FSMO holders

MattKopf · June 17, 2009

Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything.

PsaltyDS · June 18, 2009

Has anyone done a script to list the current FSMO roll holders? I did a serch but did not find anything.

Google is your friend: Determining FSMO Role Holders

Scroll down to Methods #3 or #4 for scriptability.

Edit: I knew that could be done from a COM interface, so I googled up a couple of VBScript versions and mashed them together into this:

; ---------------------------------------------
; Function: _GetSchemaMaster()
; Returns string computer name that holds the Schema Master FSMO role (one per forest)
; ---------------------------------------------
Func _GetSchemaMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sSchemaNamingContext = $oRootDSE.Get("schemaNamingContext")
    Local $oSchema = ObjGet("LDAP://" & $sSchemaNamingContext)
    Local $sSchemaMaster = $oSchema.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sSchemaMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oSchema = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetSchemaMaster

; ---------------------------------------------
; Function: _GetDomainNamingMaster()
; Returns string computer name that holds the Domain Naming Master FSMO role (one per forest)
; ---------------------------------------------
Func _GetDomainNamingMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sConfigurationNamingContext = $oRootDSE.Get("configurationNamingContext")
    Local $oPartitions = ObjGet("LDAP://CN=Partitions," & $sConfigurationNamingContext)
    Local $sDomainNamingMaster = $oPartitions.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sDomainNamingMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oPartitions = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetDomainNamingMaster


; ---------------------------------------------
; Function: _GetPDCEmulator()
; Returns string computer name that holds the PDC Emulator FSMO role (one per domain)
; ---------------------------------------------
Func _GetPDCEmulator()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oDomain = ObjGet("LDAP://" & $sDefaultNamingContext)
    Local $sPdcEmulator = $oDomain.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sPdcEmulator)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oDomain = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetPDCEmulator


; ---------------------------------------------
; Function: _GetRIDMaster()
; Returns string computer name that holds the RID Master FSMO role (one per domain)
; ---------------------------------------------
Func _GetRIDMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oRidManager = ObjGet("LDAP://CN=RID Manager$,CN=System," & $sDefaultNamingContext)
    Local $sRidMaster = $oRidManager.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sRidMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oRidManager = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetRIDMaster


; ---------------------------------------------
; Function: _GetInfrastructureMaster()
; Returns string computer name that holds the Infrastructure Master FSMO role (one per domain)
; ---------------------------------------------
Func _GetInfrastructureMaster()
    Local $oRootDSE = ObjGet("LDAP://rootDSE")
    Local $sDefaultNamingContext = $oRootDSE.Get("defaultNamingContext")
    Local $oInfrastructure = ObjGet("LDAP://CN=Infrastructure," & $sDefaultNamingContext)
    Local $sInfrastructureMaster = $oInfrastructure.Get("fSMORoleOwner")
    Local $oNTDS = ObjGet("LDAP://" & $sInfrastructureMaster)
    Local $oComputer = ObjGet($oNTDS.Parent)
    Local $sComputer = $oComputer.Name
    $oComputer = 0
    $oNTDS = 0
    $oInfrastructure = 0
    $oRootDSE = 0
    Return $sComputer
EndFunc  ;==>_GetInfrastructureMaster

I don't have a domain handy to test. Please try them out and post results.

Edited June 18, 2009 by PsaltyDS

PeterAtkin · September 29, 2010

Works a treat, here is what I did and it really helped.. thanks

#include <log.au3>
#include <fsmo.au3>

Global $hLog = _Log_Open(@UserProfileDir & "\" & "logon-" & @UserName & ".log", "###User " & @UserName & " Logon Event Log###")
Global $fsmo_error = 0, $fsmo_check = "Yes", $post_msg = "support@computer-facilities.com or call on 0414-533784"

 fsmo_all()

Func fsmo_all()

    #cs
        Dependencies
        log.udf
        fsmo.udf
        _ping_fsmo()
        _add_log_line()

        Global Veriables
        $fsmo_error, $fsmo_check, $hLog
    #ce

    Local $sm_var = _GetSchemaMaster()
    Local $dm_var = _GetDomainNamingMaster()
    Local $pdc_var = _GetPDCEmulator()
    Local $ism_var = _GetInfrastructureMaster()
    Local $rid_var = _GetRIDMaster()
    $fmso_error = 0
    ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF)
    _add_log_line("FMSO Roles")
    $var = _ping_fsmo($sm_var, 25)
    _add_log_line("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var)
    ConsoleWrite("Schema Master :" & @TAB & @TAB & $sm_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($dm_var, 25)
    _add_log_line("Domain Naming Master :" & $dm_var & " is " & $var)
    ConsoleWrite("Domain Naming Master :" & @TAB & $dm_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($pdc_var, 25)
    _add_log_line("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF)
    ConsoleWrite("PDC Emulator :" & @TAB & @TAB & $pdc_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($rid_var, 25)
    _add_log_line("RID Master :" & @TAB & @TAB & @TAB & $rid_var & " is " & $var & @CRLF)
    ConsoleWrite("RID Master :" & @TAB & @TAB & $rid_var & " is " & $var & @CRLF)
    $var = _ping_fsmo($ism_var, 25)
    _add_log_line("Infrastructure Master :" & $ism_var & " is " & $var & @CRLF)
    ConsoleWrite("Infrastructure Master :" & @TAB & $ism_var & " is " & $var & @CRLF)
    If $fsmo_check = "Yes" Then
        If $fsmo_error = 1 Then
            MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _
                    @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _
                    @CRLF & @CRLF & $post_msg & " for support on this matter")
            Exit
        EndIf
    EndIf
EndFunc ;==>fsmo_all

Func _ping_fsmo($host, $ttl)
    Local $var
    $var = Ping($host, 50)
    If $var Then
        Return "Up"
    Else
        $fmso_error = 1
        Return "Down"
    EndIf
EndFunc ;==>_ping_fsmo

Func _add_log_line($logmsg)
    _Log_Report($hLog, $logmsg)
    _Log_Report($hLog, "---------")
EndFunc ;==>_add_log_line

I did modify your scripts a little just making sure the return data in all your functions was changed to this

Return StringTrimLeft($sComputer,3)

from

Return $sComputer

just so the output was a little neater.

