FSMO Roles

FSMO (Flexible Single Master Operations)

Two good reasons for investigating FSMO

a) Curiosity to know how this Single master operation works

b) To know what to do if you lose one of the 5 vital roles.

Background information

For most Active Directory operations, Windows 2003 uses the multiple master model.  The benefit is you can add a computer, or change a user’s password on any domain controller.  For example, if you have three domain controllers, you can physically create a new computer in the NTDS.dit database on any of the three.  Five minutes later, the new computer object will be replicated to the other two domain controllers.

Technically, the multiple master model uses a change notification mechanism.  Occasionally problems arise with duplicate operations, and as a result orphaned objects appear in the ‘LostAndFound’ folder.  The point of FSMO is that a few operations are deemed so critical that only one domain controller can carry out that process.  Emulating a PDC is the most famous example of such a Single Master Operation; creating a new child domain would be another example.

In FSMO, the Flexible word simply means that you can move the role to a more suitable domain controller.

The five FSMO roles are:

  1. PDC Emulator – For NT 4.0 BDC’s.  But also for synchronizing time and creating group policies.
  2. RID Master – Each object must have a globally unique number.  The RID master makes sure each domain controller issues unique numbers when you create objects like users.
  3. Infrastructure Master – Responsible for checking Universal group membership in multiple domain forests.
  4. Domain Naming Master – Ensures that each child domain has a unique name.
  5. Schema Master – Operations that involve expanding user properties e.g. Exchange 2000 adds the mailbox property to users.

Three of the FSMO roles (1-3) are held in each domain, whilst two (4-5) are unique to the entire forest.

Changing the FSMO rolesFSMO Roles

RID, PDC, Infrastructure (1. 2. and 3.)

You can plan a switch of Operation Master by using the Change button in the diagram right, taken from Active Directory Users and Computers, Right Click Domain, Properties, Operations Masters.

Domain Naming Master (4.)

To see the Domain Naming Master (4), check out Active Directory Domains and Trusts, Operations Master..

Schema Master (5.)

The Schema Master (5) is the most difficult FSMO to find.

1) Register the Schema Snap with this command: RUN regsvr32 schmmgmt.dll;

2) Run MMC, Add Remove Snap-in, Add Active Directory Schema

3) Select Active Directory Schema, Right Click, Operations Master.

If you ever run DCPROMO to demote a domain controller, watch out for a check box that says ‘This is the last domain controller in the domain’.  If that box is UNchecked the wizard will automatically move any FSMO roles to another domain controller.

Troubleshooting

If you find problems with domain controller connections timing out then:

a) Check DNS settings on the TCP/IP properties.

b) Check that all the FSMO servers are up and running.

c) Try this need command using NetDom:
    netdom query fsmo.

d) If you need a copy of netdom, check here.

How to back up and restore http://companyweb data in Windows Small Business Server 2003

How to back up and restore http://companyweb data in Windows Small Business Server 2003

Article ID : 829112
Last Review : May 4, 2005
Revision : 5.0

SUMMARY

This article discusses how to back up a Windows SharePoint Services http://companyweb database in Microsoft Small Business Server 2003 and how to restore the database back to the original server. You can do the backup and the restore operations by using Microsoft Windows NT Backup or by using the Stsadm.exe command-line tool.

For these steps to work, you must meet the following criteria:

You must restore the database to the same server where you performed the backup operation.
The following Windows SharePoint Services database and log files must be on the server:

STS_Config.mdf
STS_Config_log.ldf
STS_Servername_1.mdf
STS_Servername_1_log.ldf

back to the top

Back up and restore a Windows SharePoint Services http://companyweb database by using Windows NT Backup

1. To back up the Windows SharePoint Services http://companyweb database by using Windows NT Backup, follow these steps:

a. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.
b. In the Backup or Restore Wizard, click Advanced Mode, and then click the Backup tab.
c. Click to select the check box of the folder where the Windows SharePoint Services databases are installed. By default, this is Program FilesMicrosoft SQL ServerMSSQL$SharePointData.

