- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Windows Server 2003
- >
- Loss of PDC Emulator Role
Windows Server 2003
1821541
Members
2082
Online
109633
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-28-2004 11:01 PM
тАО11-28-2004 11:01 PM
Loss of PDC Emulator Role
since the loss of an WAN link, 2 windows 2003 sites have become seperated.
They are both in the same domain, and both the domain and the forest are at 2003 functional level.
One site had all the FSMO roles, and that site if fine. The other site has no roles, and I am getting errors from Netlogon about not being able to set up a secure session to the PDC Emulator.
However, the site appears to be servicing logons OK, and I have plenty of RIDs left should I need to create objects in the orphaned site.
When the WAN link comes back, the sites will be reconnected, so any siezing of roles is really out of the question.
So my question is, is it safe to reboot the DCs at the orphaned site, or will they deny logon after I do that?
Does anyone have any good documentation about what the PDC emulator *really* does (i.e. is required to create trusts, not just this downlevel logon and password reset stuff you normally read about)
thank,
sync23
They are both in the same domain, and both the domain and the forest are at 2003 functional level.
One site had all the FSMO roles, and that site if fine. The other site has no roles, and I am getting errors from Netlogon about not being able to set up a secure session to the PDC Emulator.
However, the site appears to be servicing logons OK, and I have plenty of RIDs left should I need to create objects in the orphaned site.
When the WAN link comes back, the sites will be reconnected, so any siezing of roles is really out of the question.
So my question is, is it safe to reboot the DCs at the orphaned site, or will they deny logon after I do that?
Does anyone have any good documentation about what the PDC emulator *really* does (i.e. is required to create trusts, not just this downlevel logon and password reset stuff you normally read about)
thank,
sync23
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2004 03:06 AM
тАО11-30-2004 03:06 AM
Re: Loss of PDC Emulator Role
the PDCEmu does quite a few things.
1) it gets password writes first. when you change a password, it goes to the local DC, then to the PDCEmu immediatly, then through normal replication.
2) it is the authority for the DC computer accounts. if your sites are disconnected for more then 30 days, you WILL have a problem reconnecting them because the computer account passwords would have changed.
3) as you mentioned, downlevel logins.
i THINK you should be ok rebooting the DCs without a connection to the FSMO Masters, but i can't say for certain.
1) it gets password writes first. when you change a password, it goes to the local DC, then to the PDCEmu immediatly, then through normal replication.
2) it is the authority for the DC computer accounts. if your sites are disconnected for more then 30 days, you WILL have a problem reconnecting them because the computer account passwords would have changed.
3) as you mentioned, downlevel logins.
i THINK you should be ok rebooting the DCs without a connection to the FSMO Masters, but i can't say for certain.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2004 03:52 AM
тАО11-30-2004 03:52 AM
Re: Loss of PDC Emulator Role
Who are the FSMO holders When you issue the command:
netdom query fsmo
The PDC Emulator Role handles password changes, enforces account lockout and synchronize time for all DCs in the domain. So if the System clocks become unsynchronized, kerberos may fail and users will not be able to log on.
However, PDC Emulator advertise itself as the Primary domain controller to workstations, member servers, and domain controllers that are running earlier versions than windows 2000 or windows XP.
I think that the Infrastructure Master handles the sites.
Read MS KB 324801
Also, refer to this link for FSMO Roles Best Practices:
http://www.windowsdevcenter.com/lpt/a/4925
Just my $0.02 Cents as usual
netdom query fsmo
The PDC Emulator Role handles password changes, enforces account lockout and synchronize time for all DCs in the domain. So if the System clocks become unsynchronized, kerberos may fail and users will not be able to log on.
However, PDC Emulator advertise itself as the Primary domain controller to workstations, member servers, and domain controllers that are running earlier versions than windows 2000 or windows XP.
I think that the Infrastructure Master handles the sites.
Read MS KB 324801
Also, refer to this link for FSMO Roles Best Practices:
http://www.windowsdevcenter.com/lpt/a/4925
Just my $0.02 Cents as usual
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP