PoshCode Archive  Artifact Content

Artifact 8dfdb0c011067b946b2d45e7039a2b10c0a9b8dc3f2efadf2b3eda686968f027:

  • File Set-FSMORoleOwner.ps1 — part of check-in [6e212063db] at 2018-06-10 13:14:55 on branch trunk — This advanced function allows you to transfer or seize the FSMO roles to a specified Domain Controller. Has support for -Whatif and -Confirm to avoid making a mistake with transferring the roles. Also can display the current owners after the action has completed using -PassThru. (user: Boe Prox size: 7263)

# encoding: ascii
# api: powershell
# title: Set-FSMORoleOwner
# description: This advanced function allows you to transfer or seize the FSMO roles to a specified Domain Controller. Has support for -Whatif and -Confirm to avoid making a mistake with transferring the roles. Also can display the current owners after the action has completed using -PassThru.
# version: 0.1
# type: function
# author: Boe Prox
# license: CC0
# function: Set-FSMORoleOwner
# x-poshcode-id: 2728
# x-archived: 2011-08-14T09:27:20
# x-published: 2011-06-10T10:38:00
#
#
Function Set-FSMORoleOwner {
<#  
.SYNOPSIS  
    Performs a transfer of a FSMO role to a specified Domain Controller. 
    
.DESCRIPTION  
    Performs a transfer of a FSMO role to a specified Domain Controller.

.PARAMETER DomainController
    Fully Qualified Domain Name of the Domain Controller to take a transfer role to

.PARAMETER Role
    Name of the role to transfer to domain controller

.PARAMETER Transfer
    Transfers the specified role and give to specified domain controller. 

.PARAMETER Seize
    Seize the specified role and give to specified domain controller.   

.PARAMETER PassThru
    Show the FSMO role owners after performing action    

.NOTES  
    Name: Set-FSMORoleOwner
    Author: Boe Prox
    DateCreated: 06/9/2011  

.EXAMPLE
    Set-FSMORoleOwner -DomainController DC1.Rivendell.com -Role RidRole
    
    Description
    -----------
    Transfers the RidRole to DC1.Rivendell.com 

.EXAMPLE
    Set-FSMORoleOwner -DomainController DC1.Rivendell.com -Role PdcRole -Transfer -PassThru
    
    NamingRole  : dc2.rivendell.com 
    Domain              : rivendell.com 
    RidRole            : dc2.rivendell.com 
    Forest              : rivendell.com 
    InfrastructureRole : dc2.rivendell.com 
    SchemaRole        : dc2.rivendell.com 
    PdcRole            : dc1.rivendell.com     
    
    Description
    -----------
    Transfers the PdcRole to DC1.Rivendell.com and displays the current FSMO Role Owners.

.EXAMPLE
    Set-FSMORoleOwner -DomainController DC1.Rivendell.com -Role PdcRole,RidRole,SchemaRole -Transfer -PassThru
    
    NamingRole         : dc2.rivendell.com 
    Domain              : rivendell.com 
    RidRole            : dc1.rivendell.com 
    Forest              : rivendell.com 
    InfrastructureRole : dc2.rivendell.com 
    SchemaRole        : dc1.rivendell.com 
    PdcRole            : dc1.rivendell.com     
    
    Description
    -----------
    Transfers the PdcRole,RidRole and SchemaRole to DC1.Rivendell.com and displays the current FSMO Role Owners.  
    
.EXAMPLE
    Set-FSMORoleOwner -DomainController DC1.Rivendell.com -Role PdcRole -Seize -PassThru
    
    WARNING: Performing this action is irreversible!
    The Domain Controller that originally holds this role should be rebuilt to avoid issues on the domain!
    
    NamingRole  : dc2.rivendell.com 
    Domain              : rivendell.com 
    RidRole            : dc2.rivendell.com 
    Forest              : rivendell.com 
    InfrastructureRole : dc2.rivendell.com 
    SchemaRole        : dc2.rivendell.com 
    PdcRole            : dc1.rivendell.com     
    
    Description
    -----------
    Seizes the PdcRole and places it on DC1.Rivendell.com and displays the current FSMO Role Owners.  
          
#>
[cmdletbinding(
    SupportsShouldProcess = 'True',
    ConfirmImpact = 'High',
    DefaultParameterSetName = 'Transfer'
    )] 
Param (
    [parameter(Position=1,Mandatory = 'True',ValueFromPipeline = 'True',
        HelpMessage='Enter the Fully Qualified Domain Name of the Domain Controller')]
    [ValidateCount(1,1)]
    [string[]]$DomainController,
    [parameter(Position=2,Mandatory = 'True',
        HelpMessage = "InfrastructureRole,NamingRole,PdcRole,RidRole,SchemaRole")]
    [Alias('fsmo','fsmorole')]
    [ValidateSet('InfrastructureRole','NamingRole','PdcRole','RidRole','SchemaRole')]
    [ValidateCount(1,5)]
    [string[]]$Role,
    [parameter(Position=4,ParameterSetName='Transfer')]
    [Switch]$Transfer,    
    [parameter(Position=4,ParameterSetName='Seize')]
    [Switch]$Seize,
    [parameter(Position=5)]
    [switch]$PassThru
    )
Begin {}
Process {
    Try {
        Write-Verbose "Connecting to Forest"
        $forest = [system.directoryservices.activedirectory.Forest]::GetCurrentForest()
        Write-Verbose "Locating $DomainController" 
        $dc = $forest.domains | ForEach {
            $_.Domaincontrollers | Where {
                $_.Name -eq $DomainController
                }
            }
        }
    Catch {
        Write-Warning "$($Error)"
        Break
        }
    If (-NOT [string]::IsNullOrEmpty($dc)) {
        ForEach ($r in $role) {
            Switch ($PScmdlet.ParameterSetName) {
               "Transfer" {
                Write-Verbose "Beginning transfer of $r to $DomainController"
                    If ($PScmdlet.ShouldProcess("$DomainController","Transfer Role: $($Role)")) {
                        Try {
                            $dc.TransferRoleOwnership($r)
                            }
                        Catch {
                            Write-Warning "$($Error[0])"
                            Break
                            }
                        }
                    }
                "Seize" {
                    Write-Warning "Performing this action is irreversible!`nThe Domain Controller that originally holds this role should be rebuilt to avoid issues on the domain!"
                    Write-Verbose "Seizing $r and placing on $DomainController"
                    If ($PScmdlet.ShouldProcess("$DomainController","Seize Role: $($Role)")) {
                        Try {
                            $dc.SeizeRoleOwnership($r)
                            }
                        Catch {
                            Write-Warning "$($Error[0])"
                            Break
                            }
                        }               
                    }
                Default {
                    Write-Warning "You must specify either -Transfer or -Seize!"
                    Break
                    }
                }
            }
        }
    Else {
        Write-Warning "Unable to locate $DomainController!"
        Break
        }
    }
End {
    If ($PSBoundParameters['PassThru']) {
        $forest = [system.directoryservices.activedirectory.Forest]::GetCurrentForest()
        ForEach ($domain in $forest.domains) {
            $forestproperties = @{
                Forest = $Forest.name 
                Domain = $domain.name 
                SchemaRole = $forest.SchemaRoleOwner 
                NamingRole = $forest.NamingRoleOwner 
                RidRole = $Domain.RidRoleOwner 
                PdcRole = $Domain.PdcRoleOwner 
                InfrastructureRole = $Domain.InfrastructureRoleOwner 
                }
            $newobject = New-Object PSObject -Property $forestproperties
            $newobject.PSTypeNames.Insert(0,"ForestRoles")
            $newobject        
            }
        }
    }
}