Archive for the Technical Category

Some Clarifying thoughts on the PDC Emulator FSMO Role

Posted in Taz, Technical with tags , , , , , , , , , , , , , , , , on March 2, 2009 by tazspaz

Okay, in this post you are going to find some of my personal thoughts.  :/  Ya, a bit scary right?  However, this topic has been going on for some time and you will find posts, retractions, clarifications, etc all over the web in regards to this topic.

The PDC Emulator and what does it do?  People keep asking the question about there being no actual PDC in the domain any longer in a Windows® domain.  That there is no such thing, that the PDC emulator is only important in a mixed mode environment.

Hey, if that above is true, then why do we really care about this FSMO at all (In Native Mode)?  Why do we need to worry about its placement, and is there really a PDC/BDC environment in the Windows® architecture today?

I started this topic after having a discussion with a Project Manager (PM) about a client today in front of a group of other technical folks who more or less tried to call me stupid.  Even had their own laugh track to start with when they thought I was out of ear shot.  Since this they have been educated a bit more.  J

First let’s start off with you, the reader, receiving a better understanding of why the PDC emulator role is important.  Start off by reading here
Personal Note:  If you have Windows® administration, networking, or security questions, Mitch Tulloch is a Microsoft MVP you can look to for the answers. 

Okay, my hope is that you read the link before continuing.  If not, make sure you go open that link and start reading!

So, Microsoft(r) states that the PDC/BDC relationship no longer exists as we knew it in NT days past.  This is true, technically speaking. Understanding however how things really work for the PDC emulator FSMO might help you to realize that, in a fashion, the old “laws” still exist and that there is really a PDC/BDC role model “after a fashion”.  Let’s take a look at what the PDC Emulator does; start by going here:
(For those of you who didn’t follow the link I will outline below from Daniel Petri from this link: http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm)

In a Windows® 2000/2003 domain, the PDC emulator role has the following functions:

  • Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
  • Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
  • Account lockout is processed on the PDC emulator.
  • Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.
  • The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.*

*This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.

At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

We also need to remember that the PDC emulator is responsible for (as outlined by Mitch Tulloch found on the first link in this post):

  • Root Time
  • Remember if this role holder fails you will see the most problems occurring on your network.
  • For every N domain in the forest you will have N DCs with the PDC emulator role.
  • This role is arguably the most heavily utilized role and should not house the Global Catalog (GC) as this will help load balance in larger environments.

Also of note:  http://en.wikipedia.org/wiki/Primary_Domain_Controller

So the next time you hear someone ask if there is a such thing as a PDC tell them “technically” no in a Native Mode environment.  But as I tell folks, practically speaking, yes.  If you get kick back or “guff” about it, remember there is plenty of fire power out there to back you up.

If they don’t believe you, ask them to shut down the server with the PDC Emulator role. 🙂

(Thank you to Mitch Tulloch and Daniel Petri’s sites and to Google! This post and my thoughts probably wouldn’t have been coherent with out them!) :p

Advertisements

Urgent Microsoft Update!!

Posted in Taz, Technical with tags , , , , , , , , , , , , , , , , on December 19, 2008 by tazspaz

Dear readers:

It is once again time for an “out of cycle” patch from Microsoft.  Please, make sure you read the Microsoft Security Bulletin 08-078 and apply accordingly.  It is located here:  http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Follow the directions there for your specific patch level and browser type.

Cannot Open Virtual Machine in VMWare Workstation

Posted in Taz, Technical with tags , , , , , , , , , , , on December 12, 2008 by tazspaz

When do you see this error?

Goof! When you, or someone else, does not “properly” shut down your virtual machine!  It could also happen because the host system crashed.  However, I’m pretty sure you did it! 😉

“Could not open virtual machine: C:\…….\machinename.vmx. This virtual machine appears to be in use.”

Here’s what you are going to do; well, if you want to see the VM instance back up anyhow. 
1.  Navigate to the directory where the VM image configuration file in question exists.
            a) you will see four folders with .lck extensions.  The folders are created when you start the instance.  If the VM is properly shut down these folders will be automatically deleted, but if the VM was not shut down properly they will not be deleted and VM will think that the image is already started and not allow you to view/manage the instance.

2.  Okay, now that you are in the directory of said instance and you have located the offending .lck folders; delete them.

3.  Start your instance up and enjoy.

That wasn’t so hard now was it?

WSUS and Please, You Can’t PUSH!

Posted in Taz, Technical with tags , , , , , , , , , on October 27, 2008 by tazspaz

My *ahem* favorite question *rolling eyes* being emailed or IM’ed to me right now has been “Hey, how can I get WSUS to push out this update??”

I always suggest that one uses an “admin” script that can be added to a top level GPO for “emergancies”.  This way you can add a command such as:

wuauclt.exe /detectnow

That would (in my case for a logon policy set in my GPO) make all clients and servers query the WSUS for any updates.  This would install critical patches, say that come in “out of cycle”, and need to be addressed immediately. *hint, hint*

Microsoft RPC Patch

Posted in Taz, Technical with tags , , , , , , , , , , on October 23, 2008 by tazspaz

There has been a lot of alerts/news out today from several vendors about a new critical vulnerability just announced. 

Please note, many vendors are focusing on the fact that Windows 2000 and Windows XP is affected. 

HOWEVER, it is deeper than that; all Microsoft operating systems are affected.   The article only goes back to Windows 2000 but also covers XP, Vista, Windows Server 2003 and Server 2008.  There is an off-cycle patch from Microsoft already out (usually it’s once per month).  You can get this (and any others you may have missed) by clicking on Start – Windows Update.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Even if you have followed the proper best practices for segregation of your network and proper firewall proceedures I HIGHLY recommend getting this patch installed as soon as possible.

Sen. McCain vs. Sen. Obama?

Posted in Rants, Taz, Technical with tags , , , , , , , , , , on September 25, 2008 by tazspaz

Earlier today I found a question about someone asking for Sen. McCain’s accomplishments.  I was looking for more specifics on Sen. McCain vs. Sen. Obama.

As I see it we can point fingers OR we can look at facts:
Sen. Obama’s recorded votes 
Sen. McCain’s recorded votes

Now my question is what do you see as the difference in their records?  Who has a better track record for consistency, missed votes, who votes primarily with the party vs. bipartisan, etc.?

I’m trying to form a better understanding of why one would pick a specific candidate over the other?

As you can see from my site I have already chosen which candidate I plan on voting for but wonder on what other grounds someone chooses a candidate.  I go by their record, and want to thank The Washington Post for such a comprehensive listing.

Other helpful sites:
http://www.govtrack.us/
http://www.senate.gov/
http://thomas.loc.gov/
http://thomas.loc.gov/home/r110query.html

And many more.  Please feel free to respond with open access lists such as this that track all actions, not just the ones you (dis)agree with.

How to Create an Empty File of Specific Size

Posted in Taz, Technical with tags , , , , , on September 8, 2008 by tazspaz

To create empty file with specific size follow the steps outlined below:

1. Open a command prompt. To do that click Start>Run and type ‘cmd’ (without the quotes).
2. Go to drive on which you want to create that empty file using commands

•cd<name of directory> (with this command you will enter in directory),
•CD\ (with this command you will exit from directory),
If you are in C:\Windows directory, command cd… will return you in C:\. Use command C: as much is necessary to return in root of partition. You can change partition buy typing capital of that partition (D, E, F, G, H etc.) example: if you are in partition C:\ and you want to go in D partition type D:
3. When you are in the root of the partition on which you want to create an empty file in use this next command:
fsutil file createnew FileName Size

4. FileName is where you write a name for your new created file
5. Size is where you can input the size of your newly created file. To calculate the size you can use the formula below:
2 GB = 2 * 1024 = 2048 MB * 1024 = 2097152 KB * 1024 = 2147483648 bite

Example: If you want to create file and setup his size on 2GB you should type 2147483648

6. After these steps the empty file will be created on selected partition with name and size you created during the setup outlined above.
7. It is recommended that you restart you computer before using these files for testing.

Please remember, all technical documents are created “AS IS” and you utilize my advise and experiance at your own risk.  Enjoy!