FSMO role involved with AD Trusts

Can someone please state what FSMO role is involved in AD trusts?

The reason I ask this question, is that I moved the 3 domain FSMO roles off
the forest root DC to another DC and then took down the forest root DC for
hardware maintenance. During this period, users were unable to log onto apps
across the trust, but when the forest root DC came back online, the users
could then log onto the apps again.

This forest root DC just had the Domain Name and Schema roles, which
shouldn't have caused this problem. I was assuming the Infrastructure Master
held this cross domain trust role, but it mustn't have -> hmmm :-(

Cheers,
Cosmo

When you brought the FSMO roles DC down was there another DC and GC from the
root domain available? Was there another DNS server for the root domain
available? I can't think of anything any of the FSMO roles do that would
impact a trust.

--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"Cosmo" <> wrote in message
newsD1D0384-A313-438A-AF05-...
> Can someone please state what FSMO role is involved in AD trusts?
>
> The reason I ask this question, is that I moved the 3 domain FSMO roles
> off
> the forest root DC to another DC and then took down the forest root DC for
> hardware maintenance. During this period, users were unable to log onto
> apps
> across the trust, but when the forest root DC came back online, the users
> could then log onto the apps again.
>
> This forest root DC just had the Domain Name and Schema roles, which
> shouldn't have caused this problem. I was assuming the Infrastructure
> Master
> held this cross domain trust role, but it mustn't have -> hmmm :-(
>
> Cheers,
> Cosmo

Trust information is stored within the system container of the domain and
can be managed by any DC.

What is more likely to have caused your problem is DNS. How are the DCs in
the other domain resolving your domain? Are they pointing to DNS on your
root server?

Best regards
Joe Dunn
MBCS, MCSE, MCTS, CCNA



"Cosmo" wrote:

> Can someone please state what FSMO role is involved in AD trusts?
>
> The reason I ask this question, is that I moved the 3 domain FSMO roles off
> the forest root DC to another DC and then took down the forest root DC for
> hardware maintenance. During this period, users were unable to log onto apps
> across the trust, but when the forest root DC came back online, the users
> could then log onto the apps again.
>
> This forest root DC just had the Domain Name and Schema roles, which
> shouldn't have caused this problem. I was assuming the Infrastructure Master
> held this cross domain trust role, but it mustn't have -> hmmm :-(
>
> Cheers,
> Cosmo

As everyone else sais ... is more likely a DNS issue.

Andrei Ungureanu
www.winadmins.net

"Paul Bergson [MVP-DS]" <> wrote in message
news:...
> When you brought the FSMO roles DC down was there another DC and GC from
> the root domain available? Was there another DNS server for the root
> domain available? I can't think of anything any of the FSMO roles do that
> would impact a trust.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCITP - Enterprise Administrator
> MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
> 2008, Vista, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewGroups. This
> posting is provided "AS IS" with no warranties and confers no rights.
> "Cosmo" <> wrote in message
> newsD1D0384-A313-438A-AF05-...
>> Can someone please state what FSMO role is involved in AD trusts?
>>
>> The reason I ask this question, is that I moved the 3 domain FSMO roles
>> off
>> the forest root DC to another DC and then took down the forest root DC
>> for
>> hardware maintenance. During this period, users were unable to log onto
>> apps
>> across the trust, but when the forest root DC came back online, the users
>> could then log onto the apps again.
>>
>> This forest root DC just had the Domain Name and Schema roles, which
>> shouldn't have caused this problem. I was assuming the Infrastructure
>> Master
>> held this cross domain trust role, but it mustn't have -> hmmm :-(
>>
>> Cheers,
>> Cosmo
>
>

Thank you all for your response :-)

I'll look into DNS as the possible root cause.

On Thu, 22 Apr 2010 14:44:03 -0700, Cosmo
<> wrote:

>Thank you all for your response :-)
>
>I'll look into DNS as the possible root cause.

Maybe if you can provide the following, we may be able to help you
diagnose the the problem.

1. An ipconfig /all of the forest root DC, and one of the other DCs
2. How many domains in your forest
3. An ipconfig /all one from one of your workstations
4. How is resolution setup with the partner org (or whoever the other
forest/domain the trust is configured with)
5. Is it a forest or domain to domain trust?

Thanks,



Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Hello Cosmo,

As mentioned from the others this sounds more then DNS issue, please make
sure a DNS server(AD integrated zones are the best option in my opinion)
is still available when shutting down the root DC.

FSMO roles aren't used for trust connectivity.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Can someone please state what FSMO role is involved in AD trusts?
>
> The reason I ask this question, is that I moved the 3 domain FSMO
> roles off the forest root DC to another DC and then took down the
> forest root DC for hardware maintenance. During this period, users
> were unable to log onto apps across the trust, but when the forest
> root DC came back online, the users could then log onto the apps
> again.
>
> This forest root DC just had the Domain Name and Schema roles, which
> shouldn't have caused this problem. I was assuming the Infrastructure
> Master held this cross domain trust role, but it mustn't have -> hmmm
> :-(
>
> Cheers,
> Cosm