• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

OU created in site1doesn't show in ADUC in site2

one windows 2003 domain spanning 2 sites: HQ & Branch
DC at site Branch show in ADUC of HQ
I've added 10 PCs to the domain in site Branch and they do not show in ADUC of HQ
at the site Branch DC I've created an OU for those PCs. it doesn't show in ADUC of HQ
BUT (and this is where I really can't get it) WSUS which run at HQ show all those 10 PCs andI can also tell they did get the GPOs from the default domain policy
what am I missing?
0
chuku
Asked:
chuku
  • 4
  • 3
  • 3
  • +1
3 Solutions
 
bluntTonyCommented:
What is the replication interval on your site link?

The default is 180 minutes (3 hrs!) so you can reduce this so changes replicate quicker. Check the properties of the site link in AD Sites and Services. It may be that it just hasn't replicated yet.

The clients will still have recieved group policy and will have contacted the WSUS even though the replication between the two sites hasn't happened yet.

If replication should have happened now, check for replication errors in event logs and run DCDIAG tests on the DCs. Let us know of any errors.

Tony
0
 
chukuAuthor Commented:
it has been more then 24 hours
there are no errors in the event log and dcdiag is clean, everything show PASS
0
 
snusgubbenCommented:
What does "repadmin /showreps" show?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
bluntTonyCommented:
Do you actually have connection objects under 'NTDS Settings' for each DC in AD Sites and Services?

Have you at any point in time used disk imaging to restore a DC, if so what SP level are both servers?
0
 
chukuAuthor Commented:
@snusgubben
repadmin /showreps -> everything successful but I do not see the DC at the branch shoing anywhere on the output

@bluntTony
NTDS settings are set correctly, each DC has connections to all other DCs in both sites
never used an image
0
 
Venugopal NCommented:
Try to do force replication between the DC.If it happens then there should be problem in the interval time.
0
 
snusgubbenCommented:
You could run "dcdiag /v /e /c /f:dcdiag.txt" to diagnose all domain controllers. See if you spot something, or post the log.

Open adsiedit.msc. Check if you see the missing OU and users there.

(Domain - DC=dom.name, DC=xxx)
0
 
bluntTonyCommented:
What is the interval on the sitelink object linking the two sites? Is it all set up correctly?

It seems strange that there are no errors if replication should have occurred. The only other situation I can think of where replication stops without errors is a USN rollback on pre-SP1 servers. Ater SP1 an event 2095 is genereted and netlogon is paused on the offending DC. Before SP1 everythin carries on as usual without errors but replication doesn't occur.

What SP level are you? These aren't VMs are they?

Like snusgubben says, could you post the results of DCDIAGs from both DCs for us to look at?

Tony
0
 
chukuAuthor Commented:
I found warning 13508 NtFrs on the Branch DC event log
I started troubleshooting using this KB
in AD Sites & Services I did "replicate now" on both ends. at the Branch DC it said that one or more DCs are in a different site... at the HQ DC it prompted with Domain Name Service error that said it cannot find the branch DC
BUT
after doing the RPC test opening event viewer to the remote DC on both ends the problem appear to be fixed as I can now see all the details of the new OU & PCs at the HQ DC.

I ran dcdiag again and it is all PASS so I see no point to upload it at this point.

though the problem is solved I am worried because I'm not sure what caused it and obviously it can happen again. are there any steps I should do (other then keep checking the logs) to prevent or at least find it on time?

0
 
snusgubbenCommented:
It could have been a outdated machine account pw on one of the DC's or a secure channel issues.

Here is the troubleshooting steps for 13508 without a following 13509 event.
http://technet.microsoft.com/en-us/library/bb727056.aspx#EMAA
0
 
chukuAuthor Commented:
I've tried all options suggested in the comments, didn't find any one specific item that fixed the problem but at teh end of the day the data did sync and the problem is resolved.
thanks to all the experts!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now