Re: New Domain

Paul:

Just wanted to let you know that the dc's between the domains are talking
fine now. DNS was the issue. I had to use conditional forwarding.

Thanks

"romulus" wrote:

Paul I will try your suggestions and let you know how it goes.

Thanks much

"Paul Bergson [MVP-DS]" wrote:

No, not sure why.

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"romulus" <romulus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3E810DE1-2A11-4B07-BC6C-74A7977208D5@xxxxxxxxxxxxxxxx
Paul:

I used your method for removing AD from the DC's. I was still left with
the
new domain and so removed that as well using the NTDS tool. I promoted
the
DC again for the new domain tree under the existing forest. Now I'm able
to
browse via unc with no problem - Paul thanks.

The issue that I am now having is; when working with groups in the old
domain, under members and then clicking on Add and then selecting the
location by clicking on the locations button(the new domain), the
Locations
window displays the two domains. When I click on th + sign for the new
domain, I do not see any OU objects. When I click on the + sign for the
old
domain, I see all the ou objects.


When logged into the NEW DC (New Domain) I can see both. Do you know why
this is happening?

"romulus" wrote:

thanks much for your help so far. for this test I won't need to copy
anything across. I'm going to try your suggestions so far and let you
know
how it went.

"Paul Bergson [MVP-DS]" wrote:

If you are certain that you don't need to actually copy anything across
and
you want to remove a dc, you could do a force demotion and metadata
cleanup.

dcpromo /forceremoval (On the dc you want to remove)

Metadata cleanup
http://support.microsoft.com/Default.aspx?id=216498

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"romulus" <romulus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25473615-6A86-44CF-9B16-B10AD7578F83@xxxxxxxxxxxxxxxx
Paul:

I would like to start from scratch but I receive the following error
when
I
try to remove the domain:
The operation failed bcause:

Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=OLDDC,DC=org to domain
controller
dc1.olddomain.org.

"The DSA operation is unable to proceed because of a DNS lookup
failure."

do you know how I can fix this?


"Paul Bergson [MVP-DS]" wrote:

Neither, I misunderstood. You have disjoint name space in the same
forest.
So you could just setup secondaries of each other, but I would just
use
the
same dns server within your primary dns server in your original
domain
and
replicate all DC's in your forest to replicate all dns info to all
dc's,
so
the dns servers would cover the zones of both name spaces. Once the
new
domain is online bring up the new dns server on the new dc making
sure
they
are all AD integrated. You should also make sure that the
Infrastruture
Master is not a GC in your original domain. Remember to point your
new
clients to the new dns server within the new domain.

http://technet2.microsoft.com/WindowsServer/en/library/6c0515cf-1719-4bf4-a3c0-7e3514cef6581033.mspx?mfr=true

See ForestWide AD Integrated Zones
http://www.windowsitpro.com/Windows/Articles/ArticleID/40049/pg/2/2.html


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"romulus" <romulus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B93E71FC-E976-4D9E-A25E-F7EBAB33DA20@xxxxxxxxxxxxxxxx
Paul:

Before I start to perform the delegation, which DNS will be
considered
the
child DNS? I called the first domain in the forest olddomain and
the
new
domain tree in the forest the newdomain - This new DC also was
setup
with
DNS
during the DCPROMO.

Regards

"Paul Bergson" wrote:

Did you delegate your child dns namespace to this new dns server?
Otherwise
the parent isn't going to know how to find the child domain.

http://support.microsoft.com/default.aspx?scid=kb;en-us;255248&sd=RMVP



--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

"romulus" <romulus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A5D3AAA1-0645-460A-AC9A-0DEE43CAEB1F@xxxxxxxxxxxxxxxx
Hey everyone:

My company has aquired several other companies and we have
decided
to
start
a new domain. All New client rollouts and member servers will
be
part
of
this new domain. We will gradually migrate users and systems
over
to
the
new
domain.

We need to be able to utilize the resources (e.g. shares )
between
the
two
domains. One way of accessing the resources will be using
UNCs.
Based
on
my
understanding using the dcpromo wizard and New domain tree in
an
existing
forest should do the trick - creating the necessary trust
automatically.

For some reason, things are never quite that simple, Here is
the
problem -
I ran the wizard on a test environment and selected the option
to
create a
new dns. Once the wizard completed, I could access resources
between
domains
through the network neighborhood. I am not able to access the
resources
using the unc such as \\server\share or \\10.1.1.143\share. I
know
I
can
map
a drive, but there may be instances where I would need use the
UNC.
Is
there
any reason why this is happening.

Also in the test invironment, I tried to demote the new domain
and
remove
it
from AD through DCPromo, just as a test and I receive the
following
error:

The operation failed bcause:

Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=OLDDC,DC=org to domain
controller
dc1.olddomain.org.

"The DSA operation is unable to proceed because of a DNS lookup
failure."


Thanks for any help or gudance that can be provded.

regards












.

Loading