Windows Server 2016-powershell Migrating FSMO roles

In the previous section we talked about FSMO role migration through the Ntdsutil command line, and we'll discuss the FSMO role placement recommendations before we begin this chapter:

• It is recommended to place the schema master role (schema master) and the domain naming master role (realm naming master) on a GC (global catalog) server in the forest root domain;

• It is recommended that you place the schema master roles (schema master) and the domain naming master role (realm naming master) on the first domain controller;

• The domain controller for the default domain naming master role must also be a GC (global catalog) server;

• It is not recommended to place infrastructure master and GC on the same domain controller;

• It is generally not recommended to place the PDC Emulator, RID master, and infrastructure master on the GC server;

In many cases, however, the Administrator's general approach to single-domain forests is that the infrastructure master can be deployed on any domain controller in the domain, regardless of whether the domain controller hosts the global catalog, and for a multidomain forest, if no domain controller hosts the global catalog in the specified domain in the multidomain forest. The infrastructure master must be deployed on a domain controller that does not host the global catalog.

In this chapter we will describe the method of FSMO role migration via PowerShell (remember to run PowerShell as an administrator, and if you do not have Execute permissions, remember to set-executionpolicy unrestricted to adjust execution permissions), I hope you can help us with the following things.

1. View current FSMO role information:

View forest-scoped operations master role: Get-adforest azureyun.local |ft schemamaster,domainnamingmaster View domain-scoped operations master role: Get-addomain azureyun.local |ft Infrastructuremaster,pdcemulator,ridmaster

2. Perform the domain naming master role (naming master), RID master role (RID master), and the Infrastructure master role (Infrastructure Master) migration, and follow the prompts to enter the confirmation:

Move-addirectoryserveroperationmasterrole-identity Bdc-operationmasterrole Domainnamingmaster, Infrastructuremaster,ridmaster-force

3. View the forest-scoped operations master role through PowerShell separately to confirm the success of the migration operation:

Get-adforest azureyun.local |ft schemamaster,domainnamingmasterget-addomain azureyun.local |ft InfrastructureMaster, Pdcemulator,ridmaster

4. Perform a migration of the schema master role (schema master), PDC emulation master role (PDC Emulator) role, and enter confirm as prompted:

Move-addirectoryserveroperationmasterrole-identity Bdc-operationmasterrole Schemamaster,pdcemulator-force

5. At this point we see the forest-wide and domain-wide operations master roles through PowerShell, and the migration has been successful:

Get-adforest azureyun.local |ft schemamaster,domainnamingmasterget-addomain azureyun.local |ft InfrastructureMaster, Pdcemulator,ridmaster

The attached operation example diagram is as follows:

Quick-action process included:

A. View the current domain controller name and confirm the current forest-wide and domain-scoped operations master role information:

B, perform a powershell command for one-time migration of five roles:

move-addirectoryserveroperationmasterrole -identity major -operationmasterrole  Schemamaster,domainnamingmaster,pdcemulator,infrastructuremaster,ridmaster -force Mobile Operations master role you want to use the role " Schemamaster "Move to Server" Major.azureyun.local "? [y]  Yes (Y)  [A]  all Yes (A)  [N]  No (N)  [L]  No (L)  [S]  suspend (S)  [?   Help   (default = "Y"): Mobile operations master role do you want to move the role "Domainnamingmaster" to the server "Major.azureyun.local"? [y]  Yes (Y)  [A]  all Yes (A)  [N]  No (N)  [L]  No (L)  [S]  suspend (S)  [?   Help   (default = "Y"): Mobile operations master role do you want to move the role "Pdcemulator" to the server "Major.azureyun.local"? [y]  Yes (y)  [a]   All Is (A)  [N]  No (N)  [L]  No (L)  [S]  suspend (S)  [?]   Help   (default = "Y"): Mobile operations master role do you want to move the role "Infrastructuremaster" to the server "Major.azureyun.local"?? [y]  Yes (y)  [A]  All Is (A)  [N]  No (N)  [L]  No (L)  [S]  suspend (S)  [?]   Help   (default = "Y"): Mobile operations master role do you want to move the role "Ridmaster" to the server "Major.azureyun.local"? &nbSp [y]  Yes (Y)  [A]  all Yes (A)  [N]  No (N)  [L]  No (L)  [S]  suspend (S)  [?   Help   (default = "Y"):P s c:\>

C. Review the current FSMO role information and discover that the migration was successful.

PS c:\> get-adforest azureyun.local |ft schemamaster,domainnamingmasterschemamaster Domainnamingmaster------------------------------Major.azureyun.local Major.azureyun.localPS c:\> get-addomain Azureyun.local |ft Infrastructuremaster,pdcemulator,ridmasterinfrastructuremaster Pdcemulator Ridmaster----------------------------------------Major.azureyun.local Major.azureyun.local Major.azureyun.local

By using the three methods of graphical, Ntdsutil command line and PowerShell commands for FSMO role migration, we find it easier and faster to migrate through PowerShell, hopefully helping you.

Windows Server 2016-powershell Migrating FSMO roles