Replication/DNS question

  • Thread starter Thread starter gm
  • Start date Start date
G

gm

Description:

Forest company.corp, forest root domain company.corp. Another domain (as a
tree root), dept.lab.

Two DCs in company.corp, with DNS, WINS, DHCP, Global Catalog on each (DC1,
DC2), 1 DC in dept.lab (LABDC1), with DHCP and Global Catalog. The domains
are on two different subnets within the same site. The LABDC1 in dept.lab
is looking to company.corp for DNS and WINS, it does not have DNS or WINS
installed.

Both domains are an upgrade from NT 4.0 to Win2k. They had trust between
them so they were configured the same way, as separate trees in the
company.corp forest, after the upgrade. I don't know why DNS/WINS was not
installed on LABDC1, I inherited the setup. The DCs were replicating fine
after the upgrade, DC1 to DC2 and LABDC1, and DC2 to DC1 and LABDC1. Each
DC could see the other two in AD Site and Services/Servers/ServerName/NTDS
Settings, with entries automatically generated. No DNS or WINS name
resolution problems, time synch working fine, AD working fine.

There is an Exchange 2003 Ent. SP2 server in company.corp domain. It was
installed into Win2k forest. There is still an ADC connector since it was
migrated from Exchange 5.5. The E5.5 server was removed from site.

Two weeks ago I had to start upgrading to Win2k3. I ran adprep /forestprep
on schema master (PDC), then /domainprep /gpprep on both domain PDCs. It
worked like a charm, no errors. Next, I upgraded the company.corp domain
PDC (forest master) to Windows 2003 SP1. No problems.

Then I added a new W2k3SP1 domain controller, DC3, to the company.corp
domain, w/own DNS, WINS, DHCP. It worked, no errors. The only issue I see
is the replication between DC3.company.corp and LABDC1.dept.lab. They don't
have an entry for each other in AD Site and Services/Servers/ServerName/NTDS
Settings, it was not automatically generated. Dcdiag, netdiag, dns tests,
nltest - no errors anywhere. I upgraded LABDC1 to W2k3SP1 - replication to
DC1 and DC2 did not work until I changed RestrictAnonymous value to 1, since
then it works fine, but still DC3 and LABDC1 don't see each other in AD Site
and Services/Servers/ServerName/NTDS Settings

How can this be fixed? Do I need to add the connection manually between DC3
and LABDC1? I have to fix it because DC1 and DC2 controllers will be
demoted and removed after moving roles to DC3 and another new controller
that will be set up.

Also, I would like to install DNS for corp.lab domain and move corp.lab zone
to it from company.corp DNS servers. What is a proper procedure for this?
There are articles describing child domain DNS setup but not a second tree
setup like mine. A new controller will also be added to dept.lab, roles
moved, and the old one decommissioned.

Advice, help, pointers to sites/articles greatly appreciated.

Jill
 
How can this be fixed? Do I need to add the connection manually between
DC3
and LABDC1?
Click to expand...
If by "don't see each other" you meant that there is no connection object,
then yes, you can manually create one, especially given the fact that you
said you plan to demote the other DCs. BTW, the object is only created
automatically when it is considered needed. In your case, since the LABDC is
already connected to the other 2, another one to DC3 is not considered
necessary. That's why it wasn't created. If you demote the other 2 DCs
without manually creating a connection to between DC3 and LABDC, you will
see that it will be automatically created in due course.
Also, I would like to install DNS for corp.lab domain and move corp.lab
zone
to it from company.corp DNS servers. What is a proper procedure for this?
There are articles describing child domain DNS setup but not a second tree
setup like mine. A new controller will also be added to dept.lab, roles
moved, and the old one decommissioned.
Click to expand...

Install DNS, create a corp.lap zone as secondary and point to one of the DCs
as master. After the zone transfers over, change it from secondary to
AD-integrated Primary zone.

HTH
Deji
 
deji said:
If by "don't see each other" you meant that there is no connection object,
then yes, you can manually create one, especially given the fact that you
said you plan to demote the other DCs. BTW, the object is only created
automatically when it is considered needed. In your case, since the LABDC is
already connected to the other 2, another one to DC3 is not considered
necessary. That's why it wasn't created. If you demote the other 2 DCs
without manually creating a connection to between DC3 and LABDC, you will
see that it will be automatically created in due course.


Install DNS, create a corp.lap zone as secondary and point to one of the DCs
as master. After the zone transfers over, change it from secondary to
AD-integrated Primary zone.

HTH
Deji
Click to expand...
Thank you, Deji. When I change secondary zone in DNS in corp.lab, will I
need a seconday zone for corp.lab in company.corp?

Jill
 
gm said:
Thank you, Deji. When I change secondary zone in DNS in corp.lab,
will I need a seconday zone for corp.lab in company.corp?
Click to expand...
You've got it backwards. AD zones reside in DNS servers. DNS servers do
not have to reside in AD domains.

Your DNS servers do not have to be in particular domains. They don't
have to be in your domains at all. They could be on the moon and your AD
would still function correctly. All that DNS provides is the facility
for AD to register stuff in the AD zones that it looks after.

Think of DNS as being seperate from Active Directory and AD registering
and looking up stuff in DNS.

That said, most people these days who have AD do make their DCs DNS
servers and AD Integrated. Then they can take advantage of replication.
But it is NOT essential.

Cheers,

Cliff
 
Back
Top