Announcement

Collapse
No announcement yet.

Active Directory Replication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Replication

    My Current Setup

    One Domain,
    Two DCs(Windows 2003 Server) one @ each site with GC enabled, Two sites representing each location with different Subnet. The First DC at HeadOffice with DNS(AD Integrated) COnfigured. The Second DC is in branch office without DNS configured( Should i configure DNS herealso ??).

    My question is when itried to replicate both sites with REPLMON tool iget the following error..

    The synchronization of the directory partition(DC=DomainDnsZones,DC=domain,DC=com) falied. This may be because you have insufficient credentials

    The synchronization of the directory partition(DC=ForestDnsZones,DC=domain,DC=com) falied. This may be because you have insufficient credentials

    Can anybody let me know why this error coming up.

    Thanx in Advance....

  • #2
    Re: Active Directory Replication

    Hi,

    You don't need to configure the DC at the branch office as DNS server. Since you are using AD integrated DNS then the DNS zone will automatically be created on the Branch office DC as part of AD Replication. But what you can do, to speed up the resolution process and minimise WAN traffic is to configure Clients at the Branch office to use the DC there as primary DNS server and the other DNS server/DC as the secondary one (for fault tolerance).

    As per the error message with REPLMON, Is there any reason you want to force replication? Also is your domain a root or a child domain?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Active Directory Replication

      Thanx for your reply...

      At branch of office i have additional DC without DNS and Global Catalogue Enabled...

      Comment


      • #4
        Re: Active Directory Replication

        Ok, why don't you then enable the branch DC as GC and let the AD replication populate the DNS zones. That's presuming you have configured the branch office as a separate AD site for replication purposes.
        As I said before, when you setup a DNS server as AD integrated, any zones are stored in AD as containers and a copy of the zone is updated to all DC as part of the AD replication.

        Ta
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Active Directory Replication

          seems you got confused...If you go thru my text i clearly mentioned that both DC are enabled with GC. Hope i cleared...

          Comment


          • #6
            Re: Active Directory Replication

            Are you running replmon using an account with Domain admin rights? You will need to have those rights to force replication.
            I nerd therefore I am!

            Comment


            • #7
              Re: Active Directory Replication

              Yeah forcing replciation with Administrator Account...

              Comment


              • #8
                Re: Active Directory Replication

                Originally posted by khantmk View Post
                My Current Setup

                One Domain,
                Two DCs(Windows 2003 Server) one @ each site with GC enabled, Two sites representing each location with different Subnet. The First DC at HeadOffice with DNS(AD Integrated) COnfigured. The Second DC is in branch office without DNS configured( Should i configure DNS herealso ??).

                My question is when itried to replicate both sites with REPLMON tool iget the following error..

                The synchronization of the directory partition(DC=DomainDnsZones,DC=domain,DC=com) falied. This may be because you have insufficient credentials

                The synchronization of the directory partition(DC=ForestDnsZones,DC=domain,DC=com) falied. This may be because you have insufficient credentials

                Can anybody let me know why this error coming up.

                Thanx in Advance....
                the answer is very Simple, this is not a problem, but just misunderstanding a bit on how the replication works.
                you can't replicate the DomainDNSZones nor ForestDNSZones partitions , since your other DC is not a member on that Partitions/NCs.
                the reason why it is Not a member of this partition is b/c it doesn't have a DNS server service Installed on the DC.

                Unlike "L4ndy" claims that it replicates automatically to the other DC since it is an AD Integrated Zone, this is not entirely true.
                it is only true if the DNS is placed in the Domain Data Partition (Windows 2000 AD Configuration legacy).
                but it seems your DNS is in the DomainDNSZones which is replicated only to DCs that hold a DNS service on them as well.
                as a golden rule:
                When You add the DNS server service to a DC this DC is automatically added to the replica members of the DNS partition but uninstalling the DNS Server service doesn’t remove it from the replica members of the partition in question.

                Only after installing the DNS on the 2nd DC it would add itself to the ForesfDNSZones & DomainDNSZones partitions and you would be able to replicate those as well along with the other three Partitions (Schema/Configuration/Domain Data).


                References:
                How Active Directory Replication Topology Works
                http://technet2.microsoft.com/Window....mspx?mfr=true

                Advanced Replication Management
                http://www.microsoft.com/technet/pro....mspx?mfr=true
                Last edited by Akila; 21st October 2008, 18:39.

