Use this Knowledge Script to monitor access to the domain controllers that have been given any Flexible Single Master Operations (FSMO) role. FSMO roles include:
Schema Master
Domain Naming Master
Primary Domain Controller (PDC) emulator
Relative ID (RID) Master
Infrastructure Master
This script uses the Active Directory Service Interface (ADSI) and attempts to connect to each domain controller that is serving an FSMO role. In addition, this script raises an event if the connection fails for any domain controller holding an Operations Master role. The event detail message identifies the domain controller that failed to respond and its FSMO role.
The Knowledge Script job delegation feature is implemented differently in this script than in other scripts. Unlike other scripts, FSMOHealth performs a connectivity check. For obvious reasons, you do not want it merely to perform a connectivity self-check on the domain controller (DC) to which the job has been delegated.
When enabling job delegation for AD_FSMOHealth, you are not asked to select the role holder to which the monitoring job is to be delegated. Instead, this script runs on every domain FSMO role holder: the IM, PDC, and RID. If one DC in the domain holds all of the roles, another DC in the domain is selected to connect to the Operations Master.
NOTE:Having only one DC in a domain is not a recommended Active Directory practice. Redundancy for the domain partition is recommended, and a lack of redundancy for a domain partition is identified by the replication monitoring feature of the ServerHealth Knowledge Script.
Deploy this script to one DC per domain, selecting a DC that does not hold any of the domain FSMO roles. If no such DC exists (say, if you have three or fewer DCs and each holds a domain FSMO role), then deploy this script to every DC. As they each hold a domain FSMO role, they will check each other.
Exercise care in selecting the DCs to be monitored and deploying the job to those DCs. Consider creating a custom server group for this script unless you enable job delegation. If you change the domain FSMO role holders, modify the server group accordingly.
Active Directory domain
The default interval for this script is Every 10 minutes.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
General Settings |
|
|
Raise event if job fails |
|
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the FSMOHealth job fails. The default is 35. |
|
Monitor connectivity to FSMO role holders |
|
|
Enable job delegation? |
Select Yes to enable the delegation of the job to another server where appropriate. If enabled, the runs job on each DC that holds a domain FSMO role. The default is unselected. For more information, see Section 3.1, AD Knowledge Script Job Delegation. |
|
Raise event when DC assumes this role? |
If you enabled job delegation, set to Yes to raise events if the DC assumes a domain FSMO role. The event indicates that the monitored computer has assumed a domain FSMO role. The default is Yes. |
|
Event severity when DC assumes this role |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the DC assumes a domain FSMO role. The default is 30. |
|
Raise event when DC relinquishes this role? |
If you enabled job delegation, set to Yes to raise events if the DC gives up a domain FSMO role. The event indicates that the monitored computer has relinquished the selected role. The default is Yes. |
|
Event severity when DC relinquishes this role |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the DC relinquishes a domain FSMO role. The default is 30. |
|
Event Notification |
|
|
Raise event if domain controller inaccessible? |
Select Yes to raise an event if a DC that holds a FSMO role is inaccessible. The default is Yes. |
|
Event severity when domain controller inaccessible |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a DC that holds a FSMO role is inaccessible. The default is 10. |
|
Data Collection |
|
|
Collect data for inaccessible DC and its role? |
Select Yes to collect data for charts and reports. If enabled, data collection returns a value of 100 if there is no change to the FMSO roles, or a value of 0 if there has been a change during the interval. The default is unselected. |