Re: DCPromo or something else?
- From: "Dan Klinge" <Dan.Klinge@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 4 Sep 2006 12:03:07 -0700
Herb,
I understand that that is based on trusts. But it's also based on the
trusts inherent to Domain Forests, no? So, we have one trust and one child
domain. So, Domain1, domain2, domain3, and now OLDdomain (an old
nonexistant domain). We didn't restore from backup but just rebuilt a disk
array.....how it got this old data I have no clue.
Ahh...you may have hit the nail on the head. We have one domain controller
in Virginia (we're in CA) and they shut it down the other day due to
hurricanes. So, CA can't replicate with VA, thus causing problems with the
server that i've been talking about.
Thanks for the info...I'll start running these tests.... Thanks VERY MUCH.
Dan
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OkpXXHF0GHA.1300@xxxxxxxxxxxxxxxxxxxxxxx
"Dan Klinge" <Dan.Klinge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e94IyYE0GHA.4448@xxxxxxxxxxxxxxxxxxxxxxx
Ok.. We've got Multiple trusts so the login screen to Windows Server 2003
has three domains in the domain popdown list. Normally, that is. one of
our AD Controller / DNS servers had some disk trouble and the disks had
to
be rebuilt. The OS came back up fine but there are only two domains in
the
popdown list now.
You mean the logon list at Ctrl-Alt-Del? That is based on trusts.
and only one of those is right. It now has Domain1 and
Olddomain. Olddomain being a domain that we demoted out of existance
about
a year ago.
You restored from backups? How old WERE those backups?
You likely just have a replication problem (if this is not your
only DC). Check replication.
Almost all replication AND authentication (including logon)
problems are really DNS issues.
Now, Do I just DCPromo that machine to demote it and them
DCpromo to promote it to get it back to normal? And, if possible...what
happened here?
That would not be my first thought (although I might do it eventually
if the other DCs of that domain are ok and NOTHING else worked.)
Fix the real problems and this will likely resolve itself.
I also just realized that the server in question is showing old data in
the
ADUC, from the old domain.
What do you mean "old domain" ?
Run DCDiag on each DC.
Consider these key points on DNS for AD:
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
...or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- Follow-Ups:
- Re: DCPromo or something else?
- From: Herb Martin
- Re: DCPromo or something else?
- References:
- DCPromo or something else?
- From: Dan Klinge
- Re: DCPromo or something else?
- From: Herb Martin
- DCPromo or something else?
- Prev by Date: Re: AD installation
- Next by Date: Re: Active Directory could not resolve DNS host name
- Previous by thread: Re: DCPromo or something else?
- Next by thread: Re: DCPromo or something else?
- Index(es):
Relevant Pages
|
