No announcement yet.

Windows 2008 AD Parent / child Won't sync

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 AD Parent / child Won't sync

    Hello all,

    At our company we have a nice little project in the works were Iím challenged to create a Parent domain server (windows 200 with, at this time one child (windows 2008 R2). There will be more in the future. Iíve created the Child (parent was already running before I joined the company) from scratch and joined them in the Forrest with a new domain name. Taking contoso as an example the parent is called, the child

    I noticed that I can login on the child with the domain name CONTOSO\Administrator without any problems. Even the domain GB\Administrator works. But when I check the Active Directory on the child DC itís empty, even when I push replicate now in Active directory Sites and Services nothing happens. The NTDS settings are correct, from SRV01 in the Contoso domain thereís a Rule that connects to the GBSRV01 in the child domain. From the GBSRV01 thereís also an connection to the SRV01 in the Contoso domain. Still when I press Replicate now nothing happens.
    I have checked the log files and canít find anything that suggest that there is anything wrong in the settings.

    Can anybody help me with this problem.

  • #2
    Re: Windows 2008 AD Parent / child Won't sync

    What do you mean by "Active Directory on the child DC itís empty?"
    Is the DC in the Domain Controllers OU?
    Is there users and groups in the Users container?

    The reason you can logon with the parent domain's administrator account is because it is part of the Enterprise Admins group which has administrative access in all domains in the forest.

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Windows 2008 AD Parent / child Won't sync

      A child domain is a completely new domain in its own right, so I would expect it would be empty to start with.

      If you want another DC with the same users and groups as the parent domain then you would add that DC to the parent domain and it would replicate all the users and groups etc to the new DC. This does not happen for child domains.

      A child domain has its own name space, will have its own DNS zone and have its own users and groups but will be fully trusted with its parent domain (transitive trust).