cvinodhkumar
asked on
Designating forest root domain ADS
I have set a lab to get experience in Windows Server 2000 and 2003 server (Two servers wk2k and wk2k3) and (two workstations (XP). All lap systems are same IP subnet
I have installed a domain abc.net in 2K3 and xyz.net in 2K Server. Now I am having two domains in my lab forest. Please tell me, how to designate one of the domains as forest root domain. Is any special configuration is required for that?
Thanks
I have installed a domain abc.net in 2K3 and xyz.net in 2K Server. Now I am having two domains in my lab forest. Please tell me, how to designate one of the domains as forest root domain. Is any special configuration is required for that?
Thanks
I think there are two domain trees in the forest. A forest root is generally used to seperate the forest level admin tasks (schema/enterprise admin), in your case there is no forest root as the domains are in seperate trees and not under a single forest root domain.
That said, you will find that the administrator account which exists in the first domain is actually part of the schema admin/enterprise admin groups, where the second domains administrator account is not.
That said, you will find that the administrator account which exists in the first domain is actually part of the schema admin/enterprise admin groups, where the second domains administrator account is not.
The forest root domain in an Active Directory forest is the first domain installed in the forest. You cannot manually designate one domain or another as the forest root domain, or change a domain's designation as the forest root without completely flattening the forest.
ASKER
I have installed abc.net domain as first and xyz.net after as second seperate domain tree. And i had created a External trust between them.
As per the experts suggestion, the first one (abc.net) Dc is the Forest Root domain?
So no special config is required? The forest root main is only our the assemption..?
Please clear my understanding.
As per the experts suggestion, the first one (abc.net) Dc is the Forest Root domain?
So no special config is required? The forest root main is only our the assemption..?
Please clear my understanding.
If you joined xyz.net as a new tree to existing abc.net domain, then abc.net is forest root domain, no additional steps are required. In this case, forest is named abc.net.
Install "Support tools": http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tools_howto.mspx?mfr=true
Then run "replmon", add both domain controllers, go to Properties and check FSMO roles tab. If your domain are part of same forest you will see the following situation for domain abc.net: abc.net domain controllers holds all five roles. For domain xyz.net: abc.net domain controllers holds Schema master and Domain naming master role, xyz.net holds PDC emulator, Infrastructure master and RID master role.
Install "Support tools": http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tools_howto.mspx?mfr=true
Then run "replmon", add both domain controllers, go to Properties and check FSMO roles tab. If your domain are part of same forest you will see the following situation for domain abc.net: abc.net domain controllers holds all five roles. For domain xyz.net: abc.net domain controllers holds Schema master and Domain naming master role, xyz.net holds PDC emulator, Infrastructure master and RID master role.
> " have installed abc.net domain as first and xyz.net after as second seperate domain tree. And i had created a External trust between them. "
If these two trees exist in the same forest, no manually-created trust relationship is required. All domains within a single forest have automatically created two-way transitive trusts between them.
If these two trees exist in the same forest, no manually-created trust relationship is required. All domains within a single forest have automatically created two-way transitive trusts between them.
ASKER
Sorry for the dely for giving the feedback. I have taken reports of the DCs. Please gothrough and tell me Thanks.
