MattKopf Posted June 17, 2009 Share Posted June 17, 2009 Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything. Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 18, 2009 Share Posted June 18, 2009 (edited) Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything. Google is your friend: Determining FSMO Role Holders Scroll down to Methods #3 or #4 for scriptability. Edit: I knew that could be done from a COM interface, so I googled up a couple of VBScript versions and mashed them together into this: expandcollapse popup; --------------------------------------------- ; Function: _GetSchemaMaster() ; Returns string computer name that holds the Schema Master FSMO role (one per forest) ; --------------------------------------------- Func _GetSchemaMaster() Local $oRootDSE = ObjGet("LDAP://rootDSE") Local $sSchemaNamingContext = $oRootDSE.Get("schemaNamingContext") Local $oSchema = ObjGet("LDAP://" & $sSchemaNamingContext) Local $sSchemaMaster = $oSchema.Get("fSMORoleOwner") Local $oNTDS = ObjGet("LDAP://" & $sSchemaMaster) Local $oComputer = ObjGet($oNTDS.Parent) Local $sComputer = $oComputer.Name $oComputer = 0 $oNTDS = 0 $oSchema = 0 $oRootDSE = 0 Return $sComputer EndFunc ;==>_GetSchemaMaster ; --------------------------------------------- ; Function: _GetDomainNamingMaster() ; Returns string computer name that holds the Domain Naming Master FSMO role (one per forest) ; --------------------------------------------- Func _GetDomainNamingMaster() Local $oRootDSE = ObjGet("LDAP://rootDSE") Local $sConfigurationNamingContext = $oRootDSE.Get("configurationNamingContext") Local $oPartitions = ObjGet("LDAP://CN=Partitions," & $sConfigurationNamingContext) Local $sDomainNamingMaster = $oPartitions.Get("fSMORoleOwner") Local $oNTDS = ObjGet("LDAP://" & $sDomainNamingMaster) Local $oComputer = ObjGet($oNTDS.Parent) Local $sComputer = $oComputer.Name $oComputer = 0 $oNTDS = 0 $oPartitions = 0 $oRootDSE = 0 Return $sComputer EndFunc ;==>_GetDomainNamingMaster ; --------------------------------------------- ; Function: _GetPDCEmulator() ; Returns string computer name that holds the PDC Emulator FSMO role (one per domain) ; --------------------------------------------- Func _GetPDCEmulator() Local $oRootDSE = ObjGet("LDAP://rootDSE") Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext") Local $oDomain = ObjGet("LDAP://" & $sDefaultNamingContext) Local $sPdcEmulator = $oDomain.Get("fSMORoleOwner") Local $oNTDS = ObjGet("LDAP://" & $sPdcEmulator) Local $oComputer = ObjGet($oNTDS.Parent) Local $sComputer = $oComputer.Name $oComputer = 0 $oNTDS = 0 $oDomain = 0 $oRootDSE = 0 Return $sComputer EndFunc ;==>_GetPDCEmulator ; --------------------------------------------- ; Function: _GetRIDMaster() ; Returns string computer name that holds the RID Master FSMO role (one per domain) ; --------------------------------------------- Func _GetRIDMaster() Local $oRootDSE = ObjGet("LDAP://rootDSE") Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext") Local $oRidManager = ObjGet("LDAP://CN=RID Manager$,CN=System," & $sDefaultNamingContext) Local $sRidMaster = $oRidManager.Get("fSMORoleOwner") Local $oNTDS = ObjGet("LDAP://" & $sRidMaster) Local $oComputer = ObjGet($oNTDS.Parent) Local $sComputer = $oComputer.Name $oComputer = 0 $oNTDS = 0 $oRidManager = 0 $oRootDSE = 0 Return $sComputer EndFunc ;==>_GetRIDMaster ; --------------------------------------------- ; Function: _GetInfrastructureMaster() ; Returns string computer name that holds the Infrastructure Master FSMO role (one per