We have two domains in the same forest. The forest root was installed with Windows 2000 R2, and the second domain was created as a second domain tree in the same forest, and was upgraded from a Windows NT domain. After upgrading the NT domain controller to Windows 2003, I installed an additional domain controller in this domain and made it a Global Catalog. I then transferred the 3 domain FSMO roles from the former NT domain controller to the new domain controller. Finally, I ran dcpromo again on the former NT domain controller to remove Active Directory from it.
I attempted to authorize a DHCP server in this domain, but it never recognized that it was authorized. I verified in adsiedit on a forest root domain controller that the DHCP server was authorized. While in adsiedit on the forest root, I unauthorized the DHCP server and saw the entry disappear - and then reappear when I authorized the server again. I suspected a replication problem. In Active Directory Sites and Service on the secondary domain, the domain controllers for the forest root domain show up as replication partners. In Sites and Services on the forest root domain, only the forest root domain controllers and the old domain controller that I demoted showed up. I removed the old server, but I'm left trying to figure out how to tell the forest root what server it should replicate with. The domain controller for the secondary domain also does not show up in the ForestDnsZones application partition in DNS. Running NTDSUtil from the forest root domain controller and looking at the objects in the secondary domain, tells me that the forest root domain controller does not know of any domain controllers existing in the secondary domain, although it does show the secondary domain as existing.
I would suspect I would use NTDSUtil to create objects for the domain controller for the secondary domain on the forest root domain controller, but I'm not sure how to do that. Please help if you can.
Start Free Trial