1.======================== =========
Active Directory Replication Monitor
Printed on 12/28/2007 6:44:17 PM
This report was generated on data from the server: ACTIVE1
************************** ********** ********** ********** ********** *********
ACTIVE1 Data
************************** ********** ********** ********** ********** *********
This server currently has writable copies of the following directory partitions:
-------------------------- ---------- ---------- ---------- ---------- ---------
CN=Schema,CN=Configuration ,DC=xyz,DC =NET
CN=Configuration,DC=xyz,DC =NET
DC=xyz,DC=NET
Because this server is a Global Catalog (GC) server, it also has copies
of the following directory partitions:
-------------------------- ---------- ---------- ---------- ---------- ---------
Current NTDS Connection Objects
-------------------------- -----
Current Direct Replication Partner Status
-------------------------- ---------- -----
Directory Partition: CN=Schema,CN=Configuration ,DC=xyz,DC =NET
Directory Partition: CN=Configuration,DC=xyz,DC =NET
Directory Partition: DC=xyz,DC=NET
Current Transitive Replication Partner Status
-------------------------- ---------- ---------
Directory Partition: CN=Schema,CN=Configuration ,DC=xyz,DC =NET
Directory Partition: CN=Configuration,DC=xyz,DC =NET
Directory Partition: DC=xyz,DC=NET
Current Group Policy Object Status
-------------------------- --------
Default Domain Policy
Group Policy Object GUID: {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Group Policy Object Version in the DS: 65539
Group Policy Object Version in SYSVOL: 65539
Sofdeployment
Group Policy Object GUID: {6A1B7CF5-2C71-415E-A81A-6 757349A14A 0}
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
Default Domain Controllers Policy
Group Policy Object GUID: {6AC1786C-016F-11D2-945F-0 0C04fB984F 9}
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
juser
Group Policy Object GUID: {E8948256-3724-4A20-9744-9 38DDF52AEE A}
Group Policy Object Version in the DS: 524288
Group Policy Object Version in SYSVOL: 524288
The server ACTIVE1 knows about the following FSMO roles:
-------------------------- ---------- ---------- ---------- ---------- --------
Schema FSMO: Default-First-Site-Name\AC TIVE1
Domain Naming FSMO: Default-First-Site-Name\AC TIVE1
Infrastructure FSMO: Default-First-Site-Name\AC TIVE1
Primary Domain Controller FSMO: Default-First-Site-Name\AC TIVE1
RID Pool FSMO: Default-First-Site-Name\AC TIVE1
Performance Statistics at Time of Report
-------------------------- ---------- ----
Configuration (Registry)
NOTE: an empty value indicates that Windows 2000 will use the internal default
NOTE: all empty values may indicate insufficient permission to retrieve this information from the domain controller
------------------------
DSA
---
Days per Database Phantom Scan:
Initialize MAPI interface:
Enforce LIST_OBJECTS rights:
DSA Heuristics:
Max Threads (ExDS+NSP+DRA):
DSA Database file:
DSA Working Directory:
Critical Object Installation:
DS Drive Mappings:
DSA Previous Restore Count:
REPLICATION
-----------
Replicator notify pause after modify (secs):
Replicator notify pause between DSAs (secs):
Replicator intra site packet size (objects):
Replicator intra site packet size (bytes):
Replicator inter site packet size (objects):
Replicator inter site packet size (bytes):
Replicator maximum concurrent read threads:
Replicator operation backlog limit:
Replicator thread op priority threshold:
Replicator intra site RPC handle lifetime (secs):
Replicator inter site RPC handle lifetime (secs):
Replicator RPC handle expiry check interval (secs):
LDAP
----
Max objects in LDAP Search (Admin Limit):
Max concurrent LDAP connections allowed:
Max time allowed for an LDAP Search:
Max concurrent LDAP searches allowed:
Max concurrent threads per LDAP connection allowed:
Minimum idle seconds before potential \ timeout of LDAP connection (non-authenticated client):
Minimum idle seconds before potential \ timeout of LDAP connection (authenticated client):
Database
--------
Database backup path:
Database backup interval (hours):
Database log files path:
Database logging/recovery:
Hierarchy Table Recalculation interval (minutes):
Database restored from backup:
Pending object ownership conversions:
EDB max buffers:
EDB max log buffers:
EDB log buffer flush threshold:
EDB buffer flush start:
EDB buffer flush stop:
EDB max ver pages (increment over the minimum:
Circular Logging:
Server Functionality:
TCP/IP Port:
Restore from disk backup:
Performance Counter Version:
KCC
---
Repl topology update delay (secs):
Repl topology update period (secs):
KCC site generator fail-over (minutes):
KCC site generator renewal interval (minutes):
KCC site generator renewal interval (minutes):
CriticalLinkFailuresAllowe d:
MaxFailureTimeForCriticalL ink (sec):
NonCriticalLinkFailuresAll owed:
MaxFailureTimeForNonCritic alLink (sec):
IntersiteFailuresAllowed:
MaxFailureTimeForIntersite Link (sec):
KCC connection failures:
IntersiteFailuresAllowed:
IntersiteFailuresAllowed:
************************** ********** ********** ********** ********** *********
Enterprise Data
************************** ********** ********** ********** ********** *********
Globally Unique Identifiers (GUIDs) for each domain controller in the enterprise
NOTE: the absence of a GUID means that the server has been demoted.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Site Name: Default-First-Site-Name
-------------------------- ---------- ---
Site Options :
Site Topology Generator: CN=NTDS Settings,CN=ACTIVE1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =xyz,DC=NE T
Site Topology Renewal :
Site Topology Failover :
ACTIVE1
Server GUID (used for DNS) : 21454FC9-D34E-453D-AB09-95 B100D93181
Replication Database GUID (used to identify partner in replication): 21454FC9-D34E-453D-AB09-95 B100D93181
DSA Options : NTDSDSA_OPT_IS_GC
DSA Computer Path : CN=ACTIVE1,OU=Software,OU= Domain Controllers,DC=xyz,DC=NET
DSA Schema Location : CN=Schema,CN=Configuration ,DC=xyz,DC =NET
DSA Mail Address :
DSA DNS Host Name : active1.xyz.NET
DSA BridgeHead Transports :
Site Links and Site Link Bridges
-------------------------- ---------- ---------- -------
Site Links
----------
DEFAULTIPSITELINK
Link Type: : IP
Distinguished Name : CN=DEFAULTIPSITELINK,CN=IP ,CN=Inter- Site Transports,CN=Sites,CN=Con figuration ,DC=xyz,DC =NET
Replication Interval : 180
Cost : 100
Options :
Site List :
Default-First-Site-Name
Site Link Bridges
------------------
Active Directory Replication Monitor determined that no Site Link Bridges are present in the Directory.
Inter-Site Transports
---------------------
IP
Options :
DLL Name : ismip.dll
Address Type: dNSHostName
SMTP
Options : NTDSTRANSPORT_OPT_IGNORE_S CHEDULES
DLL Name : ismsmtp.dll
Address Type: mailAddress
Subnets
-------
Active Directory Replication Monitor determined that no Subnets are present in the Directory.
Active Directory Configuration Data
-------------------------- ---------
Stay of Execution for Servers: 0
SPN Mappings : host=alerter,appmgmt,cisvc ,clipsrv,b rowser,dhc p,dnscache ,replicato r,eventlog ,eventsyst em,policya gent,oakle y,dmserver ,dns,mcsvc ,fax,msise rver,ias,m essenger,n etlogon,ne tman,netdd e,netddeds m,nmagent, plugplay,p rotectedst orage,rasm an,rpcloca tor,rpc,rp css,remote access,rsv p,samss,sc ardsvr,sce srv,seclog on,scm,dco m,cifs,spo oler,snmp, schedule,t apisrv,trk svr,trkwks ,ups,time, wins,www,h ttp,w3svc, iisadmin
1========================= ========
2========================= ========
Active Directory Replication Monitor
Printed on 12/28/2007 6:44:03 PM
This report was generated on data from the server: ACTIVE
************************** ********** ********** ********** ********** *********
ACTIVE Data
************************** ********** ********** ********** ********** *********
This server currently has writable copies of the following directory partitions:
-------------------------- ---------- ---------- ---------- ---------- ---------
DC=abc,DC=net
CN=Configuration,DC=abc,DC =net
CN=Schema,CN=Configuration ,DC=abc,DC =net
DC=DomainDnsZones,DC=abc,D C=net
DC=ForestDnsZones,DC=abc,D C=net
Because this server is a Global Catalog (GC) server, it also has copies
of the following directory partitions:
-------------------------- ---------- ---------- ---------- ---------- ---------
Current NTDS Connection Objects
-------------------------- -----
Current Direct Replication Partner Status
-------------------------- ---------- -----
Directory Partition: DC=abc,DC=net
Directory Partition: CN=Configuration,DC=abc,DC =net
Directory Partition: CN=Schema,CN=Configuration ,DC=abc,DC =net
Directory Partition: DC=DomainDnsZones,DC=abc,D C=net
Directory Partition: DC=ForestDnsZones,DC=abc,D C=net
Current Transitive Replication Partner Status
-------------------------- ---------- ---------
Directory Partition: DC=abc,DC=net
Partner Name: Default-First-Site-Name\AC TIVE
Partner GUID: AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
USN: 41005
Directory Partition: CN=Configuration,DC=abc,DC =net
Partner Name: Default-First-Site-Name\AC TIVE
Partner GUID: AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
USN: 41005
Directory Partition: CN=Schema,CN=Configuration ,DC=abc,DC =net
Partner Name: Default-First-Site-Name\AC TIVE
Partner GUID: AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
USN: 41005
Directory Partition: DC=DomainDnsZones,DC=abc,D C=net
Partner Name: Default-First-Site-Name\AC TIVE
Partner GUID: AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
USN: 41005
Directory Partition: DC=ForestDnsZones,DC=abc,D C=net
Partner Name: Default-First-Site-Name\AC TIVE
Partner GUID: AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
USN: 41005
Current Group Policy Object Status
-------------------------- --------
Default Domain Policy
Group Policy Object GUID: {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Group Policy Object Version in the DS: 65539
Group Policy Object Version in SYSVOL: 65539
Default Domain Controllers Policy
Group Policy Object GUID: {6AC1786C-016F-11D2-945F-0 0C04fB984F 9}
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
Software Deployment
Group Policy Object GUID: {72118BBA-EFA7-4545-84AA-4 9A83E44C93 5}
Group Policy Object Version in the DS: 2
Group Policy Object Version in SYSVOL: 2
software
Group Policy Object GUID: {BEB26B6D-8B12-42C9-9B46-C D92739A4F7 8}
Group Policy Object Version in the DS: 393216
Group Policy Object Version in SYSVOL: 393216
The server ACTIVE knows about the following FSMO roles:
-------------------------- ---------- ---------- ---------- ---------- --------
Schema FSMO: Default-First-Site-Name\AC TIVE
Domain Naming FSMO: Default-First-Site-Name\AC TIVE
Infrastructure FSMO: Default-First-Site-Name\AC TIVE
Primary Domain Controller FSMO: Default-First-Site-Name\AC TIVE
