Second domain controller

[Guest]

I recently added a second domain controller to my active directory. Two days
later I brought down the (PDC). Users were not able to authenticate to the
other domain controller...does anyone know why?

 

[Harj]

Hi,

Well, are these clients pointed to the old PDC as their primary DNS
server?
If so how are they going to get to the new server with the DNS server
off?


Harj Singh
"Power Your Active Directory Investment"
www.specopssoft.com

 

[Seahawk60B]

Also - are you using DHCP - and was that on the PDC...

 

[Paul Bergson]

Could be dns or it could be no Global Catalog server exists.

Check your clients and see where they are pointing for dns services. Or did
you even install a second dns server on the first DC?

GC
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Yes, some clients are using DHCP, other are not

 

[Guest]

I have DNS running on the first DC (PDC) but not on the second DC
(BDC)...thats probably my problem, right?

 

[Paul Bergson]

That is the problem, how about the Global Catalog piece.

If the old server is a non-AD integrated server follow the instructions from
the link below. Once complete go to the second server and isntall dns on
it, the system will sutomatically populate everything and start serving up
client requests. Then you need to go to each client and point the dns
services to both servers (Or just the new one if the old is going away).

http://support.microsoft.com/default.aspx?scid=kb;en-us;198437

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Tim.Olsen]

Paul is right on the money.

One more thing to consider, if you had only one DC, it held all the
FSMO's. You don't say how you brought down the other DC, If it wasn't
via a dcpromo the FSMO's didn't get moved. If the original DC is not
back up, you'll need to seize those roles and do some metadata cleanup
too before you can call it done.

Regards,
Tim.Olsen

 

[Guest]

I do use dcpromo to "donwgrade" the old DC to a member server. And used
DCPROMO on the new DC. But I will try Pauls DNS notes.

Thanks