FSMO role involved with AD Trusts

Can someone please state what FSMO role is involved in AD trusts?

The reason I ask this question, is that I moved the 3 domain FSMO roles off 
the forest root DC to another DC and then took down the forest root DC for 
hardware maintenance. During this period, users were unable to log onto apps 
across the trust, but when the forest root DC came back online, the users 
could then log onto the apps again.

This forest root DC just had the Domain Name and Schema roles, which 
shouldn't have caused this problem. I was assuming the Infrastructure Master 
held this cross domain trust role, but it mustn't have -> hmmm :-(

Cheers,
Cosmo
0
Utf
4/21/2010 10:26:01 AM
windows.server.active_director 902 articles. 0 followers. Follow

6 Replies
949 Views

Similar Articles

[PageSpeed] 4

When you brought the FSMO roles DC down was there another DC and GC from the 
root domain available?  Was there another DNS server for the root domain 
available?  I can't think of anything any of the FSMO roles do that would 
impact a trust.

-- 
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups.  This
posting is provided "AS IS" with no warranties and confers no rights.
"Cosmo" <Cosmo@discussions.microsoft.com> wrote in message 
news:DD1D0384-A313-438A-AF05-B2F7EDA16A02@microsoft.com...
> Can someone please state what FSMO role is involved in AD trusts?
>
> The reason I ask this question, is that I moved the 3 domain FSMO roles 
> off
> the forest root DC to another DC and then took down the forest root DC for
> hardware maintenance. During this period, users were unable to log onto 
> apps
> across the trust, but when the forest root DC came back online, the users
> could then log onto the apps again.
>
> This forest root DC just had the Domain Name and Schema roles, which
> shouldn't have caused this problem. I was assuming the Infrastructure 
> Master
> held this cross domain trust role, but it mustn't have -> hmmm :-(
>
> Cheers,
> Cosmo 


0
Paul
4/21/2010 12:11:03 PM
Trust information is stored within the system container of the domain and 
can be managed by any DC.

What is more likely to have caused your problem is DNS.  How are the DCs in 
the other domain resolving your domain?  Are they pointing to DNS on your 
root server?

Best regards
Joe Dunn
MBCS, MCSE, MCTS, CCNA



"Cosmo" wrote:

> Can someone please state what FSMO role is involved in AD trusts?
> 
> The reason I ask this question, is that I moved the 3 domain FSMO roles off 
> the forest root DC to another DC and then took down the forest root DC for 
> hardware maintenance. During this period, users were unable to log onto apps 
> across the trust, but when the forest root DC came back online, the users 
> could then log onto the apps again.
> 
> This forest root DC just had the Domain Name and Schema roles, which 
> shouldn't have caused this problem. I was assuming the Infrastructure Master 
> held this cross domain trust role, but it mustn't have -> hmmm :-(
> 
> Cheers,
> Cosmo
0
Utf
4/21/2010 12:27:01 PM
As everyone else sais ... is more likely a DNS issue.

Andrei Ungureanu
www.winadmins.net

"Paul Bergson [MVP-DS]" <pbbergs@no-spam.msn.com> wrote in message 
news:OGvX4uU4KHA.3728@TK2MSFTNGP06.phx.gbl...
> When you brought the FSMO roles DC down was there another DC and GC from 
> the root domain available?  Was there another DNS server for the root 
> domain available?  I can't think of anything any of the FSMO roles do that 
> would impact a trust.
>
> -- 
> Paul Bergson
> MVP - Directory Services
> MCITP - Enterprise Administrator
> MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
> 2008, Vista, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewGroups.  This
> posting is provided "AS IS" with no warranties and confers no rights.
> "Cosmo" <Cosmo@discussions.microsoft.com> wrote in message 
> news:DD1D0384-A313-438A-AF05-B2F7EDA16A02@microsoft.com...
>> Can someone please state what FSMO role is involved in AD trusts?
>>
>> The reason I ask this question, is that I moved the 3 domain FSMO roles 
>> off
>> the forest root DC to another DC and then took down the forest root DC 
>> for
>> hardware maintenance. During this period, users were unable to log onto 
>> apps
>> across the trust, but when the forest root DC came back online, the users
>> could then log onto the apps again.
>>
>> This forest root DC just had the Domain Name and Schema roles, which
>> shouldn't have caused this problem. I was assuming the Infrastructure 
>> Master
>> held this cross domain trust role, but it mustn't have -> hmmm :-(
>>
>> Cheers,
>> Cosmo
>
> 
0
Andrei
4/21/2010 8:56:43 PM
Thank you all for your response  :-)

I'll look into DNS as the possible root cause.
0
Utf
4/22/2010 9:44:03 PM
On Thu, 22 Apr 2010 14:44:03 -0700, Cosmo
<Cosmo@discussions.microsoft.com> wrote:

>Thank you all for your response  :-)
>
>I'll look into DNS as the possible root cause.