RID Pool FSMO: Default-First-Site-Name\AC TIVE
Performance Statistics at Time of Report
-------------------------- ---------- ----
Configuration (Registry)
NOTE: an empty value indicates that Windows 2000 will use the internal default
NOTE: all empty values may indicate insufficient permission to retrieve this information from the domain controller
------------------------
DSA
---
Days per Database Phantom Scan:
Initialize MAPI interface:
Enforce LIST_OBJECTS rights:
DSA Heuristics:
Max Threads (ExDS+NSP+DRA):
DSA Database file: D:\WINDOWS\NTDS\ntds.dit
DSA Working Directory: D:\WINDOWS\NTDS
Critical Object Installation:
DS Drive Mappings:
DSA Previous Restore Count:
REPLICATION
-----------
Replicator notify pause after modify (secs):
Replicator notify pause between DSAs (secs):
Replicator intra site packet size (objects):
Replicator intra site packet size (bytes):
Replicator inter site packet size (objects):
Replicator inter site packet size (bytes):
Replicator maximum concurrent read threads:
Replicator operation backlog limit:
Replicator thread op priority threshold:
Replicator intra site RPC handle lifetime (secs):
Replicator inter site RPC handle lifetime (secs):
Replicator RPC handle expiry check interval (secs):
LDAP
----
Max objects in LDAP Search (Admin Limit):
Max concurrent LDAP connections allowed:
Max time allowed for an LDAP Search:
Max concurrent LDAP searches allowed:
Max concurrent threads per LDAP connection allowed:
Minimum idle seconds before potential \ timeout of LDAP connection (non-authenticated client):
Minimum idle seconds before potential \ timeout of LDAP connection (authenticated client):
Database
--------
Database backup path: D:\WINDOWS\NTDS\dsadata.ba k
Database backup interval (hours):
Database log files path: D:\WINDOWS\NTDS
Database logging/recovery: ON
Hierarchy Table Recalculation interval (minutes): 720
Database restored from backup:
Pending object ownership conversions:
EDB max buffers:
EDB max log buffers:
EDB log buffer flush threshold:
EDB buffer flush start:
EDB buffer flush stop:
EDB max ver pages (increment over the minimum:
Circular Logging:
Server Functionality:
TCP/IP Port:
Restore from disk backup:
Performance Counter Version: 17
KCC
---
Repl topology update delay (secs):
Repl topology update period (secs):
KCC site generator fail-over (minutes):
KCC site generator renewal interval (minutes):
KCC site generator renewal interval (minutes):
CriticalLinkFailuresAllowe d:
MaxFailureTimeForCriticalL ink (sec):
NonCriticalLinkFailuresAll owed:
MaxFailureTimeForNonCritic alLink (sec):
IntersiteFailuresAllowed:
MaxFailureTimeForIntersite Link (sec):
KCC connection failures:
IntersiteFailuresAllowed:
IntersiteFailuresAllowed:
************************** ********** ********** ********** ********** *********
Enterprise Data
************************** ********** ********** ********** ********** *********
Globally Unique Identifiers (GUIDs) for each domain controller in the enterprise
NOTE: the absence of a GUID means that the server has been demoted.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Site Name: Default-First-Site-Name
-------------------------- ---------- ---
Site Options :
Site Topology Generator: CN=NTDS Settings,CN=ACTIVE,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= abc,DC=net
Site Topology Renewal :
Site Topology Failover :
ACTIVE
Server GUID (used for DNS) : AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
Replication Database GUID (used to identify partner in replication): AB090EE9-0EE9-4085-94F1-4E F1BB28FEC4
DSA Options : NTDSDSA_OPT_IS_GC
DSA Computer Path : CN=ACTIVE,OU=Domain Controllers,DC=abc,DC=net
DSA Schema Location : CN=Schema,CN=Configuration ,DC=abc,DC =net
DSA Mail Address :
DSA DNS Host Name : active.abc.net
DSA BridgeHead Transports :
Site Links and Site Link Bridges
-------------------------- ---------- ---------- -------
Site Links
----------
DEFAULTIPSITELINK
Link Type: : IP
Distinguished Name : CN=DEFAULTIPSITELINK,CN=IP ,CN=Inter- Site Transports,CN=Sites,CN=Con figuration ,DC=abc,DC =net
Replication Interval : 180
Cost : 100
Options :
Site List :
Default-First-Site-Name
Site Link Bridges
------------------
Active Directory Replication Monitor determined that no Site Link Bridges are present in the Directory.
Inter-Site Transports
---------------------
IP
Options :
DLL Name : ismip.dll
Address Type: dNSHostName
SMTP
Options : NTDSTRANSPORT_OPT_IGNORE_S CHEDULES
DLL Name : ismsmtp.dll
Address Type: mailAddress
Subnets
-------
Active Directory Replication Monitor determined that no Subnets are present in the Directory.
Active Directory Configuration Data
-------------------------- ---------
Stay of Execution for Servers: 0
SPN Mappings : host=alerter,appmgmt,cisvc ,clipsrv,b rowser,dhc p,dnscache ,replicato r,eventlog ,eventsyst em,policya gent,oakle y,dmserver ,dns,mcsvc ,fax,msise rver,ias,m essenger,n etlogon,ne tman,netdd e,netddeds m,nmagent, plugplay,p rotectedst orage,rasm an,rpcloca tor,rpc,rp css,remote access,rsv p,samss,sc ardsvr,sce srv,seclog on,scm,dco m,cifs,spo oler,snmp, schedule,t apisrv,trk svr,trkwks ,ups,time, wins,www,h ttp,w3svc, iisadmin,m sdtc
2========================= ========
1.========================
Active Directory Replication Monitor
Printed on 12/28/2007 6:44:17 PM
This report was generated on data from the server: ACTIVE1
**************************
ACTIVE1 Data
**************************
This server currently has writable copies of the following directory partitions:
--------------------------
CN=Schema,CN=Configuration
CN=Configuration,DC=xyz,DC
DC=xyz,DC=NET
Because this server is a Global Catalog (GC) server, it also has copies
of the following directory partitions:
--------------------------
Current NTDS Connection Objects
--------------------------
Current Direct Replication Partner Status
--------------------------
Directory Partition: CN=Schema,CN=Configuration
Directory Partition: CN=Configuration,DC=xyz,DC
Directory Partition: DC=xyz,DC=NET
Current Transitive Replication Partner Status
--------------------------
Directory Partition: CN=Schema,CN=Configuration
Directory Partition: CN=Configuration,DC=xyz,DC
Directory Partition: DC=xyz,DC=NET
Current Group Policy Object Status
--------------------------
Default Domain Policy
Group Policy Object GUID: {31B2F340-016D-11D2-945F-0
Group Policy Object Version in the DS: 65539
Group Policy Object Version in SYSVOL: 65539
Sofdeployment
Group Policy Object GUID: {6A1B7CF5-2C71-415E-A81A-6
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
Default Domain Controllers Policy
Group Policy Object GUID: {6AC1786C-016F-11D2-945F-0
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
juser
Group Policy Object GUID: {E8948256-3724-4A20-9744-9
Group Policy Object Version in the DS: 524288
Group Policy Object Version in SYSVOL: 524288
The server ACTIVE1 knows about the following FSMO roles:
--------------------------
Schema FSMO: Default-First-Site-Name\AC
Domain Naming FSMO: Default-First-Site-Name\AC
Infrastructure FSMO: Default-First-Site-Name\AC
Primary Domain Controller FSMO: Default-First-Site-Name\AC
RID Pool FSMO: Default-First-Site-Name\AC
Performance Statistics at Time of Report
--------------------------
Configuration (Registry)
NOTE: an empty value indicates that Windows 2000 will use the internal default
NOTE: all empty values may indicate insufficient permission to retrieve this information from the domain controller
------------------------
DSA
---
Days per Database Phantom Scan:
Initialize MAPI interface:
Enforce LIST_OBJECTS rights:
DSA Heuristics:
Max Threads (ExDS+NSP+DRA):
DSA Database file:
DSA Working Directory:
Critical Object Installation:
DS Drive Mappings:
DSA Previous Restore Count:
REPLICATION
-----------
Replicator notify pause after modify (secs):
Replicator notify pause between DSAs (secs):
Replicator intra site packet size (objects):
Replicator intra site packet size (bytes):
Replicator inter site packet size (objects):
Replicator inter site packet size (bytes):
Replicator maximum concurrent read threads:
Replicator operation backlog limit:
Replicator thread op priority threshold:
Replicator intra site RPC handle lifetime (secs):
Replicator inter site RPC handle lifetime (secs):
Replicator RPC handle expiry check interval (secs):
LDAP
----
Max objects in LDAP Search (Admin Limit):
Max concurrent LDAP connections allowed:
Max time allowed for an LDAP Search:
Max concurrent LDAP searches allowed:
Max concurrent threads per LDAP connection allowed:
Minimum idle seconds before potential \ timeout of LDAP connection (non-authenticated client):
Minimum idle seconds before potential \ timeout of LDAP connection (authenticated client):
Database
--------
Database backup path:
Database backup interval (hours):
Database log files path:
Database logging/recovery:
Hierarchy Table Recalculation interval (minutes):
Database restored from backup:
Pending object ownership conversions:
EDB max buffers:
EDB max log buffers:
EDB log buffer flush threshold:
EDB buffer flush start:
EDB buffer flush stop:
EDB max ver pages (increment over the minimum:
Circular Logging:
Server Functionality:
TCP/IP Port:
Restore from disk backup:
Performance Counter Version:
KCC
---
Repl topology update delay (secs):
Repl topology update period (secs):
KCC site generator fail-over (minutes):
KCC site generator renewal interval (minutes):
KCC site generator renewal interval (minutes):
CriticalLinkFailuresAllowe
MaxFailureTimeForCriticalL
NonCriticalLinkFailuresAll
MaxFailureTimeForNonCritic
IntersiteFailuresAllowed:
MaxFailureTimeForIntersite
KCC connection failures:
IntersiteFailuresAllowed:
IntersiteFailuresAllowed:
**************************
Enterprise Data
**************************
Globally Unique Identifiers (GUIDs) for each domain controller in the enterprise
NOTE: the absence of a GUID means that the server has been demoted.
--------------------------
Site Name: Default-First-Site-Name
--------------------------
Site Options :
Site Topology Generator: CN=NTDS Settings,CN=ACTIVE1,CN=Ser
Site Topology Renewal :
Site Topology Failover :
ACTIVE1
Server GUID (used for DNS) : 21454FC9-D34E-453D-AB09-95
Replication Database GUID (used to identify partner in replication): 21454FC9-D34E-453D-AB09-95
DSA Options : NTDSDSA_OPT_IS_GC
DSA Computer Path : CN=ACTIVE1,OU=Software,OU=
DSA Schema Location : CN=Schema,CN=Configuration
DSA Mail Address :
DSA DNS Host Name : active1.xyz.NET
DSA BridgeHead Transports :
Site Links and Site Link Bridges
--------------------------
Site Links
----------
DEFAULTIPSITELINK
Link Type: : IP
Distinguished Name : CN=DEFAULTIPSITELINK,CN=IP
Replication Interval : 180
Cost : 100
Options :
Site List :
Default-First-Site-Name
Site Link Bridges
------------------
Active Directory Replication Monitor determined that no Site Link Bridges are present in the Directory.
Inter-Site Transports
---------------------
IP
Options :
DLL Name : ismip.dll
Address Type: dNSHostName
SMTP
Options : NTDSTRANSPORT_OPT_IGNORE_S
DLL Name : ismsmtp.dll
Address Type: mailAddress
Subnets
-------
Active Directory Replication Monitor determined that no Subnets are present in the Directory.
