Force child domain to replicate with Parent

I've no idea what you're missing since you didn't give an error message ... that always helps :0)

It's almost always related to DNS, so in the absence of any detail, I'd receommend you start there.

PS - this use of terminology doesn't apply, could you explain what you mean -

>> The only DC in the domain tombstoned

Well I'm not getting an error message. I have a parent domain with 2 child domains. One of the child domains started acting up before I started here at this job. My first task is to resolve this issue. I logged into the parent domain DC and say there had been no replication since june. As that is over 60 day's I'm assuming the child domains only DC had hit it's tombstone limit. I built a new DC in that child domain and moved everything (GC, and all fsmo roles) to it. I then domoted the first DC in that child domain. Now the new DC shows it is replicating fine, but the Parent DC does not list the new DC in sites and services or under the replication monitor. (the new DC in the child domain shows the parent DC in it's sites and servicea dn seem to replicate fine with it.) So How do I get the Parent to talk to the child...

If you run DSSITE.MSC and try to force replication between the parent and child, you should receive an interactive error.

In addition, it's likely you'll need this reg tweak -

http://technet2.microsoft.com/windowsserver/en/library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx?mfr=true

... 100% relevant stuff starts at the section titled "Restart Replication Following Event ID 2042"

NOTE - you may want to read up on lingering objects -

http://technet2.microsoft.com/windowsserver/en/library/4a1f420d-25d6-417c-9d8b-6e22f472ef3c1033.mspx?mfr=true

... before you proceed since it's an almost certainty that you'll introduce some.

PS - what OS are your DCs running and how old is this AD?

They are all server 2003...but it's 2000 AD. I just noticed the child domain is running 2000 mixed and the parent is 2000 native. Would that cause an issue?

I'm not sure how old the AD is...

When I run dssite.msc it works fine on the chils but on the parent I don't even show the child domains DC to try to force the replication....

Wow ... that's not good.  This appears to be quite a serious issue.  I'm not going to have time today to walk through the process of determining the cause and a subsequent fix so I'll have to bail out for now.  I hope someone else picks it up for you.  I'll try and take a look again tomorrow ...

So it really looks like my parent domain just does nto see the child in Sites and services. It sees it in DNS, and AD users and computes. I can ping it, connect to it, even verify the trust, I just can't get it to replicate down to it.

Hmmm ... what is it you're expecting to replicate?  Parent and child domains share only the config, schema and some application partitions used by DNS (by default).  They don't share domain content (GCs acknowledged).  Logon at a root-domain DC as an admin and run these 2 commands at a command prompt -

repadmin /syncall /e /P
repadmin /syncall /e

... paste the outback here.  If you receive an error, install the Support Tools from the original CD or download them from Microsoft.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.MyDomain>repadmin /syncall /e /P
CALLBACK MESSAGE: The following replication is in progress:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 7a47d9b6-3283-41a1-90b3-3e5209970b19._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 7a47d9b6-3283-41a1-90b3-3e5209970b19._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 3c1e2513-bb92-40d3-b624-9d9aeb52553b._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 3c1e2513-bb92-40d3-b624-9d9aeb52553b._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 8fdfaa55-ec11-4ce9-914a-0e9d41609432._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 02ebc903-dd3e-4608-897f-3baa99b01f6d._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 8fdfaa55-ec11-4ce9-914a-0e9d41609432._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
    To  : 02ebc903-dd3e-4608-897f-3baa99b01f6d._msdcs.MyDomain.com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.


C:\Documents and Settings\Administrator.MyDomain>repadmin /syncall /e
CALLBACK MESSAGE: The following replication is in progress:
    From: 7a47d9b6-3283-41a1-90b3-3e5209970b19._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 7a47d9b6-3283-41a1-90b3-3e5209970b19._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 3c1e2513-bb92-40d3-b624-9d9aeb52553b._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 3c1e2513-bb92-40d3-b624-9d9aeb52553b._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 8fdfaa55-ec11-4ce9-914a-0e9d41609432._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 8fdfaa55-ec11-4ce9-914a-0e9d41609432._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication is in progress:
    From: 02ebc903-dd3e-4608-897f-3baa99b01f6d._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: The following replication completed successfully:
    From: 02ebc903-dd3e-4608-897f-3baa99b01f6d._msdcs.MyDomain.com
    To  : 0d7584b0-074c-455a-8f2d-5e609e1238bb._msdcs.MyDomain.com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

That all looks fine to me.  I've placed a copy of a DC dumping script on the following FTP server.  Download it and run it from a command prompt followed by the FQDN of the forest root domain -

ftp://falcon.msetechnology.com/scripts/DCdump.cmd.txt

... e.g -

C:\> dcdump /?

DCdump 1.0 / Dean Wells (dwells@somwehere.com) - May 2006

SYNTAX - dcdump <Forest Root FQDN> [optional search string]

 Displays the FQDN, site and IP address of each Domain Controller
 within the Forest supplied in argument one
  - requires sufficient security context
  - argument two serves as a name-filter for site names and DC FQDNs

C:\> dcdump mset.lab

DCdump 1.0 / Dean Wells (dwells@somewhereelse.com) - May 2006

STATUS - Querying "DC=mset,DC=lab"

  - Running on CUBELET
  - Obtaining list of Domain Controllers

    [Default-First-Site-Name]
     + CUBELET.mset.lab
      = 10.254.254.1
     + enterprise.mset.lab
      = 10.254.254.2
     + SPHERE.child.mset.lab
      = 10.254.254.3

  - 3 Domain Controller[s] found in 1 site[s].

STATUS - process complete.

It lists out my servers for my parent and one child but not the other. When I run it for my chiild domain japan.mydomain.com I get

error - ldap failed enumerating list of domain controllers

now maybe it's my ignorance but when I run it for china.mydomain.com it runs but shows no DC's. Should that be? This is the first time I've dealt with child domains so I'm not quite up to speed here.

Are you positive this is a child domain and not 2 discreet forests?

Sweet!!! That almost did it! I've got hem listed now, but It only set up one way replication child to parent not the other way. Well let me jump back when I try to force replicate from the child dc to the parent I get the child rpc server is unavailable....

When I try from the Parent down (under the child DC NTDS settings as it still does not show the child under the parent NTDS settings) I get access is denied.

Please, please be careful here ... blindly adding replica links may resolve what you perceive as your primary problem at the expense of a potentially more severe resulting condition -- lingering objects can cause many ill-effects.  I'll keep my fingers crossed .......

Did you follow the steps in the link, and also do a repadmin /sync?  Try that, if you haven't.  It resolved my problems (and this was also PSS's recommendation, when I contacted them in my case, not just a jury-rig).  Allow time for replication to occur, and then see what happens.

Ok I left tis over night and I'm now bacl to where I was. The child DC keeps getting event_id 1925,1926 errors saying it can't reach any other server due to rpc server being down, and the parent DC can't reach the child for the same reason. I've doing the net logon stop and starts and DNS "looks" ok, and I can ping from machine to machine, but I'm still having issues.

The only thing I see jumping out is in my parent domins DNS in the _msdcs folder there are a bunch of cnames listed in the root folder, then there are the sub folders (dc,domains,gc,pdc)

in the child domain I only have the sub folders dc,pdc in the _msdcs folder. Could this be my issue?

Turns out it was mainly a networking issue. The MTU settings were causeing an issue. Microsoft told me to switch it to use tcp to sync ad not udp. It seems to be working now.