Sometimes you just want to move a single FSMO role
function move-afsmo { [CmdletBinding()] param([string]$server, [ValidateSet("schema", "domain", "rid", "infra", "pdc")] [string]$fsmo ) $dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $sid = ($dom.GetDirectoryEntry()).objectSid $dc = [ADSI]"LDAP://$server/rootDSE" switch ($fsmo.ToLower()){ "schema" {$role = "becomeSchemaMaster"; break} "domain" {$role = "becomeDomainMaster"; break} "rid" {$role = "becomeRidMaster"; break} "infra" {$role = "becomeInfraStructureMaster"; break} "pdc" {$role = "becomePDC"; break} } if ($role -eq "becomePDC"){ $dc.Put($role, $sid[0])} else {$dc.Put($role, 1) } $dc.SetInfo() }
This function takes a domain controller name and a role and performs the transfer.
move-afsmo -server dc02 -fsmo schema
move-afsmo -server dc02 -fsmo domain
move-afsmo -server dc02 -fsmo rid
move-afsmo -server dc02 -fsmo infra
move-afsmo -server dc02 -fsmo pdc
The roles are validated on input to determine the given value is in the set of roles. A switch statement sets the role to input to the Put() method. The transfer is performed as previously