The add log function I got from http://www.autoitscript.com/forum/index....4&hl=log%20udf&fromsearch=1&#entry829674,

Edited September 30, 2010 by PeterAtkin

water · September 30, 2010

You could use my Active Directory UDF (for download please see my signature). Function _AD_ListRoleOwners() does exaclty what you need.

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get a list of all FSMO Role Owners
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()

; Get a list of all FSMO Role Owners plus description
Global $aFSMO[6][2] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
Global $aTemp = _AD_ListRoleOwners()
Global $iCount
For $iCount = 1 To $aTemp[0]
    $aFSMO[$iCount][1] = $aTemp[$iCount]
Next
$aFSMO[0][0] = $aTemp[0]
_ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<")

; Close Connection to the Active Directory
_AD_Close()

Edited September 30, 2010 by water

PeterAtkin · September 30, 2010

Thanks 'water' will give this a go..

PeterAtkin · October 1, 2010

@ 'water' Just did this using your AD UDF and works a treat, I do have one question is there any way to verify the status of the FSMO Server e.g. not just are they up, but also what is their health, e.g. any critical errors that may affect the function of the FSMO roles if that makes any sense.

#AutoIt3Wrapper_Au3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_Au3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get a list of all FSMO Role Owners
; *****************************************************************************
#include <AD.au3>
Global $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
Global $fmso_error = 0, $Diags = 0, $fsmo_check = "Yes", $fsmo_error = 0, $post_msg = "support@computer-facilities.com or call on 0414-533784"

fsmo_all()

Func fsmo_all()
    #cs
        Description
        simple check of FSMO roles and the Servers holding them.

        Dependencies
        log.udf
        ad.udf
        _ping_fsmo()
        _add_log_line()

        Global Veriables
        $fsmo_error, $fsmo_check, $hLog, $post_msg
        $aFSMO[6][3] = [[""],["Domains PDC Emulator"],["Domains RID (Relative-Identifierer) master"],["Domains Infrastructure master"],["Forest-wide Schema master"],["Forest-wide Domain naming master"]]
    #ce
    Local $iCount, $var
    _AD_Open()
    Local $aTemp = _AD_ListRoleOwners()
    _AD_Close()
    ConsoleWrite(@CRLF & ">>>> FSMO Roles <<<<" & @CRLF & @CRLF)
    For $iCount = 1 To $aTemp[0]
        $aFSMO[$iCount][1] = $aTemp[$iCount]
        $var = _ping_fsmo($aFSMO[$iCount][1], 25)
        $aFSMO[$iCount][2] = $var
        if $aFSMO[$iCount][2] = "Down" Then $fsmo_error = 1
        ;_add_log_line("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2])
        ConsoleWrite("The " & $aFSMO[$iCount][0] & " " & $aFSMO[$iCount][1] & " is " & $aFSMO[$iCount][2] & @CRLF)
    Next
    $aFSMO[0][0] = $aTemp[0]
    If $Diags = 1 Then _ArrayDisplay($aFSMO, "Active Directory Functions - Example 1", -1, 0, "<")
        If $fsmo_check = "Yes" Then
        If $fsmo_error = 1 Then
            MsgBox(32, "FSMO Error :" & $fsmo_error, "See event log at: " & @CRLF & "[" & @UserProfileDir & " \" & " logon - " & @UserName & " .log" & "] for more details!" & @CRLF & _
                    @CRLF & "This could lead to unexpected Domain and Logon issues and needs to be sorted out as a matter of urgency please contact :" & _
                    @CRLF & @CRLF & $post_msg & " for support on this matter")
            Exit
        EndIf
    EndIf
EndFunc ;==>fsmo_all

Func _ping_fsmo($host, $ttl)
    Local $var
    $var = Ping($host, $ttl)
    If $var Then
        Return "Present"
    Else
        $fmso_error = 1
        Return "Down"
    EndIf

EndFunc ;==>_ping_fsmo

Edited October 2, 2010 by PeterAtkin

water · October 2, 2010

I think it's the responsibility of the Active Directory Services to check availability of the services.

First you query AD for the FSMO roles. You get the roles as AD sees them at the moment. As this are very importent roles for the operation of the AD the AD itselfs is checking their availability and switches over to another server in case of a problem.

So when you ping the servers you sort out network problems.

Now everything should be fine. Further tests don't bring you more information - in my opinion.

Edit: You could use the Windows 2003 Server tool DCDiag. For description plus download please see this site.

Edited October 5, 2010 by water

Sign In

FSMO holders

Recommended Posts

MattKopf

Link to comment

Share on other sites

PsaltyDS

Link to comment

Share on other sites

PeterAtkin

Link to comment

Share on other sites

water

Link to comment

Share on other sites

PeterAtkin

Link to comment

Share on other sites

PeterAtkin

Link to comment

Share on other sites

water

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta