One of the goals for Active Directory was to get away from the 'only one writeable copy' Primary Domain Controller we had in NT4.0, and make it possible to perform AD changes on any DC which would then automatically get replicated around. A great idea, except there are a couple of things that really do need to have a single instance to avoid data corruption or duplication. These things are called Flexible Single Master Operations or FSMO's.
When you first run dcpromo.exe to build your domain, all 5 FSMO roles will be assigned to the first DC that you install. For a small domain, that's fine, but there are situations where it makes sense, and may even be necessary, to move some or all of the roles. How you should place them can be found here.
Now lets say you have 3 DCs with FSMO roles spread over them. Now one of them dies. What then? You'll be ok. Microsoft recommends that whenever possible, if you can get that DC back up and running you should do so. If the server died and stays that way, and you didn't get a chance to remove it from the domain and reassign the FSMO roles, you can use ntdsutil.exe to seize the role and force another DC to take over for your dead server.
So what happens if you seize the role, recover the dead server and put it back on the network? In the early days it would still think it owned the FSMO role. Result, 2 DCs with the same FSMO. Luckily Microsoft has taken some countermeasures. If you're running Windows Server 2003, or Windows 2000 Server SP3 ---when you don't, UPGRADE!---, when the old server comes back online, it doesn't do any FSMO stuff until it has successfully completed replication. One of the AD attributes that is replicated is the FSMO role owner. If the server sees that the attribute has changed to a different server name, it quietly demotes itself from being a FSMO server and carries on. If it sees that it is still listed in the attribute as the FSMO owner, it will then begin doing its FSMO roles.
Active Directory and FSMO ROCKS! Want to learn more? Go here and satisfy your brain.
No comments:
Post a Comment