find your FSMO role holders

All domain controllers – except the ones that hold the FSMO roles. These are essential operational roles that can only be held by a single DC at a time.

## get FSMO roles            
            
"`nMicrosoft"            
Get-ADForest | Format-Table SchemaMaster, DomainNamingMaster            
Get-ADDomain | Format-Table PDCEmulator, RIDMaster, InfrastructureMaster            
            
            
"`nAD provider"            
Get-ItemProperty -Path ad:\"cn=Schema,cn=Configuration,dc=manticore,dc=org" -Name fSMORoleOwner |            
Format-Table @{N="SchemaMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-ItemProperty -Path ad:\"cn=Partitions,cn=Configuration,dc=manticore,dc=org"  -Name fSMORoleOwner |            
Format-Table @{N="DomainNamingMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-ItemProperty -Path ad:\"dc=manticore,dc=org" -Name fSMORoleOwner |            
Format-Table @{N="PDCEmulator"; E={$($_.fSMORoleOwner)}}            
            
Get-ItemProperty -Path ad:\"cn=RID Manager$,cn=system,DC=Manticore,DC=org" -Name fSMORoleOwner |            
Format-Table @{N="RIDMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-ItemProperty -Path ad:\"CN=Infrastructure,DC=Manticore,DC=org"  -Name fSMORoleOwner |            
Format-Table @{N="InfrastructureMaster"; E={$($_.fSMORoleOwner)}}            
            
            
"`nQuest"            
Get-QADObject  -Identity "cn=Schema,cn=Configuration,dc=manticore,dc=org" -IncludeAllProperties |             
Format-Table @{N="SchemaMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-QADObject  -Identity "cn=Partitions,cn=Configuration,dc=manticore,dc=org" -IncludeAllProperties |             
Format-Table @{N="DomainNamingMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-QADObject  -Identity "dc=manticore,dc=org" -IncludeAllProperties |             
Format-Table @{N="PDCEmulator"; E={$($_.fSMORoleOwner)}}            
            
Get-QADObject -Identity "cn=RID Manager$,cn=system,DC=Manticore,DC=org" -IncludeAllProperties |            
Format-Table @{N="RIDMaster"; E={$($_.fSMORoleOwner)}}            
            
Get-QADObject -Identity "CN=Infrastructure,DC=Manticore,DC=org" -IncludeAllProperties |            
Format-Table @{N="InfrastructureMaster"; E={$($_.fSMORoleOwner)}}            
            
"`nScript"            
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() |            
Format-Table SchemaRoleOwner, NamingRoleOwner            
            
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |            
Format-Table PdcRoleOwner, RidRoleOwner, InfrastructureRoleOwner

 

There are two easy ways and two messy ways to get this information. The easy ways are the Microsoft cmdlets or the script. Both access the domain and forest objects and read the required information.

The messy ways are the Quest cmdlets and the provider – in both you have to know where to look in AD to find the information – its not always obvious where to track this down.

My recommendation is to use the Microsoft cmdlets or the script approach to solve this problem

Advertisements
This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s