Finding & Transferring FSMO roles using powershell

I think it’s a part of IT nature to spend 15 minutes on scripting things that you actually could achieve in 1 minute using GUI, but you can’t change the nature, right? 🙂

One of the things I have to do from time to time is change of FSMO roleholders by simply transferring them (keep in mind that transfer is not the same as seize) from one host to another and it becomes inconvenient when I have to switch over three different mmc snap-ins (schema, ad domains and trusts and ad users and computers). Luckily there’s a powershell with single interface and all of the options I need.

First of all, let’s refresh our knowledge of FSMO roles by looking into the table content below:

Role Description fSMORoleOwner location Scope
Schema Processes schema updates CN=Schema,CN=Configuration,<ForestDN> Forest
Domain Naming Processes the addition, removal and renaming of domains CN=Partitions,CN=Configuration,<ForestDN> Forest
Infrastructure Maintains references to objects in other domains CN=Infrastructure,<DomainDN> Domain
RID Handles RID pool allocation for the domain controllers in a domain CN=RidManager$,CN=System,<DomainDN> Domain
PDC Emulator Acts as the Windows NT master browser and aslo as the PDC for downlevel clients <DomainDN> Domain

Okay, so now, as we know all FSMO roles, how do I find FSMO roleholders using powershell? Just like that:

Script above will limit the information only to holder’s Name, which can be changed to full information by removing “.Name” at the end of each line. You should be returned with at least following information:

Now, let’s assume we want to move RID role from dc12.ant.local to dc12.ant.local, which is also possible with… powershell! And that will be even easier:

What’s more, you can move multiple roles at the same time:

That was easy, wasn’t it? 😉

Leave a Reply