Microsoft KB Archive/321212

= Primary domain controller FSMO is not guaranteed even if the ADS_READONLY_SERVER flag is not used =

Article ID: 321212

Article Last Modified on 11/9/2004

-

APPLIES TO


 * Microsoft Active Directory Service Interfaces 2.5
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q321212



SUMMARY
When a server-less bind by using ADSI and the WinNT provider in a Microsoft Windows NT 4.0 domain completes, it targets a primary domain controller. If you do not have to bind to the primary domain controller, you can specify the ADS_READONLY_SERVER flag that targets a backup domain controller or a primary domain controller.

When you are using a WinNT provider, ADSI tries to connect to a primary domain controller or a backup domain controller in a Windows 2000 domain.

However, the same server-less binding in a Windows 2000 domain by using the WinNT provider does not guarantee that the primary domain controller FSMO will be targeted if the ADS_READONLY_SERVER flag is not used. In this case, any domain controller in the Windows 2000 domain may be targeted.

The ADS_READONLY_SERVER flag is more applicable in a Windows NT 4.0 environment, where you have one writable replica (primary domain controller) and several read-only replicas (backup domain controllers). If you do not specify this flag, you might overload your primary domain controller in Windows NT 4.0. The same problem does not exist in Active Directory in Microsoft Windows 2000.



MORE INFORMATION
If you must guarantee that a bind is made to the primary domain controller FSMO in a Windows 2000 domain, you can use IADsTools GetPDCFSMO to determine the primary domain controller FSMO, and then use that server in your bind.

If you want to find a primary domain controller in a Windows NT 4.0 domain, either use IADsWinNTSystemInfo::get_PDC, or call DsGetDCName and then pass the DS_PDC_REQUIRED flag.

