How To Check FSMO roles in Active Directory

How To Check FSMO roles

 

Active Directory uses five roles named “Flexible Single Master Operation Roles” (FSMO).

Each role is required for a domain controller to function correctly. During the initial Domain Controller Installation, all FSMO roles are installed automatically. In many cases, they can be left alone, however occasionally, due to failing servers, connectivity failures or other strange communication problems – they might need changing.

You need to be sure of which of the server hosting each role in your AD environment. Here we will break that down.

You can use Netdom query, or you can do it with windows PowerShell (always Right click and ‘Run As Administrator’.

There are two forest wide roles and three domain wide roles

Forest Wide Roles:

  • Schema Master
  • Domain naming master

Domain Wide Roles:

  • PDC
  • RID pool manager
  • Infrastructure master

How to query the FSMO roles in your domain.

Option1: Netdom query fsmo (Command Line)

Netdom is one of the command line tools to manage Active Directory domains and trusts.

1. Log into a Domain Controller and open a Command Prompt (Run as Administrator). Simply click the Start button and type cmd, windows will search and return the command prompt. Right click on “Command Prompt” and Run As Administrator.

Opening Command Prompt
How to Open the Command Prompt as Administrator

2. Within the command prompt type “netdom query fsmo”. Click Enter

The above command should return the five roles and which DC they are on.

Checkin FSMO R
How to Check FSMO Roles

The above is a quick and easy way to check FSMO Role.

 

Option 2: Powershell

With Powershell we will use two lines of code.

  • The first is to return the forest roles
  • The second is to return the domain roles.

1. Open windows powershell. Click start and type Windows Powershell ISE

The ISE allows you to test and re-edit your lines of code easily rather than simply typing each command again and again)

You can save the file and easily re-run your code whenever you choose. If you regularly use the command line, the ISE is the best way to ensure you can quickly run the code you need.

Right Click Windows Powershell ISE and select “Run As Administrator”

Opening the Windows Powershell Console as Administrator
Opening the Windows Powershell Console as Administrator

2. Within the powershell GUI type: Get-ADForest yourdomain | Format-Table SchemaMaster,DomainNamingMaster

 

Checking FSMO Roles
Checking FSMO Roles

3. For the Domain FSMO Roles, type: Get-ADDomain yourdomain | format-table PDCEmulator,RIDMaster,InfrastructureMaster

Note how using the ISE version of Powershell  allows you to save and rerun each line of code usin the Green Arrows.

  • Single Arrow = Run All
  • Lined Page Arrow = Run Current Line

    Checking FSMO Roles
    Checking FSMO Roles