In my first article about using Windows Management Instrumentation (WMI) to monitor data in Active Directory (AD), I discussed three new WMI providers that let you monitor AD group modifications. I explained how WMI represents AD information (see "Using WMI to Monitor AD," April 2004, InstantDoc ID 41835), and I presented a scripting technique to monitor AD groups. In this article, I leverage that information to create a way to monitor modifications made to the five Flexible Single-Master Operation (FSMO) roles so that administrators can be notified when someone moves one of the five FSMO roles from one server to another.
Accessing FSMO Role Information
The FSMO roles are the five crucial roles that one or more AD domain controllers (DCs) perform. For more information about FSMO roles, see "Determining Operations Masters in a Win2K Forest and Domain," February 2002, InstantDoc ID 23403.
The logic and coding techniques for monitoring the FSMO roles are similar to those I describe in the earlier article about monitoring AD groups, except that accessing the FSMO information isn't as straightforward as accessing the AD group information. To access the FSMO role information, you must concurrently access the three AD naming contexts (NCs), which requires a specific WMI setup at the level of the root\directory\LDAP namespace. By default, AD providers access AD information in the default NC, which is the Windows domain in which the accessed DC resides. However, the attributes containing the FSMO information are spread among all three AD NCs, so to monitor all FSMO roles, you must access the configuration and schema NCs too. . . .
Register
