' Author: Mattias Ryrlén (mr@op5.com)
' Website: http://www.op5.com
' Created: 2008-09-18
' Version: 0.9
' Description: List the current FSMO Roles on an Active Directory DC
' Should display an errorstring if you specify a role that the server don't own.
' Havent had the time to test this since i only had 1 DC to test it on.
'
' Requirements: You will need supporttools installed on your DC for this script to work.
'
' Usage cscript /NoLogo check_ad_fsmo.vbs <domain> "<roles>"

 
Err = 3
msg = "UNKNOWN"

Set Args = WScript.Arguments
If WScript.Arguments.Count <= 1 Then
	Usage()
Else
	domain = Args.Item(0)
	roles = Replace(lcase(Args.Item(1))," ","")
	
	Set objShell = CreateObject("Wscript.Shell")

	Set objHostname = objShell.Exec("hostname")
	hostname = objHostname.StdOut.ReadLine

	strCommand = "C:\progra~1\suppor~1\netdom.exe query /domain:" & domain & " fsmo"
	set objProc = objShell.Exec(strCommand)

	input = ""
	strOutput = ""
	strErrput = ""

	Do While Not objProc.StdOut.AtEndOfStream
		input = objProc.StdOut.ReadLine
	
		If InStr(roles, "schema") OR roles = "all" Then
			If InStr(input, "Schema owner") Then
				If input = "Schema owner                " & hostname & "." & domain & "" Then
					strOutput = strOutput + "Schema, "
				Else
					strErrput = strErrput + "Schema, "
				End If
			End If
		End If
	
		If InStr(roles, "domain") OR roles = "all" Then
			If InStr(input, "Domain role owner") Then
				If input = "Domain role owner           " & hostname & "." & domain & "" Then
					strOutput = strOutput + "Domain role, "
				Else
					strErrput = strErrput + "Domain role, "
				End If
			End if
		End If

		If InStr(roles, "pdc") OR roles = "all" Then
			If InStr(input, "PDC role") Then
				If input = "PDC role                    " & hostname & "." & domain & "" Then
					strOutput = strOutput + "PDC, "
				Else
					strErrput = strErrput + "PDC, "
				End If
			End If
		End If
	
		If InStr(roles, "rid") OR roles = "all" Then
			If InStr(input, "RID pool manager") Then		
				If input = "RID pool manager            " & hostname & "." & domain & "" Then
					strOutput = strOutput + "RID pool manager, "
				Else
					strErrput = strErrput + "RID pool manager, "
				End If
			End If
		End If
		If InStr(roles, "infrastructure") OR roles = "all" Then
			If InStr(input, "Infrastructure owner") Then		
				If input = "Infrastructure owner        " & hostname & "." & domain & "" Then
					strOutput = strOutput + "Infrastructure, "
				Else
					strErrput = strErrput + "Infrastrutcure, "
				End If
			End If
		End If
	Loop
	If strErrput <> "" Then
		Err = 2
		If strOutput <> "" Then
			strOutput = Left(strOutput, Len(strOutput) - 2)
		End If
		
		msg = "CRITICAL FSMO Roles: " & strOutput & " Error: " & strErrput
	Else
		Err = 0
		If strOutput <> "" Then
			strOutput = Left(strOutput, Len(strOutput) - 2)
		End If
		msg = "OK FSMO Roles: " & strOutput
	End If
End If
Wscript.Echo msg
Wscript.Quit(Err)

Function Usage()
	Err = 3
	WScript.Echo "Usage cscript /NoLogo check_ad_fsmo.vbs <domain> ""<roles>"""
	Wscript.Echo ""
	Wscript.Echo "domain			Name of domain to check roles on"
	Wscript.Echo ""
	Wscript.Echo "roles:"
	Wscript.Echo " All			All Roles"
	Wscript.Echo " Schema			Schema owner"
	Wscript.Echo " Domain			Domain role owner"
	Wscript.Echo " PDC			PDC role"
	Wscript.Echo " RID			RID pool manager"
	Wscript.Echo " Infrastructure		Infrastructure owner"
	Wscript.Echo ""
	Wscript.Echo "Example: cscript /NoLogo check_ad_fsmo.vbs mydomain.com ""Schema,PDC,RID"""
	Wscript.Quit(Err)
End Function