newbie < I NEED HELP ON AD!

  • Thread starter Thread starter marco
  • Start date Start date
M

marco

Hi guys,

I need some help here, i have a problem REALLY BAD!!!!!!! NEED HELP
HERE!!!!
we have 2 AD running, yesterday we have a maintenance on one of the AD.
when the maintenance is finish. we start the AD again AD goes up but
suddenly no one can't log-in on the domain,

what is the problem in the two AD? is there anyway to get this fixed?

please need help...
 
marco said:
Hi guys,

I need some help here, i have a problem REALLY BAD!!!!!!! NEED HELP
HERE!!!!
we have 2 AD running, yesterday we have a maintenance on one of the AD.
when the maintenance is finish. we start the AD again AD goes up but
suddenly no one can't log-in on the domain,

what is the problem in the two AD? is there anyway to get this fixed?
Click to expand...

Do you mean 2 DCs (which each have AD on them) for
the SAME domain?

Your problem is likely a DNS issue or a GC problem.

How many DNS servers do you have? Was your only DNS
server on the down/broken DC? Are all of the clients using
BOTH DNS servers in their NIC->IP properties?

Notice that DCs are DNS clients too, and so MUST be set
the same way.

If your DNS is not replicated that will cause trouble too.
So run DCDiag on all (working) DCs to check both DNS
and AD.

If DNS is covered then likely you are missing a GC (and
are in Native+ mode).

In a many small forests, and ALL single domain forests,
you can (and should probably) make every DC into a GC.


Double check the following DNS for AD tips:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
Thanks Herb,

yup two DC's with AD, as you see i'm really a newbie here. and what you
mean with GC is (Global Catalog?) actually i cannot elaborate more the
issuse cause i'm not the one who have done the maintenance, so i don't
know what is actually been done or my fellow teammates did!. i'll try
to check the DNS first and see if there is any problem there. thanks
for the prompt reply.
 
marco said:
Thanks Herb,

yup two DC's with AD, as you see i'm really a newbie here. and what you
mean with GC is (Global Catalog?) actually i cannot elaborate more the
issuse cause i'm not the one who have done the maintenance, so i don't
know what is actually been done or my fellow teammates did!.
Click to expand...

So are you now the one in charge of this?

When you don't know what something means you
should ask explicitly: What is a GC?

A GC is a Global Catalog server and runs ONLY
on an (already existing) DC. You enable one by
going into the AD Sites and Servcies, finding a
specific Site (you likely only have one, and it might
still be named "Default-First-Site-Name"), selecting
each DC, then select the NTDS* below the DC, and
finally right-click for the NTDS properties: There
you will find a check box to make the DC a GC.

Check the box to make both your DCs GCs.

*NTDS is just the programmers' or low-level term for
Active Directory.
i'll try
to check the DNS first and see if there is any problem there.
Click to expand...

How are you going to do that check? If you don't know
precisely then re-read my previous message and ask
more questions if it wasn't perfectly clear.
 
Back
Top