Maybe if you can provide the following, we may be able to help you
diagnose the the problem.

1. An ipconfig /all of the forest root DC, and one of the other DCs
2. How many domains in your forest
3. An ipconfig /all one from one of your workstations
4. How is resolution setup with the partner org (or whoever the other
forest/domain the trust is configured with)
5. Is it a forest or domain to domain trust?

Thanks,



Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
0
Ace
4/23/2010 12:16:00 AM
Hello Cosmo,

As mentioned from the others this sounds more then DNS issue, please make 
sure a DNS server(AD integrated zones are the best option in my opinion) 
is still available when shutting down the root DC.

FSMO roles aren't used for trust connectivity.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm 


> Can someone please state what FSMO role is involved in AD trusts?
> 
> The reason I ask this question, is that I moved the 3 domain FSMO
> roles off the forest root DC to another DC and then took down the
> forest root DC for hardware maintenance. During this period, users
> were unable to log onto apps across the trust, but when the forest
> root DC came back online, the users could then log onto the apps
> again.
> 
> This forest root DC just had the Domain Name and Schema roles, which
> shouldn't have caused this problem. I was assuming the Infrastructure
> Master held this cross domain trust role, but it mustn't have -> hmmm
> :-(
> 
> Cheers,
> Cosmo


0
Meinolf
4/24/2010 10:23:54 AM
Reply:

Similar Artilces:

Adding fields with Modifier
There are several fields we would like to add to the Item Inquiry window - standard cost, price group, list price, item class, UDF1. None are currently included in the Local Fields table. How can I link to these fields to add them to the window? Thanks. -- Jim@TurboChef Jim, I've waited for a better solution before suggesting what I would do to get this done but no one answered yet. I had a similiar situation in Inventory Inquiry window and there was no easy way to get that done. So, I decided to write vb code in Modifier, added labels and fields and then manullay saved and re...

make an AD "contact" appear in GAL?
i need my outlook users to see a persons name and email address when they click the "To" button on a new message but this person does not have a domain account. can i create them as a "contact" in AD and make them appear? or is there a better way to do this? You can create a contact in AD and add the e-mail address of the user. -- Greetings, Hans Sleurink MCSA +M , MCSE 2000 <jjd228@NOSPAMoptonline.net> wrote in message news:EDRgc.61876$_g4.9691579@news4.srv.hcvlny.cv.net... > i need my outlook users to see a persons name and email address when they > cli...

Outlook 2007 keeps repeating/adding send tasks while sending/receiving
Hi all, I have Outlook 2007 installed on a XP pro PC. I have 1 account for a IMAP mailserver and a couple accounts for POP3 mailservers configured. Auto send/receive is disabled at startup (so I have to start in manually). Everything worked fine till some weeks ago. When I hit the send/receive button, all the configured accounts are added to the task list in the send/receive window. After all account are processed, all accounts are added to the task list again for sending, over and over again. I have a screenshot of that on http://www.raadselweb.net/temp/sendreceive.jpg Also, sometimes...

Counting number of items being added in a formula
I want to count the number of items that are being added together in a cell. For example if A1 had =3+5+7, A1 would sum to 15 and I would want B1 to show 3 for the number of items being added. What is the best way to capture this? It's going to depend a lot on the exact formula that you're using to add the numbers. Can you show an example of the formula please? If there is more than one possible formula style, then please show an example of each style. Rgds, ScottO "Lambtwo" <Lambtwo@lamb.com> wrote in message news:K5i9f.370924$tl2.237458@pd7tw3no... | I want t...

Adding email addresses from Excel into Outlook
How do I add multiple email addresses from Excel into an Outlook Distribution list? The only way I know how is by "copy and paste" each and every one in the "Add new" tab in the Outlook Distribution list... sure would save a lot of time. Hi Scooter See http://www.rondebruin.nl/mail/importcontacts.htm -- Regards Ron de Bruin http://www.rondebruin.nl/tips.htm "Scooter" <Scooter@discussions.microsoft.com> wrote in message news:43982BE3-D4D8-4CF2-ABAD-4D705C03E92B@microsoft.com... > How do I add multiple email addresses from Excel ...

Printing Graphs with drawing lines added
I have a graph and I have used the drawing line to add a target. It looks fine on the screen but when I do a print preview or print the line goes away. I have another graph with the same type of drawing line but it will print. I need to know what to do to get the drawing line that is overlayed on the chart to print like my other chart. --- Message posted from http://www.ExcelForum.com/ Instead of drawing a line, you can follow Jon Peltier's instructions to add a line to a chart: http://www.peltiertech.com/Excel/Charts/ComboCharts.html#AddLine For your existing lines, it sounds...

