Re: DCPromo or something else?

Tech-Archive recommends: Fix windows errors by optimizing your registry

"Dan Klinge" <Dan.Klinge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OyOKDTF0GHA.3440@xxxxxxxxxxxxxxxxxxxxxxx
Herb,

I understand that that is based on trusts. But it's also based on the
trusts inherent to Domain Forests, no?

Yes, so once you have said "trusts" that covers it.

But don't expect an EXTERNAL trust to be "transitive" to
(have any effect on) any domain in the forest OTHER than
the one which has the external trust out of the forest.


So, we have one trust and one child domain. So, Domain1, domain2,
domain3, and now OLDdomain (an old nonexistant domain). We didn't
restore from backup but just rebuilt a disk array.....how it got this old
data I have no clue.

Domain Trusts in a forest are transitive; external trusts are not.

Ahh...you may have hit the nail on the head. We have one domain
controller in Virginia (we're in CA) and they shut it down the other day
due to hurricanes. So, CA can't replicate with VA, thus causing problems
with the server that i've been talking about.

Fix replication -- which is likely due to DNS problems UNLESS
your WAN is so bad that IP won't route.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]



Thanks for the info...I'll start running these tests.... Thanks VERY
MUCH.


Dan



"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OkpXXHF0GHA.1300@xxxxxxxxxxxxxxxxxxxxxxx
"Dan Klinge" <Dan.Klinge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e94IyYE0GHA.4448@xxxxxxxxxxxxxxxxxxxxxxx
Ok.. We've got Multiple trusts so the login screen to Windows Server
2003
has three domains in the domain popdown list. Normally, that is. one
of
our AD Controller / DNS servers had some disk trouble and the disks had
to
be rebuilt. The OS came back up fine but there are only two domains in
the
popdown list now.

You mean the logon list at Ctrl-Alt-Del? That is based on trusts.

and only one of those is right. It now has Domain1 and
Olddomain. Olddomain being a domain that we demoted out of existance
about
a year ago.

You restored from backups? How old WERE those backups?

You likely just have a replication problem (if this is not your
only DC). Check replication.

Almost all replication AND authentication (including logon)
problems are really DNS issues.

Now, Do I just DCPromo that machine to demote it and them
DCpromo to promote it to get it back to normal? And, if possible...what
happened here?

That would not be my first thought (although I might do it eventually
if the other DCs of that domain are ok and NOTHING else worked.)

Fix the real problems and this will likely resolve itself.

I also just realized that the server in question is showing old data in
the
ADUC, from the old domain.

What do you mean "old domain" ?

Run DCDiag on each DC.

Consider these key points on DNS for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]






.

Relevant Pages

  • RE: Are you able to prune and graft domains with ADMT?
    ... As jwd points out you would have to migrate the domains, ... The key here is to use the NETDOM tool to create the domain trusts as ... DNS FQDN. ... If you do create a whole new forest with europe.com as the root and child ...
    (microsoft.public.windows.server.active_directory)
  • Re: DCPromo or something else?
    ... I understand that that is based on trusts. ... our AD Controller / DNS servers had some disk trouble and the disks had ... You likely just have a replication problem (if this is not your ... problems are really DNS issues. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Trust problems with Server 2003
    ... There is no problem to create more child domains in one forest. ... Frequently Asked Questions About Windows 2000 DNS and Windows Server ... > The trusts are replicating fine now. ...
    (microsoft.public.windows.server.migration)
  • Re: Windows Server 2003 domain trust issue
    ... at the start of play yesterday we were lacking DNS resolution in one ... That was tracked down to the Watchguard firewall at the remote end ... checking the status of the listed ports. ... Were the trusts created in BOTH directions? ...
    (microsoft.public.windows.server.dns)
  • Re: Forcfully (manually) removing a domain
    ... I found a setting in the registry that contains the domains listed at the ... >> I went in and changed the DNS settings to what you instructed. ... The reverse lookup zones were not doing it for our ... > Those domains may still be listed in the trusts. ...
    (microsoft.public.win2000.active_directory)