How To Check FSMO roles
Active Directory uses five roles named “Flexible Single Master Operation Roles” (FSMO).
Each role is required for a domain controller to function correctly. During the initial Domain Controller Installation, all FSMO roles are installed automatically. In many cases, they can be left alone, however occasionally, due to failing servers, connectivity failures or other strange communication problems – they might need changing.
You need to be sure of which of the server hosting each role in your AD environment. Here we will break that down.
You can use Netdom query, or you can do it with windows PowerShell (always Right click and ‘Run As Administrator’.
There are two forest wide roles and three domain wide roles
Forest Wide Roles:
- Schema Master
- Domain naming master
Domain Wide Roles:
- RID pool manager
- Infrastructure master
How to query the FSMO roles in your domain.
Option1: Netdom query fsmo (Command Line)
Netdom is one of the command line tools to manage Active Directory domains and trusts.
1. Log into a Domain Controller and open a Command Prompt (Run as Administrator). Simply click the Start button and type cmd, windows will search and return the command prompt. Right click on “Command Prompt” and Run As Administrator.
2. Within the command prompt type “netdom query fsmo”. Click Enter
The above command should return the five roles and which DC they are on.
The above is a quick and easy way to check FSMO Role.
Option 2: Powershell
With Powershell we will use two lines of code.
- The first is to return the forest roles
- The second is to return the domain roles.
1. Open windows powershell. Click start and type Windows Powershell ISE
The ISE allows you to test and re-edit your lines of code easily rather than simply typing each command again and again)
You can save the file and easily re-run your code whenever you choose. If you regularly use the command line, the ISE is the best way to ensure you can quickly run the code you need.
Right Click Windows Powershell ISE and select “Run As Administrator”
2. Within the powershell GUI type: Get-ADForest yourdomain | Format-Table SchemaMaster,DomainNamingMaster
3. For the Domain FSMO Roles, type: Get-ADDomain yourdomain | format-table PDCEmulator,RIDMaster,InfrastructureMaster
Note how using the ISE version of Powershell allows you to save and rerun each line of code usin the Green Arrows.
- Single Arrow = Run All
- Lined Page Arrow = Run Current Line