'Changing FSMO Roles: Access Denied

I'm trying to change FSMO roles of an active directory server by connecting it from a remote server using Invoke-Command. The script is below:

Invoke-Command -ComputerName $hostname -Credential $icred -ScriptBlock {

$global:ErrorActionPreference = "Stop";
import-module activedirectory;

Move-ADDirectoryServerOperationMasterRole -Identity owinfadc01 -OperationMasterRole 0,1,2 -Force -Confirm:$false ;

}

The problem is that

Move-ADDirectoryServerOperationMasterRole

changes the role of PDC; however, gets "Access is denied" error while trying for RID pool manager. The weird thing is "RID pool manager" and "Infrastructure Library" roles are changed either after waiting couple of minutes.

As a note, my user is a member of both Administrator and Domain Admins.

Thoughts?

powershellactive-directory


Solution 1:[1]

In case one faces with this problem, I add the solution.

Add "-credential" property to the command. After modification, it looks like below:

Invoke-Command -ComputerName $hostname -Credential $icred -ScriptBlock {

$global:ErrorActionPreference = "Stop";
import-module activedirectory;

Move-ADDirectoryServerOperationMasterRole -Identity owinfadc01 -Credential $icred -OperationMasterRole 0,1,2 -Force -Confirm:$false ;

}

Note that $cred is the variable that contains required username/password combination and the process is the same as Shift+RightClick powershell and select "Run as different user". In addition, if you are using Invoke-Command as I do, do not forget to add "-ArgumentList" property to Invoke-Command in order to transfer the credential defined before(outside Invoke-Command).

Solution 2:[2]

Just run the PowerShell as Administrator (via Right-Click).

Solution 3:[3]

Ran into this problem (or one that behaves very like it).

I am not using Invoke-Command but Enter-PSSession instead.

Move-ADDirectoryServerOperationMasterRole would succeed for every role but SchemaMaster.

I have been running my Active Directory environment since 2014 and it never occurred to me to add my EA account to the "Schema Admins" group!

Added my account to "Schema Admins", log out, log in, problem solved.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 cryptokovski
Solution 2 Gerrit
Solution 3 Frobozz

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

New-ExoPSSession: Index was out of range

PowerShell Cannot dot-source this command because it was defined in a different language mode

How do I get only directories using Get-ChildItem?

Powershell - windows hard-disk health status is giving inconsistent results

The term 'AzCopy' is not recognized as a name of a cmdlet, function, script file

check if an string exists in a list of strings, using powershell

Can Powershell Run Commands in Parallel?

How can ensure that a function only accepts a positive integer?

Powershell: Two dimension arrays

PowerShell and process exit codes

PowerShell Script to set the size of pagefile.sys

Trying to install Angular 2 Material from npm - unrecognized token in source text