domain) ; --------------------------------------------- Func _GetInfrastructureMaster() Local $oRootDSE = ObjGet("LDAP://rootDSE") Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext") Local $oInfrastructure = ObjGet("LDAP://CN=Infrastructure," & $sDefaultNamingContext) Local $sInfrastructureMaster = $oInfrastructure.Get("fSMORoleOwner") Local $oNTDS = ObjGet("LDAP://" & $sInfrastructureMaster) Local $oComputer = ObjGet($oNTDS.Parent) Local $sComputer = $oComputer.Name $oComputer = 0 $oNTDS = 0 $oInfrastructure = 0 $oRootDSE = 0 Return $sComputer EndFunc ;==>_GetInfrastructureMaster I don't have a domain handy to test. Please try them out and post results. Edited June 18, 2009 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
PeterAtkin Posted September 29, 2010 Share Posted September 29, 2010 (edited) Works a treat, here is what I did and it really helped.. thanksexpandcollapse popup#include <log.au3> #include <fsmo.au3> Global $hLog = _Log_Open(@UserProfileDir & "\" & "logon-" & @UserName & ".log", "###User " & @UserName & " Logon Event Log###") Global $fsmo_error = 0, $fsmo_check = "Yes", $post_msg = "support@computer-facilities.com or call on 0414-533784" fsmo_all() Func fsmo_all() #cs Dependencies log.udf fsmo.udf _ping_fsmo() _add_log_line() Global Veriables $fsmo_error, $fsmo_check, $hLog #ce Local $sm_var = _GetSchemaMaster() Local $dm_var = _GetDomainNamingMaster() Local $pdc_var = _GetPDCEmulator() Local $ism_var = _GetInfrastructureMaster() Local $rid_var = _GetRIDMaster() $fmso_error = 0 ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF) _add_log_line("FMSO Roles") $var = _ping_fsmo($sm_var, 25) _add_log_line("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var) ConsoleWrite("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var & @CRLF) $var = _ping_fsmo($dm_var, 25) _add_log_line("Domain Naming Master :" & $dm_var & " is " & $var) ConsoleWrite("Domain Naming Master :" & @TAB & $dm_var & " is " & $var & @CRLF) $var = _ping_fsmo($pdc_var, 25) _add_log_line("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF) ConsoleWrite("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF) $var = _ping_fsmo($rid_var, 25) _add_log_line("RID Master :" & @TAB & @TAB & @TAB & $rid_var & " is " & $var & @CRLF) ConsoleWrite("RID Master :" & @TAB & @TAB & $rid_var & " is " & $var & @CRLF) $var = _ping_fsmo($ism_var, 25) _add_log_line("Infrastructure Master :" & $ism_var & " is " & $var & @CRLF) ConsoleWrite("Infrastructure Master :" & @TAB & $ism_var & " is " & $var & @CRLF) If $fsmo_check = "Yes" Then If $fsmo_error = 1 Then MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _ @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _ @CRLF & @CRLF & $post_msg & " for support on this matter") Exit EndIf EndIf EndFunc ;==>fsmo_all Func _ping_fsmo($host, $ttl) Local $var $var = Ping($host, 50) If $var Then Return "Up" Else $fmso_error = 1 Return "Down" EndIf EndFunc ;==>_ping_fsmo Func _add_log_line($logmsg) _Log_Report($hLog, $logmsg) _Log_Report($hLog, "---------") EndFunc ;==>_add_log_lineI did modify your scripts a little just making sure the return data in all your functions was changed to this Return StringTrimLeft($sComputer,3) from Return $sComputer just so the output was a little neater.The add log function I got from http://www.autoitscript.com/forum/index....4&hl=log%20udf&fromsearch=1&#entry829674, Edited September 30, 2010 by PeterAtkin [topic='115020'] AD Domain Logon Script[/topic] Link to comment Share on other sites More sharing options...
water Posted September 30, 2010 Share Posted September 30, 2010 (edited) You could use my Active Directory UDF (for download please see my signature). Function _AD_ListRoleOwners() does exaclty what you need. #AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y ; ***************************************************************************** ; Example 1 ; Get a list of all FSMO Role Owners ; ***************************************************************************** #include <AD.au3> ; Open Connection to the Active Directory _AD_Open() ; Get a list of all FSMO Role Owners plus description Global $aFSMO[6][2] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]] Global $aTemp = _AD_ListRoleOwners() Global $iCount For $iCount = 1 To $aTemp[0] $aFSMO[$iCount][1] = $aTemp[$iCount] Next $aFSMO[0][0] = $aTemp[0] _ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<") ; Close Connection to the Active Directory _AD_Close() Edited September 30, 2010 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
PeterAtkin Posted September 30, 2010 Share Posted September 30, 2010 Thanks 'water' will give this a go.. [topic='115020'] AD Domain Logon Script[/topic] Link to comment Share on other sites More sharing options...
PeterAtkin Posted October 1, 2010 Share Posted October 1, 2010 (edited) @ 'water' Just did this using your AD UDF and works a treat, I do have one question is there any way to verify the status of the FSMO Server e.g. not just are they up, but also what is their health, e.g. any critical errors that may affect the function of the FSMO roles if that makes any sense. expandcollapse popup#AutoIt3Wrapper_Au3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #AutoIt3Wrapper_Au3Check_Stop_OnWarning=Y ; ***************************************************************************** ; Example 1 ; Get a list of all FSMO Role Owners ; ***************************************************************************** #include <AD.au3> Global $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]] Global $fmso_error = 0, $Diags = 0, $fsmo_check = "Yes", $fsmo_error = 0, $post_msg = "support@computer-facilities.com or call on 0414-533784" fsmo_all() Func fsmo_all() #cs Description simple check of FSMO roles and the Servers holding them. Dependencies log.udf ad.udf _ping_fsmo() _add_log_line() Global Veriables $fsmo_error, $fsmo_check, $hLog, $post_msg $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]] #ce Local $iCount, $var _AD_Open() Local $aTemp = _AD_ListRoleOwners() _AD_Close() ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF) For $iCount = 1 To $aTemp[0] $aFSMO[$iCount][1] = $aTemp[$iCount] $var = _ping_fsmo($aFSMO[$iCount][1], 25) $aFSMO[$iCount][2] = $var if $aFSMO[$iCount][2] = "Down" Then $fsmo_error = 1 ;_add_log_line("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2]) ConsoleWrite("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2] & @CRLF) Next $aFSMO[0][0] = $aTemp[0] If $Diags = 1 Then _ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<") If $fsmo_check = "Yes" Then If $fsmo_error = 1 Then MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _ @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _ @CRLF & @CRLF & $post_msg & " for support on this matter") Exit EndIf EndIf EndFunc ;==>fsmo_all Func _ping_fsmo($host, $ttl) Local $var $var = Ping($host, $ttl) If $var Then Return "Present" Else $fmso_error = 1 Return "Down" EndIf EndFunc ;==>_ping_fsmo Edited October 2, 2010 by PeterAtkin [topic='115020'] AD Domain Logon Script[/topic] Link to comment Share on other sites More sharing options...
water Posted October 2, 2010 Share Posted October 2, 2010 (edited) I think it's the responsibility of the Active Directory Services to check availability of the services.First you query AD for the FSMO roles. You get the roles as AD sees them at the moment. As this are very importent roles for the operation of the AD the AD itselfs is checking their availability and switches over to another server in case of a problem.So when you ping the servers you sort out network problems. Now everything should be fine. Further tests don't bring you more information - in my opinion.Edit: You could use the Windows 2003 Server tool DCDiag. For description plus download please see this site. Edited October 5, 2010 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now