Powershell also allows you to easily transfer or seize FSMO roles in an Windows Active Directory. It is now the preferred method and is far more efficient than using the GUI or ntdsutil.
The cmdlet to use is Move-ADDirectoryServerOperationMasterRole and can be used to instantly transfer one, several or all FSMO roles to the designated domain controller.
To transfer all FSMO roles to a DC called NewDC:
Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole PDCEmulator,RIDMaster, InfrastructureMaster,SchemaMaster,DomainNamingMaster
Note that you can also use numeric values for the FSMO roles to be transferred:
| 0 | PDCEmulator |
| 1 | RIDMaster |
| 2 | InfrastructureMaster |
| 3 | SchemaMaster |
| 4 | DomainNamingMaster |
So the cmdlet above could be abbreviated to:
Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4
If the old DC carrying the roles is no longer available, you can seize the FSMO roles by using the -Force.
Move-ADDirectoryServerOperationMasterRole -Identity NewDC -OperationMasterRole 0,1,2,3,4 -Force
Note that a regular transfer will always be attempted before seizing a role. Seizing FSMO roles should only be done as a last resort, and only if the broken DC will never be online again.
