In the previous blog post, we covered the creation of our 2008R2 Domain controller.
Now in this post, I will cover the principles of moving the Active Directory FSMO Roles from our Windows 2008R2 Enterprise server to our new shiny Windows Server 2019 Standard Server. – For more information visit the docs.microsoft.com site.
Pre-Requisites
1x Current Domain Controller (Windows Server 2008R2 Enterprise)
1x Staging Secondary Domain Controller
Step One: Query FSMO Roles on Current 2008R2 Enterprise Server
From the Legacy 2008R2 Server, Open an Administrative Command Prompt Session
netdom query fsmo
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-126.png)
Next, we need to go to the Microsoft Download site and download the PowerShell 3.0 Update to be able to take advantage of the PowerShell Command we need later on.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-127.png)
Click ‘Yes’.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-128.png)
Click ‘I Accept’.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-129.png)
Windows Update Installation takes place.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-130.png)
Install Completed, Reboot the server.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-131.png)
to check the version of PowerShell we can use the following command:
$PSVersionTable
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-132.png)
Next, we will need to import the Active Directory Powershell Module into the PowerShell Session.
Import-Module -Name 'ActiceDirectory'
To Check where the current FSMO roles reside in the forest we can use the following command:
Get-ADForest -Server 'ad.hypervlab.co.uk' | fl DomainNamingMaster, SchemaMaster
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-133.png)
To check the current FSMO roles reside in the domain we can use this command:
Get-ADDomain -Server 'ad.hypervlab.co.uk' | fl InfrastructureMaster, PDCEmulator, RIDMaster
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-134.png)
to move the FSMO Roles to the new Windows Server 2019 VM the command we will use is: Move-ADDirectoryServerOpertaionMasterRole.
The PowerShell Command ranks the FSMO roles in the following order:
PDCEmulator or 0
RIDMaster or 1
InfrastructureMaster or 2
SchemaMaster or 3
DomainNamingMaster or 4
If you wanted to move only a single FSMO role you would use this command:
Move-ADDirectoryServerOperationMasterRole 'HYPERVLAB-SVR02' -OperationMasterRole 'PDCEmulator'
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-135-1024x113.png)
If you wanted to move all the FSMO Roles at one to the new server use this command:
Move-ADDirectoryServerOperationMasterRole 'HYPERVLAB-SVR02' -OperationMasterRole 'PDCEmulator', 'RIDMaster', 'InfrastructureMaster', 'SchemaMaster', 'DomainNamingMaster'
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-136-1024x351.png)
Checking the FSMO Roles have moved, From the 2008R2 Legacy Domain Controller we can run the netdom query command:
netdom query fsmo
From the graphic below you can see that all FSMO roles have now been moved to HYPERVLAB-SVR02 which is the new domain controller for the ad.hypervlab.co.uk domain.
![](https://hypervlab.co.uk/wp-content/uploads/2019/08/image-137-1024x161.png)
So this wraps up this post, in the next, I will cover the decommissioning of the 2008R2 Enterprise Domain Controller and performing a domain cleanup.