Created: 12/12/19
I’m a very strong supporter of properly placing FSMO roles on a 2 to 3 servers depending upon network designs.
But I’ve always done this the old fashion way but recently ran into an issues where the Schema master bugged out in Server 2019 and found that the Powershell manner of doing stuff way way easier. In the past I’ve covered how you should place FSMO roles, here.
One thing I’d add to that article is the placement of the Infrastructure Master on a solo DC all to itself without a Global Catalog installed with it. Why? – the Infra Master is the FSMO holder that updates the GC for all the domain controllers. Call me crazy but having the GC local to the same server that updates the GC seems like the old adverb of “you can’t call home if your already home”, so because of this, if the network allows I usually have 3 DC’s with the 3rd have AD,DNS, but with the FSMO Infra holder on the server without a local GC present.
It’s important to note that typically people are unaware of the 5 Operations Master Roles, and 3 of them are for the domain and 2 are for the forest, as discussed in the article linked above. If all 5 roles are on one DC and the server fails it can be a death sentence for your domain; do you want that?
Let get started:
Moving the PDC
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator
Moving the RID
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole RIDMaster
Moving the Infrastructure
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole InfrastructureMaster
Moving the Domain Naming
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole DomainNamingMaster
Moving the Schema
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole SchemaMaster
Moving the Domain FSMO Roles all to One Server
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster
Moving all of the Forest FSMO Roles to One Server
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole SchemaMaster,DomainNamingMaster
Forcing the transfer of FSMO role(s) in the event of a FSMO Holder failure
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster – Force
Specialized: Moving the Infrastructure FSMO Master to a DC and removing the Global Catalog.
Note: it’s important to ensure you have enough servers (2 or more) who do have GC’s on them to ensure replica’s are stored in multiple locations, but in large multi-domain forests, having the Infra roled DC having a GC can be a problem when issues when say partial replica’s become a problem when a DC dies and replication issues happen.
PS C:\> $TargetFSMOServer = Get-ADDomainController -Identity “targetservername.FQDN.[local/.com/etc]”
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $TargetFSMOServer -OperationMasterRole InfrastructureMaster
PS C:\> repadmin.exe /options $TargetFSMOServer –IS_GC
I hope this helps someone as it’s recently my new way of doing this, and I can just copy and paste this from the blog, make one simple servername change and whalla!
Cheers!
-Trevor