I would highly recommend making sure that your FSMO role holders are fully connected. But if for some reason this is not possible, below is the answer to your question.
Schema Master - Only needs connectivity if you are updating the schema. Domain Naming Master - Needs full connectivity. If it doesn't then adding/removing domains will fail. RID Master - Needs full connectivity. RID allocation and cross-domain moves will break without this. If RID allocation fails then you will not be able to create security-enabled objects on other domain controllers. PDC emulator - Needs full connectivity, especially if it is the PDC emulator for the first domain installed in the forest. In addition to effectively being the PDC for older clients it is also used for keeping time in synch, ensuring that when a user changes their password they can use it across all domain controllers almost immediately, and is also is involved in keeping account lockout correctly functioning. Infrastructure Master - Probably doesn't need full connectivity, but I haven't ever tested it. There's more information on what all the roles do and their effect of being unreachable at: Windows 2000 Active Directory FSMO Roles http://support.microsoft.com/?scid=kb;EN-US;197132 Active Directory Disaster Recovery http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/support/adrecov.asp I hope this helps.... - Dave ----- Original Message ----- From: "Alex Kulev" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 10:38 AM Subject: [ActiveDir] FSMO roles issue > Hello AD Folks, > > I've got a problem of configuring my firewall. > I need to know what FSMO role holders (PDC Emulator, RID Master, Infrastructure Master, Domain Naming Master, Schema Master ) must be contacted by every DC of the forest. > I heard somewhen the same problem reported. The people told that DCs were still trying to conect to some of the FSMOs but I don't remeber to what of the 5. > And what are the reasons of permanent connectivity to that FSMOs? > > Thanks for your interest. > > -- > Best regards, > Alex Kulev (mailto:[EMAIL PROTECTED]) 06.06.2003, 19:38 > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
