|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
What am I missing?In my production envir. we have one forest with empty root domain and one child domain. All servers and users are sitting in the child domain. (windows 2003 R2 envir.) I dcpromo one root domain controller and one child domain controller in the production envir. then I connect these two domain controllers in my test envir. Then I seize all roles (5 roles) on the root domain controller and seize 3 roles on the child domain controller. Later, I was able to introduce additional root and child domain controllers in my test envir. But, when I check the Active Directory sites and services, the newly promoted child domain controller ony shows in the active directory sites and services of child domain but does not show in the active directory sites and services of root domain. viceversa, the newly created additional root domain controller does not show up in the active directory sites and services of child domain??? What am I missing? > I dcpromo one root domain controller and one child domain controller If you dcpromo one root domain controller (you removed AD and now this is a > in the production envir. then I connect these two domain controllers > in my test envir. Then I seize all roles (5 roles) on the root domain > controller and seize 3 roles on the child domain controller. member server) and one child domain controller (you removed AD and now this is a member server) Then you connect the two domain controllers in your test enviornment. If you ran dcpromo on the two servers you connected, they are no longer Domain Controllers. If you ran dcpromo a second time before you "connected" them you probably have created 2 new domains that don't have the parent child relationship. hth DDS Show quoteHide quote "John" <J***@discussions.microsoft.com> wrote in message news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >I am duplicating production envir. to my test environment. > In my production envir. we have one forest with empty root > domain and one child domain. All servers and users are sitting > in the child domain. (windows 2003 R2 envir.) > > I dcpromo one root domain controller and one child domain controller > in the production envir. then I connect these two domain controllers > in my test envir. Then I seize all roles (5 roles) on the root domain > controller and seize 3 roles on the child domain controller. > > Later, I was able to introduce additional root and child domain > controllers > in my test envir. But, when I check the Active Directory sites and > services, > the newly promoted child domain controller ony shows in the active > directory > sites and services of child domain but does not show in the active > directory > sites and services of root domain. viceversa, the newly created > additional > root domain controller does not show up in the active directory sites and > services > of child domain??? > > What am I missing? > Thank you and sorry about the misunderstanding.
> > I dcpromo one root domain controller and one child domain controller I mean I run dcpromo on these two member servers and make them root doamin > > in the production envir. then I connect these two domain controllers > > in my test envir. Then I seize all roles (5 roles) on the root domain > > controller and seize 3 roles on the child domain controller. > I dcpromo one root domain controller and one child domain controller > > in the production envir. controller and child domain controller. It should work, right. any steps I am missing? Show quoteHide quote "Danny Sanders" wrote: > > I dcpromo one root domain controller and one child domain controller > > in the production envir. then I connect these two domain controllers > > in my test envir. Then I seize all roles (5 roles) on the root domain > > controller and seize 3 roles on the child domain controller. > > > If you dcpromo one root domain controller (you removed AD and now this is a > member server) and one child domain controller (you removed AD and now this > is a member server) Then you connect the two domain controllers in your test > enviornment. If you ran dcpromo on the two servers you connected, they are > no longer Domain Controllers. If you ran dcpromo a second time before you > "connected" them you probably have created 2 new domains that don't have the > parent child relationship. > > hth > DDS > > "John" <J***@discussions.microsoft.com> wrote in message > news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... > >I am duplicating production envir. to my test environment. > > In my production envir. we have one forest with empty root > > domain and one child domain. All servers and users are sitting > > in the child domain. (windows 2003 R2 envir.) > > > > I dcpromo one root domain controller and one child domain controller > > in the production envir. then I connect these two domain controllers > > in my test envir. Then I seize all roles (5 roles) on the root domain > > controller and seize 3 roles on the child domain controller. > > > > Later, I was able to introduce additional root and child domain > > controllers > > in my test envir. But, when I check the Active Directory sites and > > services, > > the newly promoted child domain controller ony shows in the active > > directory > > sites and services of child domain but does not show in the active > > directory > > sites and services of root domain. viceversa, the newly created > > additional > > root domain controller does not show up in the active directory sites and > > services > > of child domain??? > > > > What am I missing? > > > > It should work, right. any steps I am missing? Never tried it but I think it should work. Did you set up DNS in your test enviornment? hth DDS Show quoteHide quote "Jane" <J***@discussions.microsoft.com> wrote in message news:F66EAB1C-4431-4CF4-8870-9C2A8911402D@microsoft.com... > Thank you and sorry about the misunderstanding. > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. > >> I dcpromo one root domain controller and one child domain controller >> > in the production envir. > > I mean I run dcpromo on these two member servers and make them root doamin > controller and child domain controller. > > It should work, right. any steps I am missing? > > > > > > > > > > "Danny Sanders" wrote: > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> >> >> If you dcpromo one root domain controller (you removed AD and now this is >> a >> member server) and one child domain controller (you removed AD and now >> this >> is a member server) Then you connect the two domain controllers in your >> test >> enviornment. If you ran dcpromo on the two servers you connected, they >> are >> no longer Domain Controllers. If you ran dcpromo a second time before you >> "connected" them you probably have created 2 new domains that don't have >> the >> parent child relationship. >> >> hth >> DDS >> >> "John" <J***@discussions.microsoft.com> wrote in message >> news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >> >I am duplicating production envir. to my test environment. >> > In my production envir. we have one forest with empty root >> > domain and one child domain. All servers and users are sitting >> > in the child domain. (windows 2003 R2 envir.) >> > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> > >> > Later, I was able to introduce additional root and child domain >> > controllers >> > in my test envir. But, when I check the Active Directory sites and >> > services, >> > the newly promoted child domain controller ony shows in the active >> > directory >> > sites and services of child domain but does not show in the active >> > directory >> > sites and services of root domain. viceversa, the newly created >> > additional >> > root domain controller does not show up in the active directory sites >> > and >> > services >> > of child domain??? >> > >> > What am I missing? >> > >> Thank you.
Probably, by mistae I metadata cleanup the wrong domain controller. Now, I can see the domain controller shows LostandFindConfig container of adsiedit.msc. If I use adsiedit.msc and I can see several objets in the CN=NTDS Settings, CN=LostandFoundConfig, CN=Configuration, DC=company,dc=local, Do you know whether there is a way to recover from LostAndFoundConfig? Thank you! Show quoteHide quote "Danny Sanders" wrote: > > I dcpromo one root domain controller and one child domain controller > > in the production envir. then I connect these two domain controllers > > in my test envir. Then I seize all roles (5 roles) on the root domain > > controller and seize 3 roles on the child domain controller. > > > If you dcpromo one root domain controller (you removed AD and now this is a > member server) and one child domain controller (you removed AD and now this > is a member server) Then you connect the two domain controllers in your test > enviornment. If you ran dcpromo on the two servers you connected, they are > no longer Domain Controllers. If you ran dcpromo a second time before you > "connected" them you probably have created 2 new domains that don't have the > parent child relationship. > > hth > DDS > > "John" <J***@discussions.microsoft.com> wrote in message > news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... > >I am duplicating production envir. to my test environment. > > In my production envir. we have one forest with empty root > > domain and one child domain. All servers and users are sitting > > in the child domain. (windows 2003 R2 envir.) > > > > I dcpromo one root domain controller and one child domain controller > > in the production envir. then I connect these two domain controllers > > in my test envir. Then I seize all roles (5 roles) on the root domain > > controller and seize 3 roles on the child domain controller. > > > > Later, I was able to introduce additional root and child domain > > controllers > > in my test envir. But, when I check the Active Directory sites and > > services, > > the newly promoted child domain controller ony shows in the active > > directory > > sites and services of child domain but does not show in the active > > directory > > sites and services of root domain. viceversa, the newly created > > additional > > root domain controller does not show up in the active directory sites and > > services > > of child domain??? > > > > What am I missing? > > > Not sure if you can restore them from that container. Everything I see is
talking about deleting them. hth DDS Show quoteHide quote "John" <J***@discussions.microsoft.com> wrote in message news:063D83BB-5371-4FC0-9638-28402F14A5B8@microsoft.com... > Thank you. > > Probably, by mistae I metadata cleanup the wrong domain controller. > > Now, I can see the domain controller shows LostandFindConfig container of > adsiedit.msc. > > If I use adsiedit.msc and I can see several objets in the CN=NTDS > Settings, > CN=LostandFoundConfig, CN=Configuration, DC=company,dc=local, > > Do you know whether there is a way to recover from LostAndFoundConfig? > > Thank you! > > > > > > "Danny Sanders" wrote: > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> >> >> If you dcpromo one root domain controller (you removed AD and now this is >> a >> member server) and one child domain controller (you removed AD and now >> this >> is a member server) Then you connect the two domain controllers in your >> test >> enviornment. If you ran dcpromo on the two servers you connected, they >> are >> no longer Domain Controllers. If you ran dcpromo a second time before you >> "connected" them you probably have created 2 new domains that don't have >> the >> parent child relationship. >> >> hth >> DDS >> >> "John" <J***@discussions.microsoft.com> wrote in message >> news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >> >I am duplicating production envir. to my test environment. >> > In my production envir. we have one forest with empty root >> > domain and one child domain. All servers and users are sitting >> > in the child domain. (windows 2003 R2 envir.) >> > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> > >> > Later, I was able to introduce additional root and child domain >> > controllers >> > in my test envir. But, when I check the Active Directory sites and >> > services, >> > the newly promoted child domain controller ony shows in the active >> > directory >> > sites and services of child domain but does not show in the active >> > directory >> > sites and services of root domain. viceversa, the newly created >> > additional >> > root domain controller does not show up in the active directory sites >> > and >> > services >> > of child domain??? >> > >> > What am I missing? >> > >> If you did a metadata cleanup on the wrong DC, you won;t be able to recover
it other than through tape restore. -- Show quoteHide quotePaul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "John" <J***@discussions.microsoft.com> wrote in message news:063D83BB-5371-4FC0-9638-28402F14A5B8@microsoft.com... > Thank you. > > Probably, by mistae I metadata cleanup the wrong domain controller. > > Now, I can see the domain controller shows LostandFindConfig container of > adsiedit.msc. > > If I use adsiedit.msc and I can see several objets in the CN=NTDS > Settings, > CN=LostandFoundConfig, CN=Configuration, DC=company,dc=local, > > Do you know whether there is a way to recover from LostAndFoundConfig? > > Thank you! > > > > > > "Danny Sanders" wrote: > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> >> >> If you dcpromo one root domain controller (you removed AD and now this is >> a >> member server) and one child domain controller (you removed AD and now >> this >> is a member server) Then you connect the two domain controllers in your >> test >> enviornment. If you ran dcpromo on the two servers you connected, they >> are >> no longer Domain Controllers. If you ran dcpromo a second time before you >> "connected" them you probably have created 2 new domains that don't have >> the >> parent child relationship. >> >> hth >> DDS >> >> "John" <J***@discussions.microsoft.com> wrote in message >> news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >> >I am duplicating production envir. to my test environment. >> > In my production envir. we have one forest with empty root >> > domain and one child domain. All servers and users are sitting >> > in the child domain. (windows 2003 R2 envir.) >> > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> > >> > Later, I was able to introduce additional root and child domain >> > controllers >> > in my test envir. But, when I check the Active Directory sites and >> > services, >> > the newly promoted child domain controller ony shows in the active >> > directory >> > sites and services of child domain but does not show in the active >> > directory >> > sites and services of root domain. viceversa, the newly created >> > additional >> > root domain controller does not show up in the active directory sites >> > and >> > services >> > of child domain??? >> > >> > What am I missing? >> > >> If you did a metadata cleanup on the wrong DC, you won't be able to recover
it other than through tape restore. -- Show quoteHide quotePaul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "John" <J***@discussions.microsoft.com> wrote in message news:063D83BB-5371-4FC0-9638-28402F14A5B8@microsoft.com... > Thank you. > > Probably, by mistae I metadata cleanup the wrong domain controller. > > Now, I can see the domain controller shows LostandFindConfig container of > adsiedit.msc. > > If I use adsiedit.msc and I can see several objets in the CN=NTDS > Settings, > CN=LostandFoundConfig, CN=Configuration, DC=company,dc=local, > > Do you know whether there is a way to recover from LostAndFoundConfig? > > Thank you! > > > > > > "Danny Sanders" wrote: > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> >> >> If you dcpromo one root domain controller (you removed AD and now this is >> a >> member server) and one child domain controller (you removed AD and now >> this >> is a member server) Then you connect the two domain controllers in your >> test >> enviornment. If you ran dcpromo on the two servers you connected, they >> are >> no longer Domain Controllers. If you ran dcpromo a second time before you >> "connected" them you probably have created 2 new domains that don't have >> the >> parent child relationship. >> >> hth >> DDS >> >> "John" <J***@discussions.microsoft.com> wrote in message >> news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >> >I am duplicating production envir. to my test environment. >> > In my production envir. we have one forest with empty root >> > domain and one child domain. All servers and users are sitting >> > in the child domain. (windows 2003 R2 envir.) >> > >> > I dcpromo one root domain controller and one child domain controller >> > in the production envir. then I connect these two domain controllers >> > in my test envir. Then I seize all roles (5 roles) on the root domain >> > controller and seize 3 roles on the child domain controller. >> > >> > Later, I was able to introduce additional root and child domain >> > controllers >> > in my test envir. But, when I check the Active Directory sites and >> > services, >> > the newly promoted child domain controller ony shows in the active >> > directory >> > sites and services of child domain but does not show in the active >> > directory >> > sites and services of root domain. viceversa, the newly created >> > additional >> > root domain controller does not show up in the active directory sites >> > and >> > services >> > of child domain??? >> > >> > What am I missing? >> > >> I have an article on creating a test domain at
http://www.pbbergs.com/windows/articles.htm Select Create a Test AD Domain -- Show quoteHide quotePaul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "John" <J***@discussions.microsoft.com> wrote in message news:F53E21F1-3233-4A39-A6E3-071A5AF82317@microsoft.com... >I am duplicating production envir. to my test environment. > In my production envir. we have one forest with empty root > domain and one child domain. All servers and users are sitting > in the child domain. (windows 2003 R2 envir.) > > I dcpromo one root domain controller and one child domain controller > in the production envir. then I connect these two domain controllers > in my test envir. Then I seize all roles (5 roles) on the root domain > controller and seize 3 roles on the child domain controller. > > Later, I was able to introduce additional root and child domain > controllers > in my test envir. But, when I check the Active Directory sites and > services, > the newly promoted child domain controller ony shows in the active > directory > sites and services of child domain but does not show in the active > directory > sites and services of root domain. viceversa, the newly created > additional > root domain controller does not show up in the active directory sites and > services > of child domain??? > > What am I missing? > Hi John
Are you certain that you removed the wrong DC with Metadata Cleanup, it the answer is no, then repliation between the root and child domains is not working. You need to to ensure the DNS partitions are updating and that forwarding should be set form child to root and reverse if the domain local DNS zones are in default DomainDNSZones Partitions, and that the _MSDCS.DOMAIN.EXAMPLE.COM has replicattion set to thr Forest scope, eg: in the ForestDNSZones NC/Partition. Add a test entry host on the root DC and wait +- 15 seconds for Intrasite Replication to complete, + 3 seconds extra for every other DC in the same site. If the child domain is not receiving the updates new host entry, then since it is a lab, delete the child domains _msdcs.*.* and set forwarding to the Root DC for the _MSDCS zone or create a stub, or secondary zone to it. Set Child Dom DC to point to the root DC as primary DNS server and restart the child domain dc's netlogon service and allow they records to be created. What does Repadmin /replsum or REPLMON Gui show about the DNS partitions replication. Once DNS is sorted out, the Configuration partition will update the sites details as you require Regards -- Show quoteHide quoteGarry Starck MCITP, MCTS AD, MCSE 2003 Messaging, MCDBA "John" wrote: > I am duplicating production envir. to my test environment. > In my production envir. we have one forest with empty root > domain and one child domain. All servers and users are sitting > in the child domain. (windows 2003 R2 envir.) > > I dcpromo one root domain controller and one child domain controller > in the production envir. then I connect these two domain controllers > in my test envir. Then I seize all roles (5 roles) on the root domain > controller and seize 3 roles on the child domain controller. > > Later, I was able to introduce additional root and child domain controllers > in my test envir. But, when I check the Active Directory sites and services, > the newly promoted child domain controller ony shows in the active directory > sites and services of child domain but does not show in the active directory > sites and services of root domain. viceversa, the newly created additional > root domain controller does not show up in the active directory sites and > services > of child domain??? > > What am I missing? >  
Thread options
Other interesting topics
Domain Trust issue
problem reading gpt.ini Kerberos Tickets Renewal Infrastructure FSMO role owner attibute not correct in root domain What am I doing wrong? (Want to use Server 2003 R2 for Domain Cont Error message: During a logon attempt, the user's security context servers loooking for group policy on dead server How to Switch domains without having admin rights? problem with NIS and AD user attributes Problem After Defining Static RPC Port |
|||||||||||||||||||||||
