No announcement yet.

2003 forest root and child domain issues.

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2003 forest root and child domain issues.

    Hey guys, first time user here....however, Petri forums are usually one of my go-to spots for searching when it comes to IT issues.

    The jist of things:

    We have a Windows 2003 forest, an empty Forest root called ad.local and our main domain, a child of the forest, At some point in time last month we lost power, and the rack that the forest root domain controllers went offline. Power came back on, and it appeared that the servers were on, but both of the servers got stuck in the boot menu with some sort of error message. The worst part about this is, nobody knew about the issue until several weeks later later. Both the PDC and BDC in the forest root became tombstoned, and replication between the forest root and the child domain started to fail.

    What I was hoping to achieve was stand up two new servers in the forest root, join them to the forest root domain, promote them to DCs, and then transfer the Schema master and Domain naming master rolls to the new Domain controllers. Then once that was completed, I was hoping to resume replication with the child domain. All of that went off without a hitch, minus the whole resuming business as normal. Actually, quite a few things are still very screwy and I am not sure what to do.

    The original BDC in the forest root doesnt seem to want to recognize the 2 new Domain controllers. Neither of the computers are showing up in AD, and the new servers are not showing up in sites and services or DNS. Also, when you look at the operation master roles in AD Users and computers on the BDC, it shows "error" in the box that displays the current role holders. The PDC is showing the correct servers and is showing that all of the forest root FSMO roles have been transfered to the new DCs.

    I guess my question is two parts.....but

    A. Is the forest root completely hosed? Or is there a way to get replication between the forest root and the child to repair itself? I was reading around some forums and people were suggesting the remove lingering objects command, but I have not ventured down that road yet because I have not the slightest clue about how to use that tool. I also thought that perhaps maybe I should break the trusts to the forest root and then recreate the trusts, but I am not sure what impact that would have on the child domain.

    B. Is it possible to migrate a Server 2003 Child domain to a NEW forest root, or perhaps break away from the forest root and create its own new forest that would make the top level site?

    We are about to do a domain upgrade in about a month. Moving to VM infrastructure, and migrating to 2008 R2. I would seriously like to make this migration go as smooth as possible and NOT have to do a complete new domain. We have a lot of external users who would be up a creek and out of luck until they were able to get to the HQ office to have their computers joined to the new domain.

    The good thing is, regardless of all the replication issues with the forest root, our domain users are not seeing any issues and we have not had any problems with any of our services.
    As always, any insight or help on this matter would be greatly appreciated!

  • #2
    Re: 2003 forest root and child domain issues.

    Open a call with Microsoft as soon as you can. Don't change anything else and make sure your AD backups aren't going to expire. That's the best thing to do (and in my mind the only thing to do).

    Please read this before you post:

    Quis custodiet ipsos custodes?


    • #3
      Re: 2003 forest root and child domain issues.

      this doesn't help you much right now, but something to consider for discussion later.

      Power goes out, always, always, actually check servers are back. Don't just assume.
      Treat a power outage like any other disaster, and enact your DR plan. You probably won't have any problems, but at least you'll know you have no problems, AND it gives you an opportunity to test your DR plan and highlight flaws
      Please do show your appreciation to those who assist you by leaving Rep Point