Moving FSMO roles in PowerShell v6.1.1

With the Windows Server 2019 media now being available again it’s time to move my test lab over to the new version. I’d built a Windows Server 2019 VM and installed PowerShell v6.1.1. I discovered that in Server 2019 and the Windows 10 October 2018 update that the AD module worked in PowerShell v6.1.1. I decided to try moving FSMO roles in PowerShell v6.1.1 as I updated the domain and removed the old Server 2016 domain controller.

The usual schema update went smoothly – updated the schema version to 88 from 87. Installing AD domain services and DNS on the new DC worked. Promoting the Windows 2019 system to be a DC worked with no problems.

Time to move the FSMO roles. They would move automatically when the old DC was removed but its always better to control the action.

Import-Module ActiveDirectory

will load the AD module into PowerShell v6.1.1.

There are 5 FSMO roles – 2 at the forest level

PS>  Get-ADForest | Format-List Name, *master

Name               : Manticore.org

DomainNamingMaster : W16DC01.Manticore.org

SchemaMaster       : W16DC01.Manticore.org

And 3 at the domain level – I only have a single domain to worry about.

PS>  Get-ADDomain | Format-List *master, PDC*

InfrastructureMaster : W16DC01.Manticore.org

RIDMaster            : W16DC01.Manticore.org

PDCEmulator          : W16DC01.Manticore.org

The forest level FSMO roles moved:

PS>  Move-ADDirectoryServerOperationMasterRole -Identity W19DC01  -OperationMasterRole DomainNamingMaster -Confirm:$false

PS>  Move-ADDirectoryServerOperationMasterRole -Identity W19DC01  -OperationMasterRole SchemaMaster -Confirm:$false

PS>  Get-ADForest | Format-List Name, *master

Name               : Manticore.org

DomainNamingMaster : W19DC01.Manticore.org

SchemaMaster       : W19DC01.Manticore.org

For the domain level FSMO roles I decided to get ambitious

PS>  Move-ADDirectoryServerOperationMasterRole -Identity W19DC01  -OperationMasterRole RIDMaster, InfrastructureMaster, PDCEmulator -Confirm:$false

PS>  Get-ADDomain | Format-List *master, PDC*

InfrastructureMaster : W19DC01.Manticore.org

RIDMaster            : W19DC01.Manticore.org

PDCEmulator          : W19DC01.Manticore.org

Moving FSMO roles in PowerShell v6.1.1 was successful

This entry was posted in PowerShell and Active Directory, PowerShell v6. Bookmark the permalink.

2 Responses to Moving FSMO roles in PowerShell v6.1.1

  1. cantoris says:

    Does this use the new WindowsCompatibility module under the hood, since presumably the AD-specific .NET namespace is not in cross-platform Core? Interested to know how this works.

    • No. In the case of Windows 10 October 2018 upgrade OR Windows server 2019 OR Windows Server 1809 you don’t need the Windows Compatibility module to run the AD module cmdlets in PowerShell v6.1.1. You can import and run them directly.

      Older versions of Windows you do need the Windows Compatibility module to run the AD cmdlets.

      If you compare the module versions you’ll see the version number has been bumped up on the latest versions.

      Do note the problem I had with the protection from accidental deletion attribute that I had problems with. I think this is related to ACL handling in PowerShell core as the setting isn’t really an attribute its an ACL setting in AD.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s