Adding Transactiontype from Journals into Detailed sales report
I am trying to build up a customised active report, and require the transactiontype identified for each transaction. I cant seem to find a link to the Journal table where this info is stored. Any Ideas Try this: LEFT JOIN Journal WITH(NOLOCK) ON Journal.CustomerID = Customer.ID Begin Column FieldName = "Journal.TransactionType" DrillDownFieldName = "" DrillDownReportName = "" Title = "Transaction Type" VBDataType = vbString Formula = "" ColHidden = False ColNotDisplayable = False FilterDisabled = False ColWi...

Adding times 2
I tried the sugestions and it did not work. I have imported this file from and ACD program and them saved it as an Excel worksheet. Then I formatted as suggested and it did not work at all. I did type in a column myself and it worked on that. Any idea why it does not work on the imported columns. I can't firgure it out and it is driving me nuts. Is there something hidden in the column that I cannot see. Help.... When you start a new thread, you make it very difficult to understand what you mean when you refer to previous suggestions (there've been over 400 posts in this gro...

Adding my own window
Hello, How do I add my own window/pane to Outlook 2003 through VB.NET? Thanks in advance Simon Jefferies jefferies_simon@hotmail.com Outlook provides no mechanism to add a new pane, but you could add your = content as an option in the research pane. Hopefully, there are some = examples by now at http://msdn.microsoft.com/office/ --=20 Sue Mosher, Outlook MVP Outlook and Exchange solutions at http://www.slipstick.com Author of Microsoft Outlook Programming: Jumpstart for Administrators, Power Users, and Developers http://www.outlookcode.com/jumpstart.aspx=20 "Simon Je...

adding yes/no field
How do I add a check box field to my query field name to be "Active" I Tried Active:=yes/no,checkbox DIDN't WORK can you fix for me or is it not able to do this THANKS MARSMAN You would add the check box (binary) field to the table the query is based on then it will show in the field list of your query. Name it "active" in the table. -- Milton Purdy ACCESS State of Arkansas "MaRSMAN" wrote: > How do I add a check box field to my query field name to be "Active" > I Tried Active:=yes/no,checkbox DIDN't WORK ...

Question: Exchange and AD
In AD sites and services there is an entry for our exchange 2000 server with a folder called "Exchange Services" under it. Is this left over from an Exchange 5.5 ADC or is it needed for Exchange 2000/2003? We have two exchange server and neither one is a front end server but we only have an entry in AD for one of our servers. If it is needed for Exchange 2000/2003 should there be an entry for the other server? What is the entry in AD used for? ...

Adding GL acct from backend sql serfver?
Hi, I created a new compnay through GPutility. I need to transfer 50 GL accts from an existing company(diff db) to the new company with 0 balance. How do I do this? which tables do i need to transfer(GL00100)? Thanks The easiest way would be to export the data from SQL to a CSV file. Then use the Tools->Integrate->Table Import when you are on the Account Maintenance window. -- Lorren Consulting Technology Lead WennSoft Inc. The views or opinions expressed in this post are mine and not those of WennSoft. "Mecn" wrote: > Hi, I created a new compnay through GPuti...

two CRM User to one AD user
Hi, I Have in MSCRM 30 two users which are connected to the same AD User. The users in MS CRM has the same names two. No I Have a problem with the repair fuktion of MS CRM, the protokol says it is one of this User in MS CRM. How can I delete one of the two users in MS CRM. Thanks you a lot for your helping! Alwin ...

Adding text to CRichEditCtrl
I'm not familiar with CRichEditCtrl but I was looking at it because of the text color possibilities. I was thinking about using it with a serial program to highlight certain words that come across. The only way I know to update the text in the control is with SetWindowText(). But it seems like this applies the current char format to the whole string. Is there a way to 'update' the edit control with a string without having to format the whole buffer? SetSel()/ReplaceSel(). Set the selection to the end of the buffer and the replace the selection. You will find this produces ugly ...

Adding Users to CRM
Hello Installed CRM on a SBS2003 Box with SQL installed on a 2nd Server, We are having problems adding users to CRM, when we use the deployment manager we get a error saying "an error occured while retrieving the list of users from active directory. For more asstistance, contact your system administrator" I have followed the manual though but still we have this error, any idea's? Thanks Liam Broughton Can you publish customizations? We are having the same problem as you (we are using CRM1.2 in an SBS2003 sp1 environment). In addition, publishing customizations...

