New tree in existing forest, rights lost to authorize DHCP etc.

Hi all,
This is a huge question.  I have a network down today due to this problem.  I have rebuilt a server and brought it up as a new tree in an existing forest.  The whole purpose was to be able to create the trusts between two networks in different geographic locations.  Although everything seemed to come up correctly with a trust established, after about an hour up, the DHCP service decided it was not authorized to distribute IP's.  When I try to "authorize" using the administrative account, I get an "access denied" error.  I notice that I get access denied to several different services.  I also get an error in the event log that says there is no domain controller for the location that I am trying to connect to.  Basically, I have lost permissions/rights on "this" domain, and I have no domain controller on "that" domain.  Any help would be greatly appreciated.  Help!!!!

Here is the exact error message on two of the problems that I am having:

1.  No Windows NT or Windows 2000 Domain Controller is available for domain DOMAINNAME. The following error occurred:
There are currently no logon servers available to service the logon request.  

2.  The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain domainname.internal, has determined that it is not authorized to start.  It has stopped servicing clients.  The following are some possible reasons for this:
      This machine is part of a directory service enterprise and is  not authorized in the same domain.  (See help on the DHCP Service  Management Tool for additional information).

      This machine cannot reach its directory service enterprise and  it has encountered an other DHCP service on the network belonging to  a directory service enterprise on which the local machine is not authorized.

      Some undexpected network error occurred.

NewbieAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mdiglioCommented:
Hello,
did you run dcpromo before you took this computer down ?

If not let us know.

Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q255504

HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q216498
NewbieAdminAuthor Commented:
I did not run DCPromo before I took this computer down.  I performed a fresh install and then ran dcpromo, to promote it.  There is a domain on either end of a VPN tunnel.  The tunnel works and that has been verified.  (Although, I know it won't work fully until the WINS replication takes place.)  The domain name on either end is different, so I am not bringing another DC onto an existing domain.  I am bringing up a DC on this domain and I want a trust relationship to exist between the two domains.  I'll check out the links that you provided.  Let me know if you need more information.  
mdiglioCommented:
If this was a domain controller before you took it down, then this could be the the reason for your error messages.

If you run this command from a command prompt..netdom query fsmo

should result in a domain controller for all 5 roles

Schema master
Domain naming master
RID master (should be the one you server you are on)
PDC (should be the one you server you are on)
Infrastructure master (should be the one you server you are on)
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

NewbieAdminAuthor Commented:
NETDOM is an unrecogized command.  Do I need to install some other utilities?
NewbieAdminAuthor Commented:
Sorry... found and downloaded the support tools.  Will post after I have run the netdom command.
NewbieAdminAuthor Commented:
I ran the netdom query and came up with the remote server as the schema and domain naming master, and the server that I am working on as the RID master, PDC, and Infrastructure master.  It looks like what you have listed there.  Any other suggestions?  
mdiglioCommented:
Hello,
Sorry about that ... looks like I went down the wrong alley.

Event ID 1046 Appears in the Application Event Log When Clients Try to Connect
http://support.microsoft.com/?id=221484

Please run dcdiag /v from the command line and netdiag /v and look for any tests that fail

Netdiag.exe: Network Connectivity Tester
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/netdiag-o.asp

DcDiag.exe: Domain Controller Diagnostic Tool
https://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp
NewbieAdminAuthor Commented:
Okay, here is what I did yesterday before I left.  I noticed that neither SERVER was in native mode (although I thought that I had set them both up that way).  Anyway, I did change both of them to native mode.  After I made that change I was able to authorize the server here at my location by terminal serving into the other server and authorizing the server here.  I don't know if that makes any sense or not since I am a little new at this.  But from some other things that I have read, it has to do with being an "Enterprise Administrator".  However, I have no idea how one is to obtain enterprise admin rights rather than just admin rights.  I did run the netdiag and dcdiag tests but did not get any errors, just some skipped tests.  I had also made a couple of changes to the sites and services by putting each server into a different site and associating it with a different subnet. I'm not sure what caused everything to work correctly, since the DHCP server on this end just started servicing clients at 7:30am this morning.  I had made these changes before 5:00pm yesterday.  Anyway, do you have any good links for how to set up sites and services, or anything on how to obtain enterprise admin privledges?  Any help would be appreciated.  Thanks.
mdiglioCommented:
Hello,
Enterprise admins is a built-in group.
I have never tried to add anyone to this group so I have no real experience with it.
My guess is the first domain admin in the enterprise has the right to add users to this group.
But you can give it a shot by opening AD users and computers >> right clicking the domain >> find >>
type enterp >>click search
this will show you the group >> double click it for the properties >> and see if you can add your user.

Step-by-Step Guide to Active Directory Sites and Services
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/AD/windows2000/howto/adsites.asp

I'm glad everything seems to be working!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.