Today’s Micro Blog thought

Posted in Uncategorized on July 21, 2010 by tazspaz

Some people live life in the fast lane – I live in oncoming traffic.

Blog moved

Posted in Uncategorized on September 13, 2009 by tazspaz

Please note, I will be leaving this blog up until the end of the year.  However, I have moved a copy of these posts as well as updated posts to:

Hope to see you all there!

Some Clarifying thoughts on the PDC Emulator FSMO Role

Posted in Taz, Technical with tags , , , , , , , , , , , , , , , , on March 2, 2009 by tazspaz

Okay, in this post you are going to find some of my personal thoughts.  :/  Ya, a bit scary right?  However, this topic has been going on for some time and you will find posts, retractions, clarifications, etc all over the web in regards to this topic.

The PDC Emulator and what does it do?  People keep asking the question about there being no actual PDC in the domain any longer in a Windows® domain.  That there is no such thing, that the PDC emulator is only important in a mixed mode environment.

Hey, if that above is true, then why do we really care about this FSMO at all (In Native Mode)?  Why do we need to worry about its placement, and is there really a PDC/BDC environment in the Windows® architecture today?

I started this topic after having a discussion with a Project Manager (PM) about a client today in front of a group of other technical folks who more or less tried to call me stupid.  Even had their own laugh track to start with when they thought I was out of ear shot.  Since this they have been educated a bit more.  J

First let’s start off with you, the reader, receiving a better understanding of why the PDC emulator role is important.  Start off by reading here
Personal Note:  If you have Windows® administration, networking, or security questions, Mitch Tulloch is a Microsoft MVP you can look to for the answers. 

Okay, my hope is that you read the link before continuing.  If not, make sure you go open that link and start reading!

So, Microsoft(r) states that the PDC/BDC relationship no longer exists as we knew it in NT days past.  This is true, technically speaking. Understanding however how things really work for the PDC emulator FSMO might help you to realize that, in a fashion, the old “laws” still exist and that there is really a PDC/BDC role model “after a fashion”.  Let’s take a look at what the PDC Emulator does; start by going here:
(For those of you who didn’t follow the link I will outline below from Daniel Petri from this link:

In a Windows® 2000/2003 domain, the PDC emulator role has the following functions:

  • Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
  • Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
  • Account lockout is processed on the PDC emulator.
  • Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.
  • The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.*

*This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.

At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

We also need to remember that the PDC emulator is responsible for (as outlined by Mitch Tulloch found on the first link in this post):

  • Root Time
  • Remember if this role holder fails you will see the most problems occurring on your network.
  • For every N domain in the forest you will have N DCs with the PDC emulator role.
  • This role is arguably the most heavily utilized role and should not house the Global Catalog (GC) as this will help load balance in larger environments.

Also of note:

So the next time you hear someone ask if there is a such thing as a PDC tell them “technically” no in a Native Mode environment.  But as I tell folks, practically speaking, yes.  If you get kick back or “guff” about it, remember there is plenty of fire power out there to back you up.

If they don’t believe you, ask them to shut down the server with the PDC Emulator role. 🙂

(Thank you to Mitch Tulloch and Daniel Petri’s sites and to Google! This post and my thoughts probably wouldn’t have been coherent with out them!) :p

Public Service Announcement

Posted in Rants, Taz with tags , , , , , , , , , on March 2, 2009 by tazspaz

Due to recent budget cuts and the cost of electricity,
gas and oil, as well as current market conditions,
and the continued decline of the U.S. economy,

The Light at the End of the Tunnel has been turned off.

We apologize for the inconvenience.

IMPORTANT NOTICE!! (Heartland Payment)

Posted in Rants, Taz with tags , , , , , , , , , , , on January 29, 2009 by tazspaz

We have been notified that a data breach occurred at Heartland Payment, a company that processes credit and debit card transactions nationally for restaurants and small businesses. Please keep in mind that data breaches seldom lead to fraud and rarely identity theft. For your security, please monitor your statements and account activity thoroughly.  If you suspect suspicious activity, contact your bank immediately.


Above is the note I received from my bank today.  I felt it was important to share with you, the readers, and hope in some small way it helps you at least be alert for any suspicious activities on your credit/debit cards.

At this moment I’m trying to see if I can get an idea of restaurants that would have been using Heartland Payment as their provider to help further if possible. 

I do feel that it was a disservice to mention that data breaches’ “seldom lead to fraud and rarely identity theft” by the bank that services my accounts.  I personally take any data breach seriously and would want all of us to protect against fraud and identity theft.  The fact that the data security is breached is enough to be concerned.  If it wasn’t of concern financial institutions wouldn’t be asked to report on it.  A good place to start is to balance your bank statement and keep receipts until you do.  Otherwise you really never know now do you?