?
Solved

Adding a 2003 DC into a 2000 Domain

Posted on 2007-12-03
9
Medium Priority
?
226 Views
Last Modified: 2013-12-05
About a month ago I added a 2003 member server to my domain.  The domain already had 2 other 2003 member servers.  One of which is running exchange 2003.   I ran the forestprep and domainprep before installing Exchange 2003.  The member server is DC1.  After a week of no problems with this server in the domain I promoted it to a DC.  It is also running DHCP and DNS.  I transfered all the FSMO roles over to it from one of 2 2000 DC's.  The roles were split between the 2 2000 DC's.  I set it up as the Authoritive time server as well.  The 2000 DC called ADMIN was the DHCP server.  I stopped DHCP on it.  Most of the machines in the network switched over without a problem.  A few reported duplicate IP's on the network but a reboot corrected this.  I also found some "Bad Address" listings in the DHCP table.  I removed these as well.  All three DC's were Global Catalog servers as well.  After 2 weeks without any other problems.  I decided to turn off ADMIN to see if any problems would arise.  I am not sure if this was a good or bad idea, but it seemed a good way to test the 2003 DC.  2 of my 2003 member servers had errors in the event log stating they could not find a DC to authenticate with so no group policy would be loaded.  I rebooted them and they took at least ten minutes to get past the applying group policy window, right before the CTRL+ALT+DEL window pops up.   I turned ADMIN back on because I was unsure if this had any relation to that DC being off.  All the errors in the event logs of the 2 2003 servers went away.  ADMIN was the first DC in this domain.  I am not sure if more needs to be done besides transfering the FSMO roles and the global catalog.  Another strange thing I noticed was when i try to change a logon script in the Netlogon folder of DC1, The change would not replicate to the other 2 DC's.  Today I was investigating this and I noticed that from DC1 I can view the NETLOGON folder on ADMIN and the other DC, BACKUP, but i cannot even edit the scripts.  If I right click on a script and click edit, I get an error stating a permissions error.  There are no errors in the Replication log and other things seem to be replicating perfect.  User account creation, I unchecked ADMIN as a Catalog server and that replicated the change on the other 2 DC's.  I'm not sure whats going on though.  Not sure if I missed a step.  Any suggestions are greatly appreciated and I can elaborate further on anything I've posted here so far.  I apologize in advance for the how scattered this post is as my thoughts were trying to document each thing i've noticed.  Thanks again,
0
Comment
Question by:RHNOC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:weareit
ID: 20399882
What are the current DNS settings on each of the servers?

-saige-
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20400446
Changing the role of the server hosting Exchange is unsupported.  You promoted your Exchange server to a DC after Exchange was installed.  This normally causes Exchange to break, however there are other things that may happen.
http://support.microsoft.com/kb/822179
0
 

Author Comment

by:RHNOC
ID: 20412737
Netman66 - I did not promote my exchange server to a DC.  I added and then promoted a new 2003 member server.  Exchange is running on EXCH.  The 2003 box i promoted to DC is DC1.  

Weareit - Are you refering to the DNS settings in TCP/IP properties, or the settings for DNS itself?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 12

Expert Comment

by:weareit
ID: 20413154
Both...  The more information the better...

-saige-
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20413329
Sorry about that - I thought I read you promoted it after Exchange - my bad.

Let's see what other info you provide.

0
 

Author Comment

by:RHNOC
ID: 20414506
DNS is configured to Active Directory Integrated and the DNS service is running on all 3 DC's.  Here are the 3 DC's current DNS settings:

1) DC1 - Windows 2003 Server
DNS 1 - DC1
DNS 2 - BACKUP

2)  BACKUP - Windows 2000 Server
DNS 1 - DC1
DNS 2 - BACKUP

3) ADMIN - Windows 2000 Server
DNS 1 - DC1
DNS 2 - BACKUP

Let me know what other DNS info you want and i can get it.
0
 

Author Comment

by:RHNOC
ID: 20429287
I have ran DCDIAG and NETDIAG on the new DC and there were no problems.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1000 total points
ID: 20429349
I've just reread this and something hit me.

On the 2003 server, in DNS console, list out the top-level zones in the Forward Lookup Zone.

My bet is there are some SRV (_msdcs) records missing.

0
 

Author Comment

by:RHNOC
ID: 20429748
I may not understand what your asking.  In DNS under the 2003 server -> Forward Lookup Zones -> Domain.com -> _msdcs folder.  The record in there match the other two DNS servers (ADMIN and BACKUP).  The files listed are the three DNS servers (Alias) records and 4 folders (PDC, GC, DOMAINS, DC).  DNS is not one of my strong points so if i am not getting you the correct info, i apologize.  If you could be more specific, i can try to retrieve any info you want.  Thanks

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question