Problem sending e-mail to users not in AD domain
Hi, Having a big problem at the moment which I hope someone can help with. We are running SBS 2003 with AD and Exchange configured. We have an internal AD domain 'CCM.local' and an Internet domain 'finance.uk.com' which is used for E-mail accounts. We are using the POP3 connector for e-mail accounts which get delivered to local domain accounts. The problem is that in exchange we have configured the FQDN in the SMTP connector which is required as 'finance.uk.com' and this allows e-mails from users within the AD domain to be sent to each other. But we also have e...

Exchange 2003 adding hosting for a second domain name??
Greetings, Im looking how to add a second domain name (email1.com and @email2.com) support to my exchange. it looks like I just add another SMTP connection with the qualified name, (email2.com) but how can I make this or multiple domain names appear in the AD user setup options (default is "@email1.local"). I want to see the drop-down list fill with more domain names for usersetup. we will be hosting several domain names. in t he future and Im getting fustrated with 2003. Help!?? Question #17 at http://www.swinc.com/resources/exchange/faq_db.asp?status=questions&faqID=1001...

Questions re: Adding Distribution Lists to My Contacts Outlook 07
Hello All, Does anyone know how to add an Outlook 2007 distribution list to My Contacts in the Contacts folder? I know that distribution lists default to the Contacts folder when saved, but a student of mine somehow created a couple of distribution lists and they appeared under My Contacts. However, not all the lists she created did so. They were only accessible, as usual, through Contacts. So we'd like to know what she did so we can replicate the process. Also, it would be helpful to know how to move a distribution list from Contacts to My Contacts after it's created. It's...

Disabled account in AD and re-enabled. Now user can't login to Outlook.
A user's account was disabled in Active Directory and then re-enabled a short time later. Now the user cannot login to Outlook. Can anyone tell me why this is happening? Thanks ...

Can't see Dev domain AD users when I create a new CRM user
In CRM 4.0, I am trying to create several new users. I've created them in our Dev domain AD, but CRM can only see users in our production domain. We do have some pre-existing Dev domain users that work fine, so I'm wondering if some setting has gotten out of whack. thanks - Pam well, we had a need to reboot our CRM server, and now this is working. I have no idea why that mattered. ...

Error when assigning a Custom Entity to a Security Role
I'm trying out a Titan VPC. I created a custom entity. When I try to assign it to a role, I get an error message (Error, contact your System Administrator). Anyone has an idea of why this happens? It sounds like a bug... Hi Piri, I tried my VPC [Running 4.0.7219.10] and I could not reproduce any error. I crated a custom entity, added a few attributes, saved and published it. I then created a new security role, then set the perms on the custom entity for that role. (Assuming this is what you meant by assigning it to a role.) I assigned several users to this custom role, and did ...

Disable-based on Adding New Record vs. Editing Existing fields
Is there a way to disable and/or enable the same field(s) based on if a user is editing an existing record or Adding a new record for a given criteria. Here is an example for a given field in a matrix for 3 criteria for the same field. Edit Adding New Record Criteria 1 Yes/Enable No/Disable Criteria 2 Yes/Enable No/Disable Criteria 3 Yes/Enable Yes/Enable Let me know if I can provide any more explanation. Thanks in advance for your assistance. On Wed, 13 Jan 2010 09:28:02 -0800, Steve Stad wrote: > Is there a way to disable and/or en...

Error Installing DPM Agent in non-trusted domain
I am running into an issue with DPM agent working wiht a standalone workstation When I push an agent to a system it always error. i already tried to SetDPMServer command, it cant go thought with the [-updatePassword] -- KT To install the agent on workgroup computers , can you please follow the steps present at: http://technet.microsoft.com/en-us/library/ff634193.aspx -- Thanks, Praveen D [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. DPM Newsgroup will be deprecated very soon. Please start using DPM TechNet forum at:http://...

VbScript to change Access Trust Center to add a Folder.
Running Access 2007 using the old .mdb from Access 2003 my back end is SQL Server 2008. I will be installing Access 2007 onto my users PC. What I need is a script, preferable VBScript, to run, that will add a folder to the trusted location, this folder contains all my databases from Access 2003 and other files. Anyone have a script like that already running? I am sure it wouldn't be too hard, but I am still learning Access 2007. Thanks -- Message posted via AccessMonster.com http://www.accessmonster.com/Uwe/Forums.aspx/access-conversion/200906/1 You can just set it in the Registr...

Adding new Virtual HTTP Server Question
When I add a new Virtual HTTP Server what should the Access rights be set to since there isn't a template to by?? Also once I am using SSL should these access rights be changed? Thanks Andrew ...