Active Directory Broken

[DFleming]

I have a stand alone Windows 2000 server that I upgraded from a stand
alone server on a peer to peer network configuration to a stand alone
domain controller on an Active Directory domain.

After installing Active Directory on the server using the included wizards
and rebooting the server, I have been unable to join my LAN PCs to the
Active Directory domain. I have also been getting the following error
messages constantly repeated in the server's event log:

Event ID 1126
Unable to establish connection to the global catalog.

Event ID 1002
Default group policy object cannot be created. Error 1355 to open and bind
to DS.

Event ID 1000
Windows cannot determine the user or computer name. Return value (1355).

When attempting to join member PCs to the domain, the network ID wizard on
the PCs return an error about not being able to find a Domain Controller
or the DNS entries for the Domain Controller were not found or improperly
addressed. However, I have looked through the DNS database records and
configuration on the DC and the associated AD pointers are defined
correctly in the DNS database on the server.

I tried to remove Active Directory from the server and reinstall it, but
the dcpromo wizard fails during the removal process saying it cannot find
the domain controller for the domain.

Can someone help explain the nature of what the problem is and suggest a
process for:

Enabling connection to the global catalog. Enabling connection to the
Group Policy objects. Enabling member PCs to query DNS and connect to the
DC defined in the DNS database.

Thanks.

Duke Fleming
Fleming Associates Inc.

 

[Danny Sanders]

Your DNS is improperly set up.

AD must have a DNS server set up for the AD domain, point the AD DNS server
to itself for DNS in the properties of TCP/IP, point all AD clients to the
DNS server set up for the AD domain ONLY. For Internet access set up your AD
DNS server to forward requests and list your ISP's DNS servers as the
forwarders. This is the ONLY place on your AD domain your ISP's DNS server
should be listed. NOT on your clients.

See:
Best Practices for DNS Client settings in Windows 2000 server and in Windows
Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en-us;237675

How to configure DNS for Internet access in Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202



hth

DDS W 2k MVP MCSE

 

[DFleming]

Perhaps my original post was unclear...my apologies.

DNS is installed on the 2000 server on which AD was installed. The static
IP address for the single NIC on the server is referenced in the IP config
as the primary DNS server for the network. I ran "ipconfig /registerdns"
from the command line and all the required AD registrations were
created and are present in the DNS database on the server.

The server is also providing DHCP for the LAN workstations. The DHCP
scope points to the static IP address of the server as the only DNS server
on the network.

DNS is working correctly, except when I try to join clients to the domain.

I am concerned about the error mesages that say that the global catalog is
unavailable, and that I cannot open group policy management from the MMC.
Some AD objects are clearly broken....the question is, how do I fix them
without wiping the install and starting over.

Thanks for you response and assistance.