Creating accounts on PDC aren't recognized.

  • Thread starter Thread starter John Park
  • Start date Start date
J

John Park

Greetings!

I have an interesting issue: I setup a W2K PDC & BDC
w/Active Directory for a single domain and when I create
accounts now on the PDC, they aren't recognized unless I
create them on the BDC as well, which is strange because I
was just able to create userids the day before this
started happening. The only thing that I can think of is
that it all started happening after I applied Service Pack
4 Express Install and other critical updates.

The other thing is I noticed in the event log for active
dir. an error pertaining to "unable to establish to the
global catalog". I checked the settings and the PDC was
checked as a global catalog, but the BDC was not. So, I
checked the box for global catalog and rebooted both
DC's. Any insight is much appreciated!

Thanks in advance,
John
 
I have an interesting issue: I setup a W2K PDC & BDC
w/Active Directory for a single domain
Click to expand...

Sorry, but would you be so kind to explain how to setup a PDC and BDC
in W2k? AD doesn't have a PDC/BDC concept (NT 4.0 BDCs in mixed
domains only) and W2k cannot act as a PDC/BDC in an oldfashioned NT 4
domain.

Ciao, Walter
 
Thanks Walter! Okay, let's just say it's not a "PDC/BDC"
setup. Rather, it's 1 DC with an additional DC. I kind
of new to W2K and AD, so please forgive my
ignorance....why is it that when I create accounts on the
1st DC, they're not recognized unless I create them on the
2nd DC? Also, does it make sense for both DC's to run
DHCP services for the same IP Scope? Any insight is
appreciated!

- John
 
Thanks Walter! Okay, let's just say it's not a "PDC/BDC"
setup. Rather, it's 1 DC with an additional DC. I kind
of new to W2K and AD, so please forgive my
ignorance....why is it that when I create accounts on the
1st DC, they're not recognized unless I create them on the
2nd DC?
Click to expand...

Don't know what you have done, therefore a diagnosis is a little bit
difficult
Also, does it make sense for both DC's to run
DHCP services for the same IP Scope? Any insight is
appreciated!
Click to expand...

A second DHCP will do no harm because the servers will test each lease
before giving it to a client. This will avoid a DHCP-server to give an
IP to a client which is already occupied by another one.

But your question gives me a weird idea: Do you have run DCPROMO?
<eg>

If yes: Please check your DNS settings for each server.

Ciao, Walter
 
If you are creating objects on one DC and they do not appear on the other
DC then it sounds like AD replication is not working properly. Verify that
DNS is setup correctly between the two DCs and that replication is
occurring. Assuming that you have DNS configured on the original DC, I
would point the second DC's preferred dns server to the original DC only
and then test.

The following articles may help you:
238369 HOW TO: Promote and Demote Domain Controllers in Windows 2000
http://support.microsoft.com/?id=238369

260371 Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?id=260371

298143 How to Verify an Active Directory Installation
http://support.microsoft.com/?id=298143
-------------------
| Content-Class: urn:content-classes:message
| From: "John" <[email protected]>
| Sender: "John" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: Creating accounts on PDC aren't recognized.
| Date: Mon, 17 Nov 2003 22:22:53 -0800
| Lines: 27
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcOtnGYovFHGZ/jjRbGZCPVLdS2PNg==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:56567
| NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
|
| Thanks Walter! Okay, let's just say it's not a "PDC/BDC"
| setup. Rather, it's 1 DC with an additional DC. I kind
| of new to W2K and AD, so please forgive my
| ignorance....why is it that when I create accounts on the
| 1st DC, they're not recognized unless I create them on the
| 2nd DC? Also, does it make sense for both DC's to run
| DHCP services for the same IP Scope? Any insight is
| appreciated!
|
| - John
|
| >-----Original Message-----
| >>I have an interesting issue: I setup a W2K PDC & BDC
| >>w/Active Directory for a single domain
| >
| >Sorry, but would you be so kind to explain how to setup a
| PDC and BDC
| >in W2k? AD doesn't have a PDC/BDC concept (NT 4.0 BDCs
| in mixed
| >domains only) and W2k cannot act as a PDC/BDC in an
| oldfashioned NT 4
| >domain.
| >
| >Ciao, Walter
| >.
| >
|

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
John,

You have some terminology issues that might cause confusion for us. As
Walter stated, there is no more PDC/BDC scenario in WIN2000. Those are
WINNT 4.0 terms. WIN2000 simply has 'Domain Controller'. Each DC has a
writable 'AD database' ( ntds.dit ) and Active Directory Replication is used
to 'synch up' the databases. This is a bit simplified, but hopefully clear.

As David suggested, it looks like there could be an AD Replication problem.
There are some tools that can help you to pinpoint the problem area(s). On
the WIN2000 Server CD in the Support | Tools folder you can run Setup.exe.
This will install the Support Tools. These tools are also located on the
Service Pack CD. I would use the Service Pack CD if available.

I would install the Support Tools on all of your WIN2000 Server. On the two
DCs I would run both dcdiag /v >c:\dc01dcdiag.log and netdiag /v
c:\dc01netdiag.log ( on the second DC change the log file name to
Click to expand...
dc02dcdiag.log and dc02netdiag.log respectively ). Then use Notepad to open
up each file and look for fail and error. Using 'fail' as the search
parameter will also find and 'failed' and 'failure' entries.

I would also use repadmin /showreps so that you can have an idea of who is
replicating what with whom. You see, there are three Partitions, or Naming
Contexts, that are replicated: the Schema NC, the Configuration NC and the
Domain NC. Replication is a one-way process based on each NC.

A graphical tool to use would be ReplMon.

Also, let's not forget the most basic tool in the whole lot: PING! Sitting
at dc01 can you ping dc02 the three ways ( via IP Address, NetBIOS name, DNS
Name )? So, if you enter 'ping 192.168.1.2' do you get a response? How
about with 'ping dc02'? How about with 'ping dc02.yourdomain.com'? How
about sitting at dc02? Can you ping dc01 all three ways?

I would also take a look at DNS. DNS is so very very important with
WIN2000. Sitting at both DCs, if you enter 'nslookup yourdomain.com' what
do you get?

HTH,

Cary
 
Back
Top