I have been testing Windows 2008 and have a test domain with 2 domain controllers. The first DC is built as Server Core and holds all of the FSMO roles because it was the first DC. Building a new forest on a Server Core DC is easy once you have the answer file documentation! The second DC is conventional GUI type Windows 2008.
I decided I wanted to move the FSMO roles to the GUI based DC and because I hadn’t done it before decided to use PowerShell. This where things begin to get interesting. I came up with the following code
## get the domain controller object
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$dc = $dom.FindDomainController()
## transfer the roles
$dc.TransferRoleOwnership([System.DirectoryServices.ActiveDirectory.ActiveDirectoryRole]::InfrastructureRole)
$dc.TransferRoleOwnership([System.DirectoryServices.ActiveDirectory.ActiveDirectoryRole]::RidRole)
$dc.TransferRoleOwnership([System.DirectoryServices.ActiveDirectory.ActiveDirectoryRole]::PdcRole)
$dc.TransferRoleOwnership([System.DirectoryServices.ActiveDirectory.ActiveDirectoryRole]::NamingRole)
$dc.TransferRoleOwnership([System.DirectoryServices.ActiveDirectory.ActiveDirectoryRole]::SchemaRole)
The first 2 transfers – RID and Infrastructure Master transfer perfectly. The PDC emulator fails, as does schema and naming master transfers with the "Server is unwilling to process the request error"
I have tried this from a DC and a workstation and get the same error. It is definitely not a permissions issue because I can transfer the roles using the GUI.
Any comment and help gratefully received
Hi Richard,
Have a look at this link: http://www.leadfollowmove.com/archives/powershell/transferring-fsmo-roles-in-active-directory-with-powershell
Regards,
Austin
see
http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!832.entry