If you've only got two DCs and they're not replicating then your DNS setup
is either wrong, or you've managed to create the island problem.
Point both DCs at DC1 for DNS (assuming DNS is installed on the DCs,
otherwise point them at the primary DNS server) and restart the netlogon
service. Once you've restarted the netlogon service, run ipconfig
/registerdns on both, wait 6-10 minutes and change the 2nd DC back to
pointing at itself (if you like) or leave as is.
The above assumes that the DHCP client, yes client, service is running on
both DCs and is set to automatically start, and that the DNS zone is set to
accept dynamic updates.
You cannot point to external DNS servers when using AD. You must point to
internal DNS servers, and let these internal DNS servers do the external
resolution.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
'Trust for Delegation' should never be unchecked on a DC.
'the other uses the old password' = I assume you mean that you change
an admin's password and the change doenst make it to the other DC. In
this case you probably have a replication problem. Run 'repadmin
/showreps' on each DC, determine if you have any failures, and go from
there.
However, if it is machine account passwords that you are referencing,
you can reset the password on a DC using 'netdom resetpwd
/server:<Name_of_PDCe>' (stop the KDC service and flush the Kerberos
ticket cache first)
Chris Malone
