Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Adding a 2003 DC into a 2000 Domain

Posted on 2007-12-03
9
Medium Priority
?
227 Views
Last Modified: 2013-12-05
About a month ago I added a 2003 member server to my domain.  The domain already had 2 other 2003 member servers.  One of which is running exchange 2003.   I ran the forestprep and domainprep before installing Exchange 2003.  The member server is DC1.  After a week of no problems with this server in the domain I promoted it to a DC.  It is also running DHCP and DNS.  I transfered all the FSMO roles over to it from one of 2 2000 DC's.  The roles were split between the 2 2000 DC's.  I set it up as the Authoritive time server as well.  The 2000 DC called ADMIN was the DHCP server.  I stopped DHCP on it.  Most of the machines in the network switched over without a problem.  A few reported duplicate IP's on the network but a reboot corrected this.  I also found some "Bad Address" listings in the DHCP table.  I removed these as well.  All three DC's were Global Catalog servers as well.  After 2 weeks without any other problems.  I decided to turn off ADMIN to see if any problems would arise.  I am not sure if this was a good or bad idea, but it seemed a good way to test the 2003 DC.  2 of my 2003 member servers had errors in the event log stating they could not find a DC to authenticate with so no group policy would be loaded.  I rebooted them and they took at least ten minutes to get past the applying group policy window, right before the CTRL+ALT+DEL window pops up.   I turned ADMIN back on because I was unsure if this had any relation to that DC being off.  All the errors in the event logs of the 2 2003 servers went away.  ADMIN was the first DC in this domain.  I am not sure if more needs to be done besides transfering the FSMO roles and the global catalog.  Another strange thing I noticed was when i try to change a logon script in the Netlogon folder of DC1, The change would not replicate to the other 2 DC's.  Today I was investigating this and I noticed that from DC1 I can view the NETLOGON folder on ADMIN and the other DC, BACKUP, but i cannot even edit the scripts.  If I right click on a script and click edit, I get an error stating a permissions error.  There are no errors in the Replication log and other things seem to be replicating perfect.  User account creation, I unchecked ADMIN as a Catalog server and that replicated the change on the other 2 DC's.  I'm not sure whats going on though.  Not sure if I missed a step.  Any suggestions are greatly appreciated and I can elaborate further on anything I've posted here so far.  I apologize in advance for the how scattered this post is as my thoughts were trying to document each thing i've noticed.  Thanks again,
0
Comment
Question by:RHNOC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:weareit
ID: 20399882
What are the current DNS settings on each of the servers?

-saige-
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20400446
Changing the role of the server hosting Exchange is unsupported.  You promoted your Exchange server to a DC after Exchange was installed.  This normally causes Exchange to break, however there are other things that may happen.
http://support.microsoft.com/kb/822179
0
 

Author Comment

by:RHNOC
ID: 20412737
Netman66 - I did not promote my exchange server to a DC.  I added and then promoted a new 2003 member server.  Exchange is running on EXCH.  The 2003 box i promoted to DC is DC1.  

Weareit - Are you refering to the DNS settings in TCP/IP properties, or the settings for DNS itself?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:weareit
ID: 20413154
Both...  The more information the better...

-saige-
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20413329
Sorry about that - I thought I read you promoted it after Exchange - my bad.

Let's see what other info you provide.

0
 

Author Comment

by:RHNOC
ID: 20414506
DNS is configured to Active Directory Integrated and the DNS service is running on all 3 DC's.  Here are the 3 DC's current DNS settings:

1) DC1 - Windows 2003 Server
DNS 1 - DC1
DNS 2 - BACKUP

2)  BACKUP - Windows 2000 Server
DNS 1 - DC1
DNS 2 - BACKUP

3) ADMIN - Windows 2000 Server
DNS 1 - DC1
DNS 2 - BACKUP

Let me know what other DNS info you want and i can get it.
0
 

Author Comment

by:RHNOC
ID: 20429287
I have ran DCDIAG and NETDIAG on the new DC and there were no problems.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1000 total points
ID: 20429349
I've just reread this and something hit me.

On the 2003 server, in DNS console, list out the top-level zones in the Forward Lookup Zone.

My bet is there are some SRV (_msdcs) records missing.

0
 

Author Comment

by:RHNOC
ID: 20429748
I may not understand what your asking.  In DNS under the 2003 server -> Forward Lookup Zones -> Domain.com -> _msdcs folder.  The record in there match the other two DNS servers (ADMIN and BACKUP).  The files listed are the three DNS servers (Alias) records and 4 folders (PDC, GC, DOMAINS, DC).  DNS is not one of my strong points so if i am not getting you the correct info, i apologize.  If you could be more specific, i can try to retrieve any info you want.  Thanks

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question