Note This is the default installation folder for Windows SharePoint Services databases.

d. Specify a destination for the backup, and then click Start Backup.
2. To restore a Windows SharePoint Services http://companyweb database by using Windows NT Backup, follow these steps:

Note This action overwrites the existing Windows SharePoint Services databases. Microsoft recommends that you back up the current Program FilesMicrosoft SQL ServerMSSQL$SharePointData folder before you restore files.

a. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.
b. In the Backup or Restore Wizard, click Advanced Mode.
c. Click the Restore and Manage Media tab.
d. Select the tape drive or other backup storage device that contains the http://companyweb database(s) that you backed up in step 1.
e. Click to select the check box of the folder where the Windows ShareP
oint Services databases are installed. By default, this is Program FilesMicrosoft SQL ServerMSSQL$SharePointData .
f. On the Tools menu, click Options.
g. Click the Restore tab, click to select the Always replace the file on my computer check box, and then click OK.

h. Verify that Restore Files to is set to Original location, and then click Start Restore. Click OK to start restoring your data.

Note After you click Start Restore, you can click Advanced in the Confirm Restore dialog box. Microsoft recommends that you do not make any changes to the default advanced restore options until you know that the restore was successful.

For more information about advanced restore options, visit the following Microsoft Web site:

i. When the restore is complete, click Close in the Restore Progress dialog box, and then click Yes to restart the server.

back to the top

Back up and restore a Windows SharePoint Services http://companyweb database by using the Stsadm.exe command-line tool

1. To back up a Windows SharePoint Services http://companyweb database by using Stsadm.exe, follow these steps:

a. Click Start, and then click Run.
b. In the Open: box, type cmd, and then click OK.
c. At the command prompt, type the following, and then press ENTER:

cd %programfiles%Common FilesMicrosoft Sharedweb server extensions60BIN
d. At the command prompt, type the following, where Backup_Path is the path of the backup file, and then press ENTER:

stsadm -o backup -url http://companyweb -filename Backup_Path

For example, if you type stsadm -o backup -url http://companyweb -filename c:backup.dat, you will back up http://companyweb to the Backup.dat file. This file is located in the root directory of drive C.

Note This command backs up the http://companyweb top-level Web site and its subwebs only. If you have additional top-level Web sites, you must use Stsadm.exe to back up each top-level site.

e. Type exit, and then press ENTER.
2. To restore a Windows SharePoint Services http://companyweb database by using Stsadm.exe, follow these steps:

a. Click Start, and then click Run.
b. In the Open: box, type cmd, and then click OK.
c. At the command prompt, type the following and then press ENTER:

cd %programfiles%Common FilesMicrosoft Sharedweb server extensions60BIN
d. At the command prompt, type the following, where Backup_Path is the path of the backup file, and then press ENTER:

stsadm -o restore -url http://companyweb -filename Backup_Path -overwrite

For example, if you type stsadm -o restore -url http://companyweb -filename c:backup.dat -overwrite, you will restore http://companyweb from the Backup.dat file. This file is located in the root directory of drive C.

e. Type exit, and then press ENTER.

Example script to create daily backups of the http://companyweb database

Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and the tools that are used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. If you have limited programming experience, you may want to contact a Microsoft Certified Partner or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Partners, visit the following Microsoft Web site:

For additional information about the support options available from Microsoft, visit the following Microsoft Web site:

The following example script uses a numbered value for the day of the week. The script then appends this number to the name of the backup file that the script creates in the X:Backups location. To use this script, copy the following code to a Notepad file, and then customize the text string that specifies the backup file (x:backupscompanyweb). Next, save the Notepad file by using the file name Wssback.vbs, and then create a scheduled task to run this script daily.

dim dayweekdim strBackupdayweek = datepart("w",(date))strBackup = """C:Program FilesCommon FilesMicrosoft Sharedweb server extensions60BINstsadm""" + _"-o backup -url http://companyweb -filename x:backupscompanyweb" + cstr(dayweek) + ".dat -overwrite"wscript.echo "Backing up Companyweb"Set WshShell = WScript.CreateObject("WScript.Shell")Return = WshShell.Run(strBackup, 0, true)Set WshShell = Nothing

To add this script as a scheduled task, follow these steps:

1. Open Control Panel.
2. Double-click Scheduled Tasks.
3. On the File menu in Scheduled Tasks, point to New, and then click Scheduled Task.
4. Type a name for the scheduled task, such as Companyweb Backup.
5. Double-click the new task to open the task properties.
6. In the Run box, type cscript Drive:Wssback.vbs.

Note In this step, Drive is the location of the Wssback.vbs file.

7. Click Set password, type the password for the user account that the task will use in the Password box and in the Confirm password box, and then click OK.
8. Click the Schedule tab, configure the appropriate schedule, and then click OK.
9. To test the scheduled task, right-click the task, and then click Run. After the task runs, visit the location that you specified for the backup file to verify that the script created the file.

back to the top

REFERENCES

For more information about the Windows SharePoint Services Software Development Kit (SDK), visit the following Microsoft Web site:

For more information about the Windows SharePoint Services Administrator’s Guide, visit the following Microsoft Web site:

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

829113 How to restore a Windows SharePoint Services CompanyWeb database after the intranet component and SQL Server or MSDE 2000 have been removed on Windows Small Business Server

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

827701 How to perform a disaster recovery operation of SharePoint Services Companyweb and SharePoint Services Databases

back to the top


APPLIES TO
Microsoft Windows Small Business Server 2003 Premium Edition
Microsoft Windows Small Business Server 2003 Standard Edition
Microsoft Windows SharePoint Services
Keywords: 
kbhowtomaster kbbug KB829112

Link to this Article

Forcing GPO Refresh

Question: How can I force Group Policy to refresh on a Windows Server 2003 or Windows XP machine?

Answer:

To manually force Group Policy to refresh under Windows 2000, you use the command

secedit /refreshpolicy machine_policy/user_policy

Microsoft has replaced this command in Windows 2003 and XP with the command

gpupdate 

You can run this command without any switches to update both machine and user policies. When you run Gpupdate on Windows 2003, the machine will display the following text:

Refreshing Policy...User Policy Refresh has completed.Computer Policy Refresh has completed.To check for errors in policy processing, review the event log.

The last line doesn’t appear on XP machines. To update only the user command components, type

gpupdate /target:user

To load only the computer command components, type

gpupdate /target:computer

The optional switches that you can use with the Gpupdate command are

  • /Force. This switch loads all policy settings rather than just those that have changed.
  • /Wait:<time>. This switch specifies the amount of time to wait for the policy processing to finish before returning to the command prompt.
  • /Logoff. This switch causes the user to log off after Group Policy refreshes.
  • /Boot. This switch causes a reboot after Group Policy refreshes.
  • /Sync. This switch synchronously (i.e., in the background) applies the next boot or user logon policy (the system will prompt you to log off or reboot, depending on the /target setting).

Migration/Integrating Active Directory and NDS

Products

MIIS

MIIS 2003 Product Overview
Microsoft Identity Integration Server 2003 Frequently Asked Questions

Evaluation Download

 

Microsoft Windows Services for NetWare

Microsoft Windows Services for NetWare 5.03 Overview – Can be used for migration and Coexistence
Microsoft Windows Services for NetWare Component Summary
Services for NetWare 5.03 White Paper
Novell NetWare integration overview

Synchronizing Windows 2000 Active Directory with Novell Directories

Download – Available Free from Microsoft

Unable to install the Intranet Component while installing SmallBusiness Server 2003

Question: Why do I have this problem installing SmallBusiness Server 2003

Answer: There is a known error on the first rease of the CDs of Smallbusiness Server 2003. Here is the KB
and here is the patch: SBS2003-KB832880-X86-ENU.EXE (522,77 KB)

The terminal services client has been disconnected because its temporary license has expired.

Error: The terminal services client <client> has been disconnected because its temporary license has expired. 

Solution:

This problem may occur if the Licensing Mode in Terminal Services is set to Per Device, the Terminal Server Licensing server only has Per User CALS.

To correct this problem, change the Licensing Mode in Terminal Services Configuration to Per User. To do this, follow these steps:

1. Click Start, point to Administrative Tools, and then click Terminal Services Configuration.
2. Click Server Settings, and then double-click Licensing Mode.
3. Change the Licensing Mode to Per User, and then click OK.

Currently, Window Server 2003 does not manage User CALs. This means that even though there is a User CAL in the license server database, the User CAL will not be decremented when it is used. This does not remove administrators from End User License Agreement (EULA) requirements to have a valid terminal server (TS) CAL for each user. Failure to have a User CAL for each user, if Device CALs are not being used, is a violation of the EULA. In the future, this behavior will be changed and User CALs will be managed.

The following text is from the End User License Agreement (EULA) for Windows Server 2003:

Two different TS CALs are available to you: “Device” and “User.” Each TS Device CAL permits one Device (used by any User) to conduct Windows Sessions on any of your Servers. Each TS User CAL permits one User (using any Device) to conduct Windows Sessions on any of your Servers. You may use a mix of TS Device CALs and TS User CALs simultaneously with the Server Software in your environment. You can have a Terminal Server request Per User licenses or Per Device (default) but not both simultaneously.