So I was wondering the following, how do all the domain controllers know that the trust is established, since (see previous post) we cannot accurately say which domain controller is being used..

When we have the same problem with user passwords, the PDC gives the vote whether the password (just changed) for the user is valid. The same seems to apply for Trusts. When running a trace while creating the trust on a “regular” domain controller and not the PDC, we can find out how that is accomplished. For this, I have installed a domain controller called MICHDC01 which is on the (newly created) LAKES site.

When creating the trust we see all the traffic as expected, and then after the SMB connection to the domain controller to the other forest we see a call to the local domain PDC (or root domain PDC I would suspect in a forest trust scenario with more domains).

A reply follows from the OCEANDC01 that the connection is open and available

And then the magic happens (sort of), the regular domain controller instructs the PDC to create an External trust

So we see, the PDC does have a role within the creation of trusts, but NOT related to the agreement between the two PDC’s of the domains. After the creation of the trust, it looks like urgent or immediate replication takes place to inform all the domain controllers.