that has the Active Directory PowerShell module installed, or directly on a DC.

See More
How to force transfer FSMO roles? ›

In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.

Tell Me More
What is the command for FSMO in PowerShell? ›

Use PowerShell to find FSMO roles

To find the FSMO roles in AD using PowerShell, you can use two commands: Get-AdDomain and Get-AdForest. These commands are necessary because some FSMO roles are at the forest level, while others are at the domain level.

Explore More
Top Articles
The ultimate guide to creating a digital marketing manager job description
What Is Lean Six Sigma?
Is money laundering a federal crime?
How do you defend money laundering?
Latest Posts
What is Project Manager? and Roles and Responsibilities
What Is Communicative English: The Communicative Approach | English School
Article information

Author: Edmund Hettinger DC

Last Updated:

Views: 6139

Rating: 4.8 / 5 (58 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Edmund Hettinger DC

Birthday: 1994-08-17

Address: 2033 Gerhold Pine, Port Jocelyn, VA 12101-5654

Phone: +8524399971620

Job: Central Manufacturing Supervisor

Hobby: Jogging, Metalworking, Tai chi, Shopping, Puzzles, Rock climbing, Crocheting

Introduction: My name is Edmund Hettinger DC, I am a adventurous, colorful, gifted, determined, precious, open, colorful person who loves writing and wants to share my knowledge and understanding with you.