                Comment


                • #9
                  Re: Active Directory Replication

                  Thanx Mr. Akila

                  Shall igo ahead with installing DNS on other DC also so that iwill get Redundncy for this service...otherwise suggest me..

                  Comment


                  • #10
                    Re: Active Directory Replication

                    If DNS is AD integrated just install DNS on the branch DC. Point it to itself (127.0.0.1) and you should be setup correctly.
                    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                    Comment


                    • #11
                      Re: Active Directory Replication

                      Originally posted by Akila View Post
                      Unlike "L4ndy" claims that it replicates automatically to the other DC since it is an AD Integrated Zone, this is not entirely true.
                      it is only true if the DNS is placed in the Domain Data Partition (Windows 2000 AD Configuration legacy).
                      but it seems your DNS is in the DomainDNSZones which is replicated only to DCs that hold a DNS service on them as well.
                      as a golden rule:
                      Yes, true Akila. Forgot to mention that the DNS server service needs to be started on the additional DC unless of course the Zone replication scope was set to "All DCs in the Domain"

                      Cheers
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment


                      • #12
                        Re: Active Directory Replication

                        Actually my Branch Office DC DNS was pointing to Head Office DNS. On this same settings i installed DNS and working fine...Will this cause any problem...

                        Domain: domain.com
                        Headoffice
                        DC1
                        IP:192.168.x.1
                        DNS: 192.168.x.1
                        DC2:
                        IP:192.168.y.1
                        DNS:192.168.x.1

                        Comment


                        • #13
                          Re: Active Directory Replication

                          If DNS is correctly replicating between servers each server should be looking at their local DNS server to resolve queries quicker. It will work fine as it is, but for performance sake you should correct the DNS configuration.
                          Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                          Comment


                          • #14
                            Re: Active Directory Replication

                            Originally posted by khantmk View Post
                            Actually my Branch Office DC DNS was pointing to Head Office DNS. On this same settings i installed DNS and working fine...Will this cause any problem...

                            Domain: domain.com
                            Headoffice
                            DC1
                            IP:192.168.x.1
                            DNS: 192.168.x.1
                            DC2:
                            IP:192.168.y.1
                            DNS:192.168.x.1
                            no, that is not a problem , you can point the TCPIP settings to any DNS server if you like.
                            I would suggest you Install a DNS on the branch Office DC as well.
                            As for where to config the DC's DNS settings to point to:
                            Technical Reference There is no single, correct way to configure where DCs point for DNS. As long as name resolution is fast, correct, and uses as little network bandwidth as possible, the solution is a good one. What you should focus on is developing and implementing a consistent methodology. Following are the most common methodologies chosen:
                            * DC points to another DC (often in its site, if available), then to itself, and then potentially to a third server.
                            * DC points to itself, then to another (often in its site, if available), and then potentially to a third server. One potential negative to this is that false errors will often be generated during a shutdown or startup because of race conditions while services are stopping or starting.
                            * All DCs point to a single centralized server, then to themselves, and then potentially to a third server. This option allows all DCs to typically have a consistent view of the environment from a DNS perspective. It can also make it easier to troubleshoot certain issues.

                            DNS References
                            TechNet Support WebCast: Troubleshooting Active Directory Problems Caused by DNS
                            http://support.microsoft.com/?id=891735
                            How to Use DNSLint to Troubleshoot Active Directory Replication Issues
                            http://support.microsoft.com/?id=321046
                            How to Reconfigure an _msdcs Subdomain to a Forest-wide DNS Application Directory Partition When You Upgrade from Windows 2000 to Windows Server 2003 (817470)
                            http://support.microsoft.com/?id=817470
                            Windows 2000 DNS White Paper
                            http://download.microsoft.com/downlo...0d2/w2kdns.doc
                            Microsoft Domain Name System (DNS) Center
                            http://www.microsoft.com/Windows2000...ns/default.asp
                            Training: Understanding and Troubleshooting DNS in Windows 2000
                            http://support.microsoft.com/?id=330511
                            Problems with Many Domain Controllers with Active Directory Integrated DNS Zones
                            http://support.microsoft.com/?id=267855
                            A MicrosoftDNS container is created before full replication and causes a DNS conflict in Windows Server 2003
                            http://support.microsoft.com/?id=836534
                            Last edited by Akila; 22nd October 2008, 12:54.

                            Comment

                            Working...
                            X