Move a single FSMO role

Sometimes you just want to move a single FSMO role

 

function move-afsmo {            
[CmdletBinding()]            
param([string]$server,             
            
[ValidateSet("schema", "domain", "rid", "infra", "pdc")]            
[string]$fsmo            
)            
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$sid = ($dom.GetDirectoryEntry()).objectSid            
$dc = [ADSI]"LDAP://$server/rootDSE"            
            
switch ($fsmo.ToLower()){            
    "schema" {$role = "becomeSchemaMaster"; break}            
    "domain" {$role = "becomeDomainMaster"; break}            
    "rid"    {$role = "becomeRidMaster"; break}            
    "infra"  {$role = "becomeInfraStructureMaster"; break}            
    "pdc"    {$role = "becomePDC"; break}            
}            
            
if ($role -eq "becomePDC"){ $dc.Put($role, $sid[0])}            
else {$dc.Put($role, 1) }            
$dc.SetInfo()            
}

 

This function takes a domain controller name and a role and performs the transfer.

move-afsmo -server dc02 -fsmo schema                                       
move-afsmo -server dc02 -fsmo domain                                       
move-afsmo -server dc02 -fsmo rid                                          
move-afsmo -server dc02 -fsmo infra                                        
move-afsmo -server dc02 -fsmo pdc 

The roles are validated on input to determine the given value is in the set of roles. A switch statement sets the role to input to the Put() method. The transfer is performed as previously

Published Sun, Mar 18 2012 12:22 by RichardSiddaway
Filed under:

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: