fsmo roles

Move FSMO Roles and Upgrade Domain to Windows Server 2016

In this article we will show you how to promote a new domain controller with Windows Server 2016 in the Active Directory domain, move FSMO roles from an old domain controller (running Windows Server 2012 R2/2008), raise the domain functional level to Windows Server 2016 and then demote the DC from Windows Server 2012/2008 to the domain member server.

We assume that you already have a new server running Windows Server 2016. Our task is to install the Active Directory Domain Services role on it. In our lab, we have an installed domain contoso.com with one PDC domain controller on Windows Server 2012 R2. We will add the second domain controller with Windows Server 2016 and transfer all the FSMO roles to it.

How to move FSMO Roles from old DC?

To install a domain controller and transfer FSMO roles, your account must be in the Domain Admins and Enterprise Admins groups. You can install the ADDS role from the Server Manager console GUI (screenshot below), but it’s much more convenient and easier to install a AD role from the PowerShell console.

active directory domain services roles

On a new server run elevated PowerShell command line. Import the ServerManager module to the PowerShell session and install the ADDS services and the management tools.

Import-Module ServerManager

Install-WindowsFeature -name AD-Domain-Services –IncludeManagementTools

Wait until the ADDS role and management tools have been installed. A server reboot is not required.

import module powershell

To promote this server to a domain controller, run the following command (replace the domain, first DC and site names to your own!):

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-CriticalReplicationOnly:$false `

-DatabasePath "C:\Windows\NTDS" `

-DomainName "contoso.com" `

-InstallDns:$true `

-LogPath "C:\Windows\NTDS" `

-NoRebootOnCompletion:$false `

-ReplicationSourceDC "dc.contoso.com" `

-SiteName "NewYork" `

-SysvolPath "C:\Windows\SYSVOL" `


install adds domain controller

You must specify the local DSRM password and confirm it. After the role is configured, the server will automatically reboot.

move fsmo roles powershell

Now you can transfer all (or only a part of) FSMO roles to the new DC.

You can transfer FSMO roles from one DC to another using GUI consoles or via PowerShell. By using PowerShell the transfer becomes much easier.

Make sure that all FSMO roles are located on the old (Windows 2012r2) domain controller:

netdom query fsmo

netdom query fsmo powershell

Now you can transfer all 5 FSMO roles to a new DC:

Move-ADDirectoryServerOperationMasterRole -Identity "dc3-2016" -OperationMasterRole 0,1,2,3,4

move addirectory server operation master role

After the transfer is complete, make sure that the new DC with Windows Server 2016 is the new FSMO roles owner:

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

Get-ADDomainController -Filter * |

Select-Object Name, Domain, Forest, OperationMasterRoles |

Where-Object {$_.OperationMasterRoles} |

Format-Table -AutoSize

get addomain powershell

After transferring all of the roles, you can remove the old DC by demoting it with the following Powershell commands:

Import-Module ADDSDeployment

Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition

The command prompts you to specify a new password for the local server Administrator.

uninstall adds domain controller

After the command completes, reboot the server.

The last thing to do is update the functional level of your Active Directory domain to Windows 2016. Make sure that the current domain level is Windows2012R2Domain:

Get-ADDomain | fl Name,Domainmode

get ad domain powershell

To upgrade the functional level of you AD from 2012r2 to 2016, run the command:

Set-ADDomainMode –identity contoso.com -DomainMode Windows2016Domain

set ad domain mode

So, in this way we have successfully upgraded the Active Directory domain to Windows Server 2016.

You may also like:

Add Calendar Permissions in Office 365 via PowerSh... This is a tutorial on how to add calendar permissions in Office 365 for your users via PowerShell. You can add the permissions on a specific user’s ma...
How to Get List of Installed Programs in Windows 1... In this simple guide, we will show you two different ways of how to get a list of installed programs in Windows 10, 8 or Windows 7 using built-in comm...
Fix Trust relationship failed issue without domain... In this article, we will discuss the causes of Trust relationship failed error and some solutions on how to restore secure channel between the worksta...
How to copy files with BITS using PowerShell? If you use local (and global) networks, you might know that files between systems are transferring by using SMB, FTP or HTTP protocols. The problem wi...
Time Configuration for a Virtualized Domain Contro... Today we will talk about some of the features of time configuration on a virtualized domain controllers. Typically, the time synchronization scheme in...

Add Your Comment