Re: Root DC needed in Test Environment

Forgot to mention, you can't (don't) seize the FSMO roles Domain Naming and
Schema since it isn't the root of the forest, but you shouldn't need to have
these roles operable to authenticate to the domain.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:ujxJf9y6IHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Ace,
Are you sure on that? I know you can't change the forest, no new dc's
etc... but how I understand it is should still be operable.

Dean,
Did you have a working dns and was there a Global Catalog server
available? Did any clients in the test lab point to the dns server in the
lab?

I have an article on building a test lab from a production lab, why don't
you read through and see if there is anything that jumps out at you.
Maybe Ace has some additional info I was unaware of, etc...

http://www.pbbergs.com/windows/articles.htm
Select Create a Test AD Domain

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:eOjkW5u6IHA.4596@xxxxxxxxxxxxxxxxxxxxxxx
In news:2D1F94E9-64EB-45D0-B67E-26787DE70D89@xxxxxxxxxxxxx,
dean sheets <deansheets@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Hi,

We have a root domain and 3 sub domains in our forest. Our subdomain
is named americas. ie. americas.rootdomain.com

we recently did a test where we shutdown an americas dc, moved it
into a
test network and then started it up.

We were unable to login to the console until we moved a root dc into
the test lab as well. Also, other servers which we moved into the
test lab didnt allow americas logins either until we moved a root dc
in.

Any ideas why ???

thanks

dean sheets

This is default behavior, whether the DNS settings are pointed to itself
or the forest root server(s). The forest root domain MUST be present,
online and accessible at all times. The forest root contains data, roles
and objects (such as one of the DCs is the Schema Master, and the Domain
Name Master, as well as holds the Enterprise Administrator account,
Configuration Container, and numerous other entities and required
objects), ALL domains, child and the forest root itself, needs access to.
As you've found out, you lose the forest root, you lose the whole forest.
It becomes, for all purposes, inoperable. This fact is one of the basic
facts of AD.

Describing Active Directory Components
http://www.informit.com/articles/article.aspx?p=26896&seqNum=5

I'm sure others may reply offering more info concerning this.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations











.