GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Forest Level FSMO Roles preventing AD and DNS starting

Home Forums Microsoft Networking and Management Services Active Directory Forest Level FSMO Roles preventing AD and DNS starting

Viewing 1 post (of 1 total)
  • Author
  • Avatar


    I’ve got a kind of unusual problem in my production environment that I can’t seem to find any information online about. Maybe someone on the forum has come across it before. It is as follows:

    In my environment I have 3 domains in 1 forest:;; These 3 domains are sibling domains. There are no servers in the domain. The 5 FSMO roles are held by a DC in domain.

    While doing a cold site disaster recovery I noticed the server with the 5 FSMO would reboot after the restore and AD and DNS would load fine but on subsequent reboots it would take up to 10 minutes to reach the login screen and then AD and DNS would not load. In this cold site only 1 DC is being restored. In network settings it points to itself for DNS.

    I’ve finally narrowed it down to the Schema Master and Domain Naming Master roles causing the problem. If any DC in our environment has these roles it will not load AD or DNS if it cannot contact andother DC/DNS server. I narrowed it down this far by restoring another DC in our test environment and that restore went ok so then started transferring FSMO roles to this 2nd recovered DC. The RID, PDC and Infrastructure roles transferred ok and the 2nd DC still loaded AD and DNS. Once I transferred either the Schema Master or Domain Naming master role to this 2nd DC it stopped booting on it’s own. I then tried transferring the Schema Master and Domain Naming Master roles to the 2nd DC while leaving the PDC, RID and infrastructure roles on the 1st DC and the 1st DC then was able to load AD and DNS without having to be in contact with another DC/DNS server. The 2nd DC would now not load AD or DNS since it had the 2 forest level FSMO roles.

    This is not a serious problem in our day to day environment as there are a number of DC/DNS servers but it is still troubling and I would like to get to the bottom of it.

    I’ve tried running Active Directory Schema Diagnose from and everything that tested passed ok.

    Has anyone else ever encountered a domain with a DC that would not load AD or DNS due to the Forest Level FSMO roles, Schema and Domain nameing master? Does anyone have any suggestions of some more checks I could run?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.