Active Directory Configuration Data
--------------------------
Stay of Execution for Servers: 0
SPN Mappings : host=alerter,appmgmt,cisvc
1=========================
2=========================
Active Directory Replication Monitor
Printed on 12/28/2007 6:44:03 PM
This report was generated on data from the server: ACTIVE
**************************
ACTIVE Data
**************************
This server currently has writable copies of the following directory partitions:
--------------------------
DC=abc,DC=net
CN=Configuration,DC=abc,DC
CN=Schema,CN=Configuration
DC=DomainDnsZones,DC=abc,D
DC=ForestDnsZones,DC=abc,D
Because this server is a Global Catalog (GC) server, it also has copies
of the following directory partitions:
--------------------------
Current NTDS Connection Objects
--------------------------
Current Direct Replication Partner Status
--------------------------
Directory Partition: DC=abc,DC=net
Directory Partition: CN=Configuration,DC=abc,DC
Directory Partition: CN=Schema,CN=Configuration
Directory Partition: DC=DomainDnsZones,DC=abc,D
Directory Partition: DC=ForestDnsZones,DC=abc,D
Current Transitive Replication Partner Status
--------------------------
Directory Partition: DC=abc,DC=net
Partner Name: Default-First-Site-Name\AC
Partner GUID: AB090EE9-0EE9-4085-94F1-4E
USN: 41005
Directory Partition: CN=Configuration,DC=abc,DC
Partner Name: Default-First-Site-Name\AC
Partner GUID: AB090EE9-0EE9-4085-94F1-4E
USN: 41005
Directory Partition: CN=Schema,CN=Configuration
Partner Name: Default-First-Site-Name\AC
Partner GUID: AB090EE9-0EE9-4085-94F1-4E
USN: 41005
Directory Partition: DC=DomainDnsZones,DC=abc,D
Partner Name: Default-First-Site-Name\AC
Partner GUID: AB090EE9-0EE9-4085-94F1-4E
USN: 41005
Directory Partition: DC=ForestDnsZones,DC=abc,D
Partner Name: Default-First-Site-Name\AC
Partner GUID: AB090EE9-0EE9-4085-94F1-4E
USN: 41005
Current Group Policy Object Status
--------------------------
Default Domain Policy
Group Policy Object GUID: {31B2F340-016D-11D2-945F-0
Group Policy Object Version in the DS: 65539
Group Policy Object Version in SYSVOL: 65539
Default Domain Controllers Policy
Group Policy Object GUID: {6AC1786C-016F-11D2-945F-0
Group Policy Object Version in the DS: 1
Group Policy Object Version in SYSVOL: 1
Software Deployment
Group Policy Object GUID: {72118BBA-EFA7-4545-84AA-4
Group Policy Object Version in the DS: 2
Group Policy Object Version in SYSVOL: 2
software
Group Policy Object GUID: {BEB26B6D-8B12-42C9-9B46-C
Group Policy Object Version in the DS: 393216
Group Policy Object Version in SYSVOL: 393216
The server ACTIVE knows about the following FSMO roles:
--------------------------
Schema FSMO: Default-First-Site-Name\AC
Domain Naming FSMO: Default-First-Site-Name\AC
Infrastructure FSMO: Default-First-Site-Name\AC
Primary Domain Controller FSMO: Default-First-Site-Name\AC
RID Pool FSMO: Default-First-Site-Name\AC
Performance Statistics at Time of Report
--------------------------
Configuration (Registry)
NOTE: an empty value indicates that Windows 2000 will use the internal default
NOTE: all empty values may indicate insufficient permission to retrieve this information from the domain controller
------------------------
DSA
---
Days per Database Phantom Scan:
Initialize MAPI interface:
Enforce LIST_OBJECTS rights:
DSA Heuristics:
Max Threads (ExDS+NSP+DRA):
DSA Database file: D:\WINDOWS\NTDS\ntds.dit
DSA Working Directory: D:\WINDOWS\NTDS
Critical Object Installation:
DS Drive Mappings:
DSA Previous Restore Count:
REPLICATION
-----------
Replicator notify pause after modify (secs):
Replicator notify pause between DSAs (secs):
Replicator intra site packet size (objects):
Replicator intra site packet size (bytes):
Replicator inter site packet size (objects):
Replicator inter site packet size (bytes):
Replicator maximum concurrent read threads:
Replicator operation backlog limit:
Replicator thread op priority threshold:
Replicator intra site RPC handle lifetime (secs):
Replicator inter site RPC handle lifetime (secs):
Replicator RPC handle expiry check interval (secs):
LDAP
----
Max objects in LDAP Search (Admin Limit):
Max concurrent LDAP connections allowed:
Max time allowed for an LDAP Search:
Max concurrent LDAP searches allowed:
Max concurrent threads per LDAP connection allowed:
Minimum idle seconds before potential \ timeout of LDAP connection (non-authenticated client):
Minimum idle seconds before potential \ timeout of LDAP connection (authenticated client):
Database
--------
Database backup path: D:\WINDOWS\NTDS\dsadata.ba
Database backup interval (hours):
Database log files path: D:\WINDOWS\NTDS
Database logging/recovery: ON
Hierarchy Table Recalculation interval (minutes): 720
Database restored from backup:
Pending object ownership conversions:
EDB max buffers:
EDB max log buffers:
EDB log buffer flush threshold:
EDB buffer flush start:
EDB buffer flush stop:
EDB max ver pages (increment over the minimum:
Circular Logging:
Server Functionality:
TCP/IP Port:
Restore from disk backup:
Performance Counter Version: 17
KCC
---
Repl topology update delay (secs):
Repl topology update period (secs):
KCC site generator fail-over (minutes):
KCC site generator renewal interval (minutes):
KCC site generator renewal interval (minutes):
CriticalLinkFailuresAllowe
MaxFailureTimeForCriticalL
NonCriticalLinkFailuresAll
MaxFailureTimeForNonCritic
IntersiteFailuresAllowed:
MaxFailureTimeForIntersite
KCC connection failures:
IntersiteFailuresAllowed:
IntersiteFailuresAllowed:
**************************
Enterprise Data
**************************
Globally Unique Identifiers (GUIDs) for each domain controller in the enterprise
NOTE: the absence of a GUID means that the server has been demoted.
--------------------------
Site Name: Default-First-Site-Name
--------------------------
Site Options :
Site Topology Generator: CN=NTDS Settings,CN=ACTIVE,CN=Serv
Site Topology Renewal :
Site Topology Failover :
ACTIVE
Server GUID (used for DNS) : AB090EE9-0EE9-4085-94F1-4E
Replication Database GUID (used to identify partner in replication): AB090EE9-0EE9-4085-94F1-4E
DSA Options : NTDSDSA_OPT_IS_GC
DSA Computer Path : CN=ACTIVE,OU=Domain Controllers,DC=abc,DC=net
DSA Schema Location : CN=Schema,CN=Configuration
DSA Mail Address :
DSA DNS Host Name : active.abc.net
DSA BridgeHead Transports :
Site Links and Site Link Bridges
--------------------------
Site Links
----------
DEFAULTIPSITELINK
Link Type: : IP
Distinguished Name : CN=DEFAULTIPSITELINK,CN=IP
Replication Interval : 180
Cost : 100
Options :
Site List :
Default-First-Site-Name
Site Link Bridges
------------------
Active Directory Replication Monitor determined that no Site Link Bridges are present in the Directory.
Inter-Site Transports
---------------------
IP
Options :
DLL Name : ismip.dll
Address Type: dNSHostName
SMTP
Options : NTDSTRANSPORT_OPT_IGNORE_S
DLL Name : ismsmtp.dll
Address Type: mailAddress
Subnets
-------
Active Directory Replication Monitor determined that no Subnets are present in the Directory.
Active Directory Configuration Data
--------------------------
Stay of Execution for Servers: 0
SPN Mappings : host=alerter,appmgmt,cisvc
2=========================
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
From the feedback i understood,
The DC which knows FIVE FSMO Roles is Forest Root DC, and other domain trees DCs will know rest of three FSMO roles as you mentioned.
Now i realised when i install the second DC, I might not installed domain in existing forest. option.
Hope my understandig is Clear.
The DC which knows FIVE FSMO Roles is Forest Root DC, and other domain trees DCs will know rest of three FSMO roles as you mentioned.
Now i realised when i install the second DC, I might not installed domain in existing forest. option.
Hope my understandig is Clear.
Usualy first DC is called exactly that: First Domain Conotroller, it holds all five FSMO roles and it is also automatically configured as Global catalog.
You did not install second DC as a new tree in existing forest, you have installed it as a DC for a new forest. Now you have two forests instead of one. Because this is lab environment you can easily remove AD from second server and install it again, this time as a part of existing forest.
You did not install second DC as a new tree in existing forest, you have installed it as a DC for a new forest. Now you have two forests instead of one. Because this is lab environment you can easily remove AD from second server and install it again, this time as a part of existing forest.
From I understand, you have two domain in two separate forests. Their are both forest root domains. Or did you actually add second domain as new tree in existing forest? In this case domain which was installed first is forest root domain. Go to Administrative tools, Active directory sites and services, do you see one or two domains? Right click, go to Properties of selected domain and then click Trusts tab, do you see any trust relationship? If yes, what kind of trusts do you have?
HTH
Toni