Jump to content
Sign in to follow this  
MattKopf

FSMO holders

Recommended Posts

MattKopf

Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything.

Share this post


Link to post
Share on other sites
PsaltyDS

Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything.

Google is your friend: Determining FSMO Role Holders

Scroll down to Methods #3 or #4 for scriptability.

:D

Edit: I knew that could be done from a COM interface, so I googled up a couple of VBScript versions and mashed them together into this:

; ---------------------------------------------
; Function: _GetSchemaMaster()
; Returns string computer name that holds the Schema Master FSMO role (one per forest)
; ---------------------------------------------
Func _GetSchemaMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sSchemaNamingContext = $oRootDSE.Get("schemaNamingContext")
    Local $oSchema = ObjGet("LDAP://" & $sSchemaNamingContext)
    Local $sSchemaMaster = $oSchema.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sSchemaMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oSchema = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetSchemaMaster

; ---------------------------------------------
; Function: _GetDomainNamingMaster()
; Returns string computer name that holds the Domain Naming Master FSMO role (one per forest)
; ---------------------------------------------
Func _GetDomainNamingMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sConfigurationNamingContext = $oRootDSE.Get("configurationNamingContext")
    Local $oPartitions = ObjGet("LDAP://CN=Partitions," & $sConfigurationNamingContext)
    Local $sDomainNamingMaster = $oPartitions.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sDomainNamingMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oPartitions = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetDomainNamingMaster


; ---------------------------------------------
; Function: _GetPDCEmulator()
; Returns string computer name that holds the PDC Emulator FSMO role (one per domain)
; ---------------------------------------------
Func _GetPDCEmulator()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oDomain = ObjGet("LDAP://" & $sDefaultNamingContext)
    Local $sPdcEmulator = $oDomain.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sPdcEmulator)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oDomain = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetPDCEmulator


; ---------------------------------------------
; Function: _GetRIDMaster()
; Returns string computer name that holds the RID Master FSMO role (one per domain)
; ---------------------------------------------
Func _GetRIDMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oRidManager = ObjGet("LDAP://CN=RID Manager$,CN=System," & $sDefaultNamingContext)
    Local $sRidMaster = $oRidManager.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sRidMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oRidManager = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetRIDMaster


; ---------------------------------------------
; Function: _GetInfrastructureMaster()
; Returns string computer name that holds the Infrastructure Master FSMO role (one per domain)
; ---------------------------------------------
Func _GetInfrastructureMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oInfrastructure = ObjGet("LDAP://CN=Infrastructure," & $sDefaultNamingContext)
    Local $sInfrastructureMaster = $oInfrastructure.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sInfrastructureMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oInfrastructure = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetInfrastructureMaster

I don't have a domain handy to test. Please try them out and post results.

:D

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
PeterAtkin

Works a treat, here is what I did and it really helped.. thanks

#include <log.au3>
#include <fsmo.au3>

Global $hLog = _Log_Open(@UserProfileDir & "\" & "logon-" & @UserName & ".log", "###User " & @UserName & " Logon Event Log###")
Global $fsmo_error = 0, $fsmo_check = "Yes", $post_msg = "support@computer-facilities.com or call on 0414-533784"

 fsmo_all()

Func fsmo_all()

    #cs
        Dependencies
        log.udf
        fsmo.udf
        _ping_fsmo()
        _add_log_line()

        Global Veriables
        $fsmo_error, $fsmo_check, $hLog
    #ce

    Local $sm_var = _GetSchemaMaster()
    Local $dm_var = _GetDomainNamingMaster()
    Local $pdc_var = _GetPDCEmulator()
    Local $ism_var = _GetInfrastructureMaster()
    Local $rid_var = _GetRIDMaster()
    $fmso_error = 0
    ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF)
    _add_log_line("FMSO Roles")
    $var = _ping_fsmo($sm_var, 25)
    _add_log_line("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var)
    ConsoleWrite("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($dm_var, 25)
    _add_log_line("Domain Naming Master :" & $dm_var & " is " & $var)
    ConsoleWrite("Domain Naming Master :" & @TAB & $dm_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($pdc_var, 25)
    _add_log_line("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF)
    ConsoleWrite("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($rid_var, 25)
    _add_log_line("RID Master :" & @TAB & @TAB & @TAB & $rid_var & " is " & $var & @CRLF)
    ConsoleWrite("RID Master :" & @TAB & @TAB & $rid_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($ism_var, 25)
    _add_log_line("Infrastructure Master :" & $ism_var & " is " & $var & @CRLF)
    ConsoleWrite("Infrastructure Master :" & @TAB & $ism_var & " is " & $var & @CRLF)
    If $fsmo_check = "Yes" Then
        If $fsmo_error = 1 Then
            MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _
                    @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _
                    @CRLF & @CRLF & $post_msg & " for support on this matter")
            Exit
        EndIf
    EndIf
EndFunc ;==>fsmo_all

