Move the operation master role to an AD directory server.
Syntax
Move-ADDirectoryServerOperationMasterRole [-Identity] ADDirectoryServer
[-OperationMasterRole] ADOperationMasterRole[] [-AuthType {Negotiate | Basic}]
[-Credential PSCredential] [-Force] [-PassThru]
[-Server string] [-Confirm] [-WhatIf] [CommonParameters]
Key
-AuthType {Negotiate | Basic}
The authentication method to use:
Negotiate or 0
Basic or 1
A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.
-Credential PSCredential
A user account that has permission to perform this action.
The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
in which case the account associated with the drive is the default.
"User64" or "Domain01\User64" or a PSCredential object.
-Force
-Identity ADDirectoryServer
An AD server object:
Distinguished Name of the NTDS Settings object
Example: CN=NTDS Settings,CN=DC064,CN=Servers,CN=eame,CN=Sites,CN=Configuration,DC=corp,DC=SS64,DC=com
Distinguished Name of the server object that represents the directory server
Example: CN=DC064,CN=Servers,CN=eame,CN=Sites,CN=Configuration,DC=corp,DC=SS64,DC=com
GUID (objectGUID) of server object under the configuration partition
Example: a7ca1c0d-9a72-497b-a1c2-209104124102
GUID (objectGUID) of NTDS settings object under the configuration partition
Example: 768c44de-f72d-66e0-8a88-0523ca495f20
The identifier in parentheses is the LDAP display name for the attribute.
The cmdlet searches the default naming context or partition to find the object.
If the identifier given is a DN, the partition to search will be computed from that DN.
If two or more objects are found, the cmdlet returns a non-terminating error.
This parameter can also accept an object through the pipeline.
-OperationMasterRole ADOperationMasterRole[]
One or more operation master roles to move to the specified directory server in
AD Domain Services. Possible values:
PDCEmulator or 0
RIDMaster or 1
InfrastructureMaster or 2
SchemaMaster or 3
DomainNamingMaster or 4
To specify multiple operation master roles, use a comma-separated list.
-PassThru
Returns the new or modified object.
By default (i.e. if -PassThru is not specified), this cmdlet does not generate any output.
-Server string
The AD Domain Services instance to connect to, this may be any of: AD Lightweight Domain Services,
AD Domain Services or Active Directory Snapshot instance.
Examples: demo.SS64.com demo demoDC02.demo.ss64.com demoDC02.demo.ss64.com:3268
-Confirm
Prompt for confirmation before executing the command.
-WhatIf
Describe what would happen if you executed the command, without actually executing the command.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Move-ADDirectoryServerOperationMasterRole moves one or more operation master roles to a directory server. You can move operation master roles to a directory server in a different domain if the credentials are the same in both domains.
The -Identity parameter specifies the directory server that receives the roles.
For AD LDS instances the syntax for the server object name is computer-name$instance-name. for
example:
server64$instance1
To type this value in PowerShell, you must use the backtick (`) as an escape character for the dollar
sign ($). Therefore, for this example, type the following:
server64`$instance1
Alternatively set the -Identity parameter to a directory server object variable.
Examples
Move the PDC Emulator role to the Domain Controller "SS64-DC1":
PS C:\> Move-ADDirectoryServerOperationMasterRole "SS64-DC1" PDCEmulator
Move the PDC Emulator and Schema Master roles to the Domain Controller "SS64-DC2":
PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity "SS64-DC2" -OperationMasterRole PDCEmulator,SchemaMaster
“The horse, the horse! The symbol of surging potency and power of movement, of action” ~ D.H. Lawrence
Related PowerShell Cmdlets:
Move-adDirectoryServer - Move a domain controller in AD DS to a new site.
Set-adDomainMode - Set the domain functional level for an AD domain.