PowerShell Function to Determine the Active Directory FSMO Role Holders via the .NET Framework

Last week I posted a PowerShell function to determine what Active Directory domain controllers held the FSMO roles for one or more domains and forests. That particular function used the Get-ADDomain and Get-ADForest cmdlets which are part of the Active Directory PowerShell module. As it so happens, a friend of mine, Shay Levy who is a PowerShell MVP posted an article on PowerShell Magazine that uses a couple of one liners that use the .NET Framework to return the FSMO role holders.

I’m not a .NET guy, but this started me thinking that there was probably a way with the .NET Framework to figure out where the FSMO roles were based on a given domain instead of the current one.

I decided to retro-fit my function to use the .NET Framework Class that Shay was using, but I figured out a different static method (I think that’s what it’s called, but correct me if I’m wrong). This other static method would indeed return the FSMO role holders based on a given domain name.

function Get-FSMORole {
Retrieves the FSMO role holders from one or more Active Directory domains and forests.
Get-FSMORole uses the .NET Framework to determine which domain controller currently holds each
of the Active Directory FSMO roles. The Active Directory PowerShell module is not required.
One or more Active Directory domain names.
Get-Content domainnames.txt | Get-FSMORole
Get-FSMORole -DomainName domain1, domain2
        [string[]]$DomainName = $env:USERDOMAIN
        foreach ($domain in $DomainName) {
            Write-Verbose "Querying $domain"
            Try {
            $problem = $false
            $addomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain(
                (New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $domain)))
            } Catch { $problem = $true
                Write-Warning $_.Exception.Message
            if (-not $problem) {
                $adforest = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest(
                    (New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Forest', (($addomain).forest))))

                New-Object PSObject -Property @{
                    InfrastructureMaster = $addomain.InfrastructureRoleOwner
                    PDCEmulator = $addomain.PdcRoleOwner
                    RIDMaster = $addomain.RidRoleOwner
                    DomainNamingMaster = $adforest.NamingRoleOwner
                    SchemaMaster = $adforest.SchemaRoleOwner