Monday, June 23, 2008

Get FSMO Roles with PowerShell

The other day I needed to see what servers held which FSMO roles. I know there are many ways to get to this information. The easiest that I know of is using the NetDom resource kit utility.

netdom.exe query fsmo

I however wanted to see if I could use only .NET and not totally rely on any other tools. This was more of a challenge than anything else. I found several ways in .NET to get this info but I settled on this because it seemed the easiest way. If you know of an easier or more efficient way let me know.

   1:  $DCs = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).DomainControllers
   2:  $DCs | % { if ($_.Roles -ne '') {
   3:          "Server $_ has roles:"
   4:          ""
   5:          foreach ($role in $_.roles) {
   6:              $role.tostring().padleft($role.tostring().length + 10)
   7:          }
   8:          ""
   9:      }
  10:  }

The script is not as fast as NetDom, about 1 sec slower in my environment, but it depends only on .net.

2 comments:

Brandon said...

$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
Write-Host " == Forest Roles == "
$forest | Select SchemaRoleOwner,NamingRoleOwner
Write-Host " == Domain Roles == "
$forest.Domains | Select PdcRoleOwner,RidRoleOwner,InfrastructureRoleOwner

Joel De La Torre said...

There always is an easier way.

Thanks Brandon.