Re: Forcfully (manually) removing a domain

From: ptwilliams (ptw2001_at_hotmail.com.donotspam)
Date: 12/22/04 

Date: Wed, 22 Dec 2004 01:21:02 -0800

Very interesting indeed!!! So Winlogon doesn't pull the domain name(s) from
WINS? Where does it grab this info. from then? I noticed a forum post
stating that the reg key that I listed in my other post pulls this cache from
WINS -not that I doubt you over them, I'm just interested in all of this -I
like to understand ;-)

Could you explain how MSGINA builds the domain list please Herb? 

--
Paul Williams
http://www.msresource.net/
http://forums.msresource.net/
"Herb Martin" wrote:
> "John Rosenlof" <greyseal96@hotmail.com> wrote in message
> news:O7#tol75EHA.3472@TK2MSFTNGP09.phx.gbl...
> > Thanks for the response.  I appreciate the help.
> > A couple of questions--
> > How long should it take to remove itself from the list?  It's been a few
> > days and it's still there?
> > What is an external trust?
> 
> Generally it should remove on the next boot after
> replication of the DCs.
> 
> Once the DCs don't know about the trust (it is removed)
> and the machine rebuilds (re-queries) from the DCs this
> should go.
> 
> One must wonder if your DCs are replicating and if the
> machines are properly authenticating with (a replicated)
> DC.
> 
> PT mentioned WINS issues but that is generally only
> an issue for domains and servers continuing to show
> up in the BROWSE lists.
> 
> (The code in the GINA which builds the logon list of
> domains does not use directly -- except may to find
> it's own DC.  GINA==logon screen)
> 
> The machines do however remember that list (I believe)
> between boots, in case they are offline, and so it can
> survive reboots if the machine is not authenticating.
> 
> Most authentication problems are really DNS issues
> in Win2000+ Domains:
> 
> DNS for AD
>     1) Dynamic for the zone supporting AD
>     2) All internal DNS clients NIC\IP properties must specify SOLELY
>         that internal, dynamic DNS server (set.)
>     3) DCs and even DNS servers are DNS clients too -- see #2
> 
> Restart NetLogon on any DC if you change any of the above that
> affects a DC and/or use:
> 
>     nltest /dsregdns /server:DC-ServerNameGoesHere
> 
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
> 
> -- 
> Herb Martin
> 
> 
> >
> > Thank you
> > -John
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:#PTT0O75EHA.1120@TK2MSFTNGP11.phx.gbl...
> > > "John Rosenlof" <greyseal96@hotmail.com> wrote in message
> > > news:e7wJ7g55EHA.2124@TK2MSFTNGP15.phx.gbl...
> > > > Hi,
> > > >
> > > > As per the advice that I got here, I followed what KB 216498 said and
> I
> > > > successfully removed a domain from Active Directory.  The domain that
> > was
> > > > removed was had a trust relationship with our current (surviving)
> domain
> > > and
> > > > consequently at the logon screen of the computers it was listed as an
> > > > available domain to log onto.  My question has a couple of parts---1)
> > Now
> > > > that I've removed the trust and the computer metadata from AD, will
> that
> > > > disappear on the workstations, or do I have to manually remove it as
> > well?
> > > > and 2) We want to rejoin the computer that was removed and we want to
> > keep
> > > > the same domain and computer name.  Will this cause any problems if
> that
> > > > domain is still listed on the workstations before it is rejoined?
> > >
> > > It should disappear after the domain and it's trust are gone,
> > > replicated etc.
> > >
> > > IF this was an external trust you should also deleted this
> > > from the machine domain.
> > >
> > > > Thank you in advance for any help that can be given, and let me know
> if
> > I
> > > > outlined our problem clearly.
> > >
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > -John
> > > >
> > > >
> > >
> > >
> >
> >
> 
> 
>

Relevant Pages

  • Re: Slow replication of changes
    ... Are the DCs already physically ... always about "controlling replication across a WAN". ... Check DNS for AD ... Herb Martin, MCSE, MVP ...
    (microsoft.public.win2000.active_directory)
  • Re: AD Integrated DNS - Misconfigured Replication
    ... replication for the child domain is incorrectly configured. ... DNS is child_domain.parent_domain.com. ... created on the child_domain DCs with the replication scheme "All DCs ...
    (microsoft.public.windows.server.dns)
  • Re: Replocation problem
    ... Child domain at branch office is delegating from root dns ... no record of file replication system ... >tree/forest and haven't arranged for ALL DCs to be able to ...
    (microsoft.public.win2000.active_directory)
  • Re: Forcfully (manually) removing a domain
    ... replication of the DCs. ... Once the DCs don't know about the trust ... up in the BROWSE lists. ... DNS for AD ...
    (microsoft.public.win2000.active_directory)
  • Re: DNS replication
    ... > new zone doesn't allowed dynamic updates. ... Directory Integrated Win2k was prone to the DNS island issue that would ... prevent replication throughout the domain because All DC did not have their ... Then restart the Netlogon service on the DCs. ...
    (microsoft.public.windows.server.dns)
Loading