Seize Schema Master Fails with Access is Denied

On a Windows Server 2012 R2 domain controller in our sandbox, logged in as the Domain Administrator, I attempted to seize all of the fsmo roles using the following PowerShell command:


Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_Name” –OperationMasterRole 0,1,2,3,4 -force

I successfully seized the PDC Emulator, RID Master, and Infrastructure Master roles, but the seizure of Schema Master failed with an Access is Denied message.

The Administrator account was a member of Schema Admins and Enterprise Admins, so it had the correct permissions assigned. After much online searching, I found the suggestion to make Schema Admins the primary group for the account. The default was Domain Users. After making Schema Admins the primary group, the PowerShell command worked to seize the Schema Master role.

Seize Schema Master Fails with Access is Denied

4 thoughts on “Seize Schema Master Fails with Access is Denied

  1. Mireiawen says:

    This helped! For anyone else struggling with this, I also had to log off and log back in after changing the primary group, but after that it worked.

    Like

  2. Glenn Gahnstedt says:

    I was logged in as Domain Admin, with Schema Master group membership… One would really think that would be enough!… Thanks for sharing this… it was giving me a huge headache. Cheers! (Server 2016)

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s