Monday, July 9, 2007

Active Directory PDC vs FSMO

Today I faced strange issue in my environment which forced me to read about FSMO. Let me briefly give an idea about the problem : We have enabled Bi-Directional password synch which requires an agent to be installed on the Active Directory (AD). In some cases when user changes the password in the microsoft way (CTRL+ALT+DEL) screen just hangs. While troubleshooting my AD team told me that the agent is installed on FSMO and I had no idea what the hack he is talking about so I read about it and thought of posting the same here.

FSMO stands for Flexible Single Master Objects

Windows 2000 Multi-Master Model

A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows 2000 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.

Windows 2000 Single-Master Model

To prevent conflicting updates in Windows 2000, the Active Directory performs updates to certain objects in a single-master fashion. In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 3.51 and 4.0), in which the PDC is responsible for processing all updates in a given domain.

The Windows 2000 Active Directory extends the single-master model found in earlier versions of Windows to include multiple roles, and the ability to transfer roles to any domain controller (DC) in the enterprise. Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows 2000 there are five FSMO roles:

1) Schema master
2) Domain naming master
3) RID master
4) PDC emulator
5) Infrastructure daemon 

 Curtsey: Microsoft KB


No comments:

Hub and Switch and Router

I was doing a udemy course to learn more about the networking concepts and wanted to clarify the confusion between Hub, Switch and Router. ...