FSMO roles are essential for successful replication of objects in an Active Dire

Question

FSMO roles are essential for successful replication of objects in an Active Directory environment. Although a failure in any of the FSMO roles may not have immediate impact, the long term effects of FSMO failure could wreak havoc on an Active Directory infrastructure. Services that are often overlooked, such as time synchronization and the issuance of Security Identifiers (SIDs), occur with FSMO roles. The failure of these services could have lasting impacts on a network. Answer the following questions: List and explain any two implications of failure of FSMO roles on Active Directory. List and explain any two strategies that could be implemented to ensure that FSMO roles are fault tolerant. List and explain at least one situation in which it is appropriate to seize

Explanation / Answer

Troubleshooting FSMO Symptoms of FSMO Problems I find that the first sign of a problem with a FSMO is that Active Directory Users and Computers is slow to initialize. Moreover, if you try to even view Group Policies, you get an error such as: Inaccessible GPO - Access Denied or Failed to open the Group Policy Object. You may not have appropriate rights. The cause of these symptoms is that the FSMO master holding the PDC emulator is unavailable. Fingers crossed it's a temporary problem, however the problem persists then you need to investigate which Domain Controller holds, or held the PDC emulator role. Troubleshooting Toolkit DCDiag - Not only does DCDiag have a routing to check the FSMOs but it also provides information on Active Directory replication. As ever with troubleshooting, you want to get to the root cause not merely treat one of the symptoms. NetDOM - It's a close call whether to run NetDOM before or after DCDiag, the answer partly depends on whether NetDom is already installed or if you need to get it from the Windows Server 2003 Support tools. From the command line type netdom query fsmo. You should see a list of the of the 5 roles with the corresponding Domain Controller. DNS - Excuse what may seem like a digression, but it never ceases to amaze me how often faulty DNS configuration is the source of an Active Directory problem. Therefore, head for the DNS snap-in and observe that all settings are as expected. Remember the Monitor to tab. Make sure that each DNS server is registering itself and registering with other DNS Servers. DCPROMO - Rather drastic, but sometimes just running this program to demote a Domain Controller creates error messages, which are handy additional sources of information. If there are no error messages, you may just choose to cancel. However, if you go ahead and run DCPROMO to demote a domain controller, watch out for a check box that says 'This is the last domain controller in the domain'. If that box is UNchecked the wizard will automatically move any FSMO roles to another domain controller.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.