Now Windows Server 2016 has been out for a few months I have decided to update my lab Domain to 2016 forest functional level. But first I need to migrate the FSMO (Flexible Single Master Operation) Roles to my new Windows Server 2016 Domain Controllers.
In this Step by Step Guide, I am going to try and explain how to move the FSMO Roles and share some practices I like to follow when doing so.
At least one Domain Controller running Server 2016
Finding who has the FSMO Roles
This is the easy bit!
1. Open PowerShell with elevated credentials
|netdom query fsmo|
3. Press Enter
Plan your FSMO Role Move
In most cases, you can keep all FSMO Roles on the same Domain Controller. I find that if I have two Domain Controllers in one site where all my users are based, and both Domain Controllers are Global Catalogues, then everything will work fine with all 5 FSMO Roles running on one DC.
When you have multiple sites where users are based. I always please the Primary Domain Controller FSMO Role on the Domain Controller that is going to be used most by the users. This may not be Best Practice, but it’s what I like to do.
One thing we must remember is if one of our Domain controllers does not host a Global Catalogue, then the Infrastructure Master FSMO Role Must be installed on it. If you have more than one Domain Controller without a Global Catalogue, then you can choose which server (out of the ones not hosting a Global Catalogue) to host your Infrastructure Master FSMO Role on.
Moving The FSMO Roles
In my Lab, I only have two domain controllers, one Windows Server 2012 r2 and one Windows Server 2016. So I will be moving all the FSMO Roles from my Windows Server 2012 r2 Domain Controller to my Windows Server 2016 Domain Controller.
1. On the Windows Server 2016 Domain Controller open PowerShell with elevated credentials
|Move-ADDirectoryServerOperationMasterRole -Identity PIXEL-DC03 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster|
3. Press Enter
4. Type Y per line or A for all.
To confirm that the Roles have been moved use the following command
|Netdom query fsmo|
You should see all FSMO Roles now site on PIXEL-DC03
You can always use the above command to move the roles to different servers. Just pick which server you want to move a role to and pick what role you want to move.
So, for example, you can move the Infrastructure Master Role to PIXEL-DC04 (if I had one) by using the following command
Move-ADDirectoryServerOperationMasterRole -Identity PIXEL-DC04 -OperationMasterRole InfrastructureMaster
Hope this has helped someone, any feedback please leave a comment.