The two Forest level FSMO role holders are the Schema Master (which holds the writable copy of the Schema) and the Domain Naming Master (which prevents naming collisions when altering domains). You don't need either to authenticate users.
Cheers Ken From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Friday, 16 May 2008 10:37 AM To: NT System Admin Issues Subject: RE: Missing dedicated forest root DC I would think not b\c the two forest level FSMO DCs would need to be online, right? Shook ________________________________ From: RM [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 8:26 PM To: NT System Admin Issues Subject: Missing dedicated forest root DC Guys, quick question... We're doing a mock disaster recovery here. Can we spin up a child dc without also spinning up a DFR dc and get it to work well enough to start AD, authenticate users, etc? We've tried it already and it hasn't worked so far. I suspect it's due to the lack of an accessible _msdcs zone. Thanks! ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