Func _ping_fsmo($host, $ttl)
    Local $var
    $var = Ping($host, 50)
    If $var Then
        Return "Up"
    Else
        $fmso_error = 1
        Return "Down"
    EndIf
EndFunc ;==>_ping_fsmo

Func _add_log_line($logmsg)
    _Log_Report($hLog, $logmsg)
    _Log_Report($hLog, "---------")
EndFunc ;==>_add_log_line

I did modify your scripts a little just making sure the return data in all your functions was changed to this

Return StringTrimLeft($sComputer,3)
from
Return $sComputer
just so the output was a little neater.

The add log function I got from http://www.autoitscript.com/forum/index....4&hl=log%20udf&fromsearch=1&#entry829674,

Edited by PeterAtkin

[topic='115020'] AD Domain Logon Script[/topic]

Share this post


Link to post
Share on other sites
water

You could use my Active Directory UDF (for download please see my signature). Function _AD_ListRoleOwners() does exaclty what you need.

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get a list of all FSMO Role Owners
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()

; Get a list of all FSMO Role Owners plus description
Global $aFSMO[6][2] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
Global $aTemp = _AD_ListRoleOwners()
Global $iCount
For $iCount = 1 To $aTemp[0]
    $aFSMO[$iCount][1] = $aTemp[$iCount]
Next
$aFSMO[0][0] = $aTemp[0]
_ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<")

; Close Connection to the Active Directory
_AD_Close()
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
PeterAtkin

Thanks 'water' will give this a go..


[topic='115020'] AD Domain Logon Script[/topic]

Share this post


Link to post
Share on other sites
PeterAtkin

@ 'water' Just did this using your AD UDF and works a treat, I do have one question is there any way to verify the status of the FSMO Server e.g. not just are they up, but also what is their health, e.g. any critical errors that may affect the function of the FSMO roles if that makes any sense.

#AutoIt3Wrapper_Au3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_Au3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get a list of all FSMO Role Owners
; *****************************************************************************
#include <AD.au3>
Global $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
Global $fmso_error = 0, $Diags = 0, $fsmo_check = "Yes", $fsmo_error = 0, $post_msg = "support@computer-facilities.com or call on 0414-533784"

fsmo_all()

Func fsmo_all()
    #cs
        Description
        simple check of FSMO roles and the Servers holding them.

        Dependencies
        log.udf
        ad.udf
        _ping_fsmo()
        _add_log_line()

        Global Veriables
        $fsmo_error, $fsmo_check, $hLog, $post_msg
        $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
    #ce
    Local $iCount, $var
    _AD_Open()
    Local $aTemp = _AD_ListRoleOwners()
    _AD_Close()
    ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF)
    For $iCount = 1 To $aTemp[0]
        $aFSMO[$iCount][1] = $aTemp[$iCount]
        $var = _ping_fsmo($aFSMO[$iCount][1], 25)
        $aFSMO[$iCount][2] = $var
        if $aFSMO[$iCount][2] = "Down" Then $fsmo_error = 1
        ;_add_log_line("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2])
        ConsoleWrite("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2] & @CRLF)
    Next
    $aFSMO[0][0] = $aTemp[0]
    If $Diags = 1 Then _ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<")
        If $fsmo_check = "Yes" Then
        If $fsmo_error = 1 Then
            MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _
                    @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _
                    @CRLF & @CRLF & $post_msg & " for support on this matter")
            Exit
        EndIf
    EndIf
EndFunc ;==>fsmo_all

Func _ping_fsmo($host, $ttl)
    Local $var
    $var = Ping($host, $ttl)
    If $var Then
        Return "Present"
    Else
        $fmso_error = 1
        Return "Down"
    EndIf

EndFunc ;==>_ping_fsmo
Edited by PeterAtkin

[topic='115020'] AD Domain Logon Script[/topic]

Share this post


Link to post
Share on other sites
water

I think it's the responsibility of the Active Directory Services to check availability of the services.

First you query AD for the FSMO roles. You get the roles as AD sees them at the moment. As this are very importent roles for the operation of the AD the AD itselfs is checking their availability and switches over to another server in case of a problem.

So when you ping the servers you sort out network problems.

Now everything should be fine. Further tests don't bring you more information - in my opinion.

Edit: You could use the Windows 2003 Server tool DCDiag. For description plus download please see this site.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×