Re: Misconfigured AD
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Thu, 9 Nov 2006 07:16:35 -0600
One ofther thought. Is there a firewall up between the parent and the child
that is having problems?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:eNb3X85AHHA.3396@xxxxxxxxxxxxxxxxxxxxxxx
In news:2B47B68E-970E-4A4E-A1B3-E43DA6C7FCBC@xxxxxxxxxxxxx,
Kelly <Kelly@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on
below:
I know I have AD problems but I have not been able to nail them down.<snipped>
I have a Parent domain with 2 child domains and an exchange server
that resides in the Parent domain. One child is fine. The other has
issues. These issues pop up when I am trying to administer the
exchange permissions. From the parent controller I can pull up the
user in the child domain and I can view the Mailbox Rights but when I
try to add rights I get "The program cannot open the required dialog
box because it cannot determine whether the computer named "domain
controller" is joined to a domain." I hit close and get "Unable to
display the user selection dialog box. The RPC server is
unavailable." I have checked and, according to services, RPC is
running. When I open up the account properties on the mail server I
get "The operation failed. ID no.:80004005. Microsoft Active
Directory - Exchange Extension". When I go into the account
properties on the child domains DC and try to open Mailbox Rights I
get "There is no such object on the server. Facility LDAP provider.
ID no.: 80072030. Microsoft Active Directory - Exchange Extension."
I have run the addiag.exe tool on the DC of the child domain and here
are the results:
I agree with Herb that it's more than likely a DNS misconfiguration.
Whenever an AD function (client looking to logon, opening an MMC to
anything in AD, printer or drive mapping authentication, logging on, etc
etc etc), queries DNS to ask it "Where's a domain controller for my
domain?" If DNS is misconfigured or using an external DNS, it will never
get the answer and authentication fails. RPC server not available is a
result of not finding the server, therefore it cannot connect to the RPC
service on that server.
DNS misconfig can cause mutliple things, such as:
1. Pointing to the wrong DNS (an ISP's perhaps). Never use an outside DNS
or a DNS server that does not host the AD zone or that does not have some
sort of reference to get to the AD zone, such as a conditional forwarder,
stub zone, secondary, etc. An ISP's DNS does NOT have any information
about the internal private domain.
2. Parent/Child DNS misconfiguration. We'll need to know what DNS servers
are being used for the Parent and Child domains, is there a delegation,
forwarding, stubs, etc, to determine this.
3. AD DNS domain name is a single label name. This is VERY problematic.
4. The DCs maybe dual homed. This is very problematic as well.
Can you elaborate with specifics on how DNS is setup between the parent
and child, and what DNS addresses are being used on the child members and
parent members? Easier if you can provide an ipconfig /all from the
following:
Parent domain DC
Parent domain client
Child domain DC
child domain client
Is there a delegation in place from the parent DNS server to the child
DNS?
Stub zones on the parent defiing the child zone?
Primary/Secondary between parent and child?
Keep in mind, this is NOT an Exchange error.
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- Follow-Ups:
- Re: Misconfigured AD
- From: Ace Fekay [MVP]
- Re: Misconfigured AD
- References:
- Re: Misconfigured AD
- From: Ace Fekay [MVP]
- Re: Misconfigured AD
- Prev by Date: Re: Multiple Time Zones in Windows Server 2003 AD
- Next by Date: Re: Moving Windows 2003 Server to a new Hardware of different Specification
- Previous by thread: Re: Misconfigured AD
- Next by thread: Re: Misconfigured AD
- Index(es):
Relevant Pages
|
Loading
