Home > Powershell > Powershell: Retrieving AD FSMO Role Holders

Powershell: Retrieving AD FSMO Role Holders

I was recently asked to create a script to display the current FSMO Role holders in an Active Directory domain.  There are 5 FSMO roles and the first domain controller in the forest root domain holds them all by default.  Of the 5 roles, 2 are per forest and 3 per domain.  These roles can be transfered or seized during the lifetime of the AD Domain and it’s important to know what DC’s hold which roles, especially when doing maintenance.

Powershell isn’t the only way to retrieve the role holders and both Netdom and NTDSUtil provide the same info, with Netdom being the easier of the two commands to use.  Here is an example of using Netdom:

Netdom however is only available on servers by default and although the tool can be used to do more then just display FSMO role holders, using Poweshell provides greater flexibility in agregating data and creating custom objects using a standard platform.  This mean that not only could Powershell use it’s own cmdlet’s to retrieve data but it also can execute both Netdom and NTDSUtil to aggregate additinal information.

In order to use Powershell to query Active Directory the activedirectory module must first be loaded.

  if(!(get-module activedirectory)) {
  Write-Host "Importing AD Module.." -fore Blue
  Import-Module activedirectory }

Now it’s time to create the necessary variable’s:

 $Domain = Get-ADDomain
 $Forest = Get-ADForest

Now the fun part…creating a custom object to hold information pulled from 2 different cmdlet’s:

  $obj = New-Object PSObject -Property @{
  PDC = $domain.PDCEmulator
  RID = $Domain.RIDMaster
  Infrastructure = $Domain.InfrastructureMaster
  Schema = $Forest.SchemaMaster
  DomainNaming = $Forest.DomainNamingMaster
  }
 $obj

The code is then placed into a function to make it reusable and modularized:

Function Get-FSMORoleHolders {            

 if(!(get-module activedirectory)) {
  Write-Host "Importing AD Module.." -fore Blue
  Import-Module activedirectory }            

 $Domain = Get-ADDomain
 $Forest = Get-ADForest             

 $obj = New-Object PSObject -Property @{
  PDC = $domain.PDCEmulator
  RID = $Domain.RIDMaster
  Infrastructure = $Domain.InfrastructureMaster
  Schema = $Forest.SchemaMaster
  DomainNaming = $Forest.DomainNamingMaster
  }
 $obj            

 }
Get-FSMORoleHolders

Running the above function produces the following results:

Advertisements
Categories: Powershell Tags:
  1. July 17, 2013 at 8:10 pm

    whoah this blog is excellent i love studying your articles.
    Keep up the great work! You realize, many people are looking round for this
    information, you can help them greatly.

    • joeroc
      July 22, 2013 at 12:00 pm

      Appreciate the kind words..Glad I could help…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: