Announcement

Collapse
No announcement yet.

ADMT & Trusts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ADMT & Trusts

    Hi All,

    Am new to this forum, so pls bear with - I hope someone out there can help me. Scenario goes as follows:- Did have 2 servers (W2K3) running small domain of 40 users (XP Clients) Server 1 was FSMO holder, 2 was general backup, etc. Server 1 goes pop, then clients start taking ages to log onto domain and I notice they are unable to resolve DNS queries. After many hair pulling sessions managed to get all roles transferred/seized onto server 2, clients still taking eons to logon to domain, able to ping server by ip but not by name so suggests DNS probs. Decide to demote server 1 to member server, remove DNS role (some of you are prob cringing by now), reinstall AD (minus all accounts but they are all on 2) and then re-instate DNS into new domain (boss wanted new name for domain??) say for arguments sake new.domain.com whereas old was just domain.com

    Situ is as follows. Server 1 now has AD, also has DNS, can see server 2 by name on a ping no problem and vice versa - but now they are both sitting in two different domians, as old domain for server 2 is domain.com and new domain for server 1 is new.domain.com. So Im thinking if I can get all objects transferred across etc I can do the same to server 2 and make a new domain that the clients can ping.

    Have managed to set a trust from 1 to 2 but it wont allow me to make it transitive, I can neither use the ADMT as it just gives an error=5 and prompts the domain name so Im assuming it can resolve domain name (which is odd as I can ping it by name).

    Im hoping anyone out there can point me in the right direction as im running out of time here and am baffled as to why this has happened. What am I doing wrong???

    Any help you can give chaps/chapesses will be greatly appreciated.

    Regards

    Steve a.k.a Kalel

  • #2
    Re: ADMT & Trusts

    Oh oh what have you done

    First issue was probly due to you not making the second DC a global catalogue (A nice simply check box)

    IIRC a parent / child domain structure should automatically create transitive trusts between the parent and child.

    If I was you I would try and remove the second domain and migrate all your accounts back into the root domain.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: ADMT & Trusts

      Hi Michael,

      Thanks for your reply, however I think (think being the operative word) that the second DC was already a GC. Problem is according to microsoft you shouldnt transfer certain roles to DC's that are already GC's - namely the infrastructure master role, so I switched off Global Catalogue before transferringr oles.

      As it stands all the roles are now on the 2nd DC, I am wondering wether I should just remove the server that I have been playing with out of the domain, remove AD and DNS and re-instate it back into the original domain, then hopefully with a bit of tidyup I can get the clients to resolve quickly.

      Steve

      Comment


      • #4
        Re: ADMT & Trusts

        Originally posted by kalel View Post
        Problem is according to microsoft you shouldnt transfer certain roles to DC's that are already GC's - namely the infrastructure master role
        this is normally only applicable when you have multiple domains in multiple sites. You wont experience this problem with two DC's in the same site.

        Originally posted by kalel View Post
        As it stands all the roles are now on the 2nd DC, I am wondering wether I should just remove the server that I have been playing with out of the domain, remove AD and DNS and re-instate it back into the original domain, then hopefully with a bit of tidyup I can get the clients to resolve quickly.

        Steve
        As long as all your AD objects are still in the parent domain then this should be OK (I would rebuild the server as well just to make it a clean build

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment

        Working...
        X