Applies to: Windows Server 2012, 2016, 2019, 2022
Managing FSMO (Flexible Single Master Operation) roles in a Windows domain can be crucial for keeping Active Directory functioning smoothly. There are five FSMO roles, including the Primary Domain Controller (PDC) Emulator role, which is responsible for various critical tasks like time synchronization. In this guide, I’ll show you how to find the current PDC server and transfer all FSMO roles to another server using PowerShell.
Overview of FSMO Roles
FSMO roles are divided into two categories: Forest-level roles and Domain-level roles.
- Forest-level roles:
- Schema Master: Controls changes to the Active Directory schema.
- Domain Naming Master: Handles changes to the forest’s namespace, such as adding or removing domains.
- Domain-level roles:
- PDC Emulator: Acts as a primary time source for the domain and processes password changes.
- RID Master: Allocates pools of unique IDs to other domain controllers to ensure unique object identifiers.
- Infrastructure Master: Keeps references between objects in different domains up to date.
Finding the Current PDC Server
To identify the server holding the PDC Emulator role, I used PowerShell. Here’s how:
Get-ADDomain|Select-Object PDCEmulatorThis command leverages the Get-ADDomain cmdlet from the Active Directory PowerShell module. If you haven’t installed this module yet, you’ll need to install RSAT (Remote Server Administration Tools) first. For Windows 10 and later, RSAT can be installed like this:
Add-WindowsFeature-Name RSAT-AD-PowerShellRunning Get-ADDomain will return the PDCEmulator property, which tells us the server currently holding the PDC role.
Transferring All FSMO Roles Using PowerShell
To transfer all FSMO roles, I used the Move-ADDirectoryServerOperationMasterRole cmdlet. Below is a breakdown of the steps:
- Identify the Target Server: Make sure the server you want to move the FSMO roles to is up, running, and in good health.
- Use PowerShell to Transfer Roles:
$targetServer="TargetServerName" Move-ADDirectoryServerOperationMasterRole-Identity $targetServer-OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMasterReplace "TargetServerName" with the name of the server you want the roles to move to.
To skip the confirmation prompt, you can add -Confirm:$false.
Verifying the FSMO Role Transfer
After transferring, I verified the new location of each role with:
Get-ADForest|Select-Object SchemaMaster, DomainNamingMaster Get-ADDomain|Select-Object PDCEmulator, RIDMaster, InfrastructureMasterThis command confirmed that all roles had successfully transferred to the new server.
Important Considerations
- To move FSMO roles, you need Domain Admin or Enterprise Admin rights.
- The cmdlets require the Active Directory PowerShell module to be installed.
Official References
For more details, I’ve used the official Microsoft documentation, which is quite helpful:
- Get-ADDomain Documentation: Details on the
Get-ADDomaincmdlet. - Move-ADDirectoryServerOperationMasterRole Documentation: Information on using the PowerShell command to move FSMO roles.
- FSMO Role Descriptions: Comprehensive description of each FSMO role.
Conclusion
Using PowerShell to manage and transfer FSMO roles simplifies the management of an Active Directory domain by automating what could otherwise be a manual and time-consuming process. This guide walks you through locating the PDC server and using PowerShell to move all FSMO roles to a new server.