philmaceri
asked on
domain controllers not replicating computer/user accounts
I had an issue (still have an issue) with the global catalog in our domain. There is a template file that somehow got corrupted and caused the global catalog for our domain to not function. I worked with Microsoft for quite some time, and for now the temporary fix was to create another child domain on-site with a working global catalog.
Since Microsoft got their paws on my domain controllers things haven't been right. Now my two domain controllers aren't replicating computer and user accounts between themselves. Because of this weird things are happening that users are noticing. Does anyone know how can I resolve this or at least narrow down the problem?
Since Microsoft got their paws on my domain controllers things haven't been right. Now my two domain controllers aren't replicating computer and user accounts between themselves. Because of this weird things are happening that users are noticing. Does anyone know how can I resolve this or at least narrow down the problem?
"I worked with Microsoft for quite some time, and for now the temporary fix was to create another child domain on-site with a working global catalog." Can we assume that you didn't create a sub domain (child domain) rather you created an additional domain controller to the existing domain? I would think that this make more sence as this would provide a temp fix for GC in the domain. Also, this would make more sense regarding the user account and computer account replication (as computer accounts , user accounts don't replication between domains).
I still would agree with laura's thoughts here...
I still would agree with laura's thoughts here...
ASKER
We tried many things. We created another child domain different from our existing domain. We did try creating another domain controller in our domain, but whatever the problem was with our global catalog (and template file according to Microsoft) would always get replicated to the new domain controller we created and it wouldn't work as a global catalog. I am not concerned with the global catalog issue right now. We've exhausted all possibilities and ways to try to fix it. At this point the permanent fix is to migrate to the new child domain all our users, computers, etc.
But that migration might not happen for a while because we are so busy. The issue at hand that I am concerned with is the replication between our existing domain controllers. I will try running the following 3 commands this morning: netdiag /v, dcdiag /v, repadmin /replsum.
But that migration might not happen for a while because we are so busy. The issue at hand that I am concerned with is the replication between our existing domain controllers. I will try running the following 3 commands this morning: netdiag /v, dcdiag /v, repadmin /replsum.
Just to clarify...
In your configuration, the computer and user accounts will NOT replicate between domains.
For example, if you create a user account called BOB in domain A, the BOB account will not get replicated to domain B. This is by design.
However, if you have two domain controllers in the SAME domain, the user accounts and computers account should be replicated between.
In your configuration, the computer and user accounts will NOT replicate between domains.
For example, if you create a user account called BOB in domain A, the BOB account will not get replicated to domain B. This is by design.
However, if you have two domain controllers in the SAME domain, the user accounts and computers account should be replicated between.
ASKER
User accounts and computer accounts are not replicating within the same domain.
I was thinking of just demoting and repromoting one of the domain controllers.
I was thinking of just demoting and repromoting one of the domain controllers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Laura is correct here... DNS is probably the cause of your problems ...but you will have to run the tools to see this...
Also checking Event viewer would be good step to take as well.
It would help to give us the TCP/IP settings of your DC's...and the roles... For example, do you have the DNS service running on both DC's.
good luck...later
Also checking Event viewer would be good step to take as well.
It would help to give us the TCP/IP settings of your DC's...and the roles... For example, do you have the DNS service running on both DC's.
good luck...later
*shakes head*
Anyway. How many DCs do you currently have, and in how many domains?
To begin troubleshooting your replication issues, run the following tools on all of your DCs:
netdiag /v
dcdiag /v
repadmin /replsum
That said, 99% of AD replication errors stem back to DNS, so you will almost certainly find this to be the case here. The netdiag tool will help point out any errors in your DNS configuration, as will the dcdiag tool.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking