Re: AD misbehaving

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Thank you Tom and Ryan,

Side note -> I HATE DNS.

All of my servers except one are Global Catalogs. The one that is not
is the infrastructure master. Last year when I checked Microsoft
still didn't have their story straight about whether it was OK for the
IM to be a GC too. It didn't seem to matter either way.

All DCs are AD DNS intergrated. All DCs point to thmeselves first
then to my main Admin DC second. All clients point to the local DC
first and the main second.

I'll check on my servers to see where they are pointing adn if they
can ping them.

Thanks!

Fred



On Mon, 22 Oct 2007 19:43:02 -0700, Ryan Hanisco
<RyanHanisco@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Tango,

As Tomasz points out the biggest culprit here is probably your DNS. In your
environment, you would want your domain controllers all set up as DNS servers
hosting AD integrated DNS. You would also probably want them all as GCs as
well, though there are some other considerations there too if you have trusts
or Exchange in the mix.

In this way, you would have your workstations pointing at local DNS servers
before pointing at the Central DNS, that way they hardly notice the downed
core. You will have some longer logon times, GPO issues, and the inability
to change passwords as the PDCe will be unreachable.

You also might consider the network structure. If the network (WAN) is a
star, then they can't reach the secondary sites making the network stop.
Generally, you declare a failover site and have secondary PVCs or MPLS links
to that site to provide hot failover of services.

You would also do well to look at your site layout to be sure that the
workstations are associated with remote DCs that are close to them (in
network hops) and have links to additional available sites. You can also
check the overall health with DCDiag and NETDiag.

This should get you in the right direction and ready for the next outage.
.

Relevant Pages

  • Re: Help with initial small org AD setup convention when using DMZ network
    ... Consider using Dynamic DNS internally (aka Active Directory Integrated ... > firewall which then connects the public IP dmz network to a private IP ... > domain name for such subnets based on the nearest airport code, ... > servers to serve acme.com names for external users. ...
    (microsoft.public.win2000.active_directory)
  • Help with initial small org AD setup convention when using DMZ network
    ... firewall which then connects the public IP dmz network to a private IP ... domain name for such subnets based on the nearest airport code, ... Yahoo to manage my externally-visible DNS names on the acme.com domain. ... and servers that use this domain, ...
    (microsoft.public.win2000.active_directory)
  • Re: Change IP subnet for a site
    ... > The only problem being that the network is part of a private network in ... > clients are connected, but I have to allow for the possibility that they ... >>> servers. ... >>> DNS to ensure proper DNS registration. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Creating a new AD
    ... "Jorge Silva" wrote: ... I have pulled this setup from a different network and want to configure it ... I tried to change the ip setup on all these servers and restarted dns and ... i did a dnsflush and dns register and i am still not ...
    (microsoft.public.windows.server.active_directory)
  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)