How do I know if I have one or two AD Forests?

Toggle sidebar Toggle sidebar
C

Chris

Distinguished
Dec 7, 2003
2,048
0
19,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have inherited a Microsoft network that I know have two domains. However,
what I don't know is if they are in one forest or separate forests. Is there
an easy way for me to tell this? I am in the process of redesigning my AD and
really need to know this.

Thanks in advance,
Chris
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Chris" <Chris@discussions.microsoft.com> wrote in message
news:D51FB7EB-5E59-4875-9056-F932FBF5FD91@microsoft.com...
> I have inherited a Microsoft network that I know have two domains.
However,
> what I don't know is if they are in one forest or separate forests. Is
there
> an easy way for me to tell this?


> I am in the process of redesigning my AD and
> really need to know this.

Try this: Open AD Domains and Trusts -- right click
and choose Domain Naming master.

This is a forest wide role so if the name of this server
is the same then you have one forest (Ok someone really
pathological, COULD make two separate domains with
the same name and have the DNM on servers with the
same name, but in that case the domains could not have
different names.)

There is precisely one Domain Naming Master per
forest but if replication if a role has been seized then
you could in theory have "two different DNM server"
with one forest -- a serious problem by the way.

A more direct way to determine the answer using
NTDSUtil (the colons below are not typed, I am just
trying to show the task level using them for indent):

ntdsutil
: metadata cleanup
:: connections
::: Connect to server DC_NAME
::: quit
:: select operation target
::: list domains

[ see list of ddomains that DC_NAME knows about ]

::: quit
:: quit
: quit


There may be a more direct way but this is reliable.

(Actually I can think of a way that a really hosed system
might show the domains as if in two different forests, when
they really aren't -- but again, that would involve having
two different DNMs due to "seizing" roles some time in the
past.)

Never seize roles (when a role holder will EVER be returned
to the network) -- but you have no control over what some
previous admin may have done in the pass.

I am interested to see if any of the really smart folks on this
newgroup can come up with a truly foolproof AND direct
method.

Don't get me wrong -- the above is almost certainly going
to tell you the truth, but I can think of really bizarre situations
where the answer would be deception.

Oh, and those cases could be overcome by using DCDiag,
RplAdmin, or ReplMon to ensure full replication -- since any
deception would require incomplete replication.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom