Peer domain controllers in AD?

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Why is it when my 2 AD Server domain when my main server goes down (the first
one added to the domain), nobody and log in?.....I thought the second domain
controller was the peer..... and I have integrated DNS running... do i have
something configured wrong?

thanks

rob davis...

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

davisr65,

I am wondering what is the OS of the DCs and the functional level of domain
/ forest? Also what is the OS of the client computers?

If your DC2 was not properly promoted (ie SYSVOL is not shared) it is likely
not advertising as a DC. Also if you are in native mode and DC02 is not a
global catalog, you are bound to have problems, although clients should be
able to logon with cached credentials.

I would recommend that you run a DCDIAG /V on both DCs and look for
failures. Let me know if you have more data.



"davisr65" wrote:

> Why is it when my 2 AD Server domain when my main server goes down (the first
> one added to the domain), nobody and log in?.....I thought the second domain
> controller was the peer..... and I have integrated DNS running... do i have
> something configured wrong?
>
> thanks
>
> rob davis...

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"davisr65" <davisr65@discussions.microsoft.com> wrote in message
news:8942D7B2-FACA-4078-8DC0-CC288ED1D24F@microsoft.com...
> Why is it when my 2 AD Server domain when my main server goes down (the
first
> one added to the domain), nobody and log in?.....I thought the second
domain
> controller was the peer..... and I have integrated DNS running... do i
have
> something configured wrong?

Usually it is one of these: The only GCC is going down in Native Mode OR
you have DNS issues.

With a single domain forest you should make all DCs into GCs.

Then double (triple) check your DNS. The vast majority of such problems
are really DNS issues.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I ran dcdiag /V and the following errors showed when testing replication
"A recent replication attempt failed: from DC2 to DC1
The Replication generated an error (1722)
The RPC is Unavailable."

I assume i have to look at RPC on the servers...

"Bart K" wrote:

> davisr65,
>
> I am wondering what is the OS of the DCs and the functional level of domain
> / forest? Also what is the OS of the client computers?
>
> If your DC2 was not properly promoted (ie SYSVOL is not shared) it is likely
> not advertising as a DC. Also if you are in native mode and DC02 is not a
> global catalog, you are bound to have problems, although clients should be
> able to logon with cached credentials.
>
> I would recommend that you run a DCDIAG /V on both DCs and look for
> failures. Let me know if you have more data.
>
>
>
> "davisr65" wrote:
>
> > Why is it when my 2 AD Server domain when my main server goes down (the first
> > one added to the domain), nobody and log in?.....I thought the second domain
> > controller was the peer..... and I have integrated DNS running... do i have
> > something configured wrong?
> >
> > thanks
> >
> > rob davis...

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> Why is it when my 2 AD Server domain when my main server goes
> down (the first
> one added to the domain), nobody and log in?.....I thought the
> second domain
> controller was the peer..... and I have integrated DNS
> running... do i have
> something configured wrong?
>
> thanks
>
> rob davis...

are both DCs also GCs? If not make ALL the DCs in your single domain
forest also GCs through sites and services or through repadmin

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Peer-domain-controllers-AD-ftopict396546.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1307744

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, Today I lost all NTFS permissions on my SAN drive and had to run chkdsk
/f which did restore the data, but....shares had to be recreated manually...
since then, the GC went down... on this server.., so i reset another domain
controller to takeover as the GC... My question to you ......There can be
more than one Global catalog in a windows 2000 domain?......it thought that
only windows 2003 domain can have multiple GC's is this true let me
know...Please let me know

thank you all for your responses...

"Herb Martin" wrote:

> "davisr65" <davisr65@discussions.microsoft.com> wrote in message
> news:8942D7B2-FACA-4078-8DC0-CC288ED1D24F@microsoft.com...
> > Why is it when my 2 AD Server domain when my main server goes down (the
> first
> > one added to the domain), nobody and log in?.....I thought the second
> domain
> > controller was the peer..... and I have integrated DNS running... do i
> have
> > something configured wrong?
>
> Usually it is one of these: The only GCC is going down in Native Mode OR
> you have DNS issues.
>
> With a single domain forest you should make all DCs into GCs.
>
> Then double (triple) check your DNS. The vast majority of such problems
> are really DNS issues.
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ....or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /serverC-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Label domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"davisr65" <davisr65@discussions.microsoft.com> wrote in message
news:FF2CFCA2-8F5D-4BE3-B9D1-80E919A4E0E5@microsoft.com...
> Herb, Today I lost all NTFS permissions on my SAN drive and had to run
chkdsk
> /f which did restore the data, but....shares had to be recreated
manually...
> since then, the GC went down... on this server.., so i reset another
domain
> controller to takeover as the GC... My question to you ......There can be
> more than one Global catalog in a windows 2000 domain?

Yes. In small forests (all those with one domain) all DCs should usually
be GCs.

> ......it thought that
> only windows 2003 domain can have multiple GC's is this true let me
> know...Please let me know

No, it is incorrect. You may have as many GCs are you wish.

The only caveats are that you should not use excessive GCs in a multiple
Domain Forest when the domains are LARGE, and you should not have
the Infrastructure master be a GC unless ALL DCs in that domain are GCs.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> thank you all for your responses...
>
> "Herb Martin" wrote:
>
> > "davisr65" <davisr65@discussions.microsoft.com> wrote in message
> > news:8942D7B2-FACA-4078-8DC0-CC288ED1D24F@microsoft.com...
> > > Why is it when my 2 AD Server domain when my main server goes down
(the
> > first
> > > one added to the domain), nobody and log in?.....I thought the second
> > domain
> > > controller was the peer..... and I have integrated DNS running... do
i
> > have
> > > something configured wrong?
> >
> > Usually it is one of these: The only GCC is going down in Native Mode
OR
> > you have DNS issues.
> >
> > With a single domain forest you should make all DCs into GCs.
> >
> > Then double (triple) check your DNS. The vast majority of such problems
> > are really DNS issues.
> >
> > DNS for AD
> > 1) Dynamic for the zone supporting AD
> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
> > that internal, dynamic DNS server (set.)
> > 3) DCs and even DNS servers are DNS clients too -- see #2
> > 4) If you have more than one Domain, every DNS server must
> > be able to resolve ALL domains (either directly or
indirectly)
> >
> > netdiag /fix
> >
> > ....or maybe:
> >
> > dcdiag /fix
> >
> > (Win2003 can do this from Support tools):
> > nltest /dsregdns /serverC-ServerNameGoesHere
> > http://support.microsoft.com/kb/q260371/
> >
> > Ensure that DNS zones/domains are fully replicated to all DNS
> > servers for that (internal) zone/domain.
> >
> > Also useful may be running DCDiag on each DC, sending the
> > output to a text file, and searching for FAIL, ERROR, WARN.
> >
> > Single Label domain zone names are a problem Google:
> > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
> >
> > --
> > Herb Martin, MCSE, MVP
> > Accelerated MCSE
> > http://www.LearnQuick.Com
> > [phone number on web site]
> >
> >
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for all the info to you all.... i did sucessfully made the second DC
a GC also, which fixed a couple problems... 1, my time servers was unable to
sync up, 2 replication seems to be working now between the servers...... As
to losing my Share permissions on all folders, and messing up ntfs
permissions, I suspect that it was from when i was attempting to fix my
NTFRS... which i followed the direction to a "T" as the event viewer
recommended step by step after running this fix , then I lost all of my
permission..... This had happended to me in the past were i lost my ntfs
permissions and i do recall, it was after working on ntfrs issues..... what
do you think?

"Jorge_de_Almeida_Pinto" wrote:

> "" wrote:
> > Why is it when my 2 AD Server domain when my main server goes
> > down (the first
> > one added to the domain), nobody and log in?.....I thought the
> > second domain
> > controller was the peer..... and I have integrated DNS
> > running... do i have
> > something configured wrong?
> >
> > thanks
> >
> > rob davis...
>
> are both DCs also GCs? If not make ALL the DCs in your single domain
> forest also GCs through sites and services or through repadmin
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-Peer-domain-controllers-AD-ftopict396546.html
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1307744
>