Sign in with
Sign up | Sign in
Your question

I inherited a WIndows 2003 AD domain with 2 Sites (Site1 and Site 2). I have a DC in both sites with the PDC being in Site 2.

Tags:
  • Windows Server 2003
  • Domain
  • Business Computing
Last response: in Business Computing
Share
October 14, 2013 10:09:30 AM

I inherited a Windows 2003 AD domain with 2 Sites (Site1 and Site 2). I have a DC in both sites with the PDC being in Site 2. Both DC's have GC role (Im assuming for each site you have to have a GC). Site 2 (local offices) is connected to Site 1 (Another City) via a Static VPN connection. I'm currently having problems authenticating anything when Site 1's DC is not available. Why? I need to make sure I'm not going to be locked out when I shut Site 1 down.

More about : inherited windows 2003 domain sites site1 site sites pdc site

October 15, 2013 10:09:59 AM

Do you have actual AD Sites setup? It sounds like it a single site with 2 physical locations.

You need to verify DNS on the DCs point to each other and not themselves. You'll have to check AD Replication to verify both DCs are functioning correctly.
Verify DNS is working correctly.

What steps have you done to test?
October 15, 2013 11:05:25 AM

I have two AD Sites setup. I suspect you are correct on the DNS issue.. I have the DC's on each site to primary point at the other DC on the other site and use a secondary of itself in case the remote DC is not available. For instance Site1 DC (BDC) points to Site2 DC (PDC) for primary DNS and secondary DNS is itself and reversed on Site2's DC (PDC).

I believe the PDC isn't working correctly based on sync log errors and specifically NTP. For instance: I have NTP server running on PDC in Site2, was able to do w32tm commands and the PDC in Site 2 and BDC in Site1 seem to be in sync. Created a BDC in Site2 and ran the command with /syncfromflags: DOMHIER and it errors out but if i use /manualpeerlist: (PDC name here),0x8 /syncfromflags:MANUAL, it works.

This leads me to believe I'm missing something that is letting the Domain know that the PDC is actually the PDC of the Domain. What tests do you recommend?
Thanks,

**** Update *****
I did "dcdiag /test:replications" from all my DC's and they show no problem.

riser said:
Do you have actual AD Sites setup? It sounds like it a single site with 2 physical locations.

You need to verify DNS on the DCs point to each other and not themselves. You'll have to check AD Replication to verify both DCs are functioning correctly.
Verify DNS is working correctly.
What steps have you done to test?

!