Test comunications between parent domain and child domain

Hi experts,

I just add a new child domain to my parente domain.

I wold like to know what tests can I do (replications, fsmo, dcdiag, dns...) to test if the child domain was added successfully to the parent domain.

Best regards
LVL 9
abolinhasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

snusgubbenCommented:
The event log will tell you if anything is wrong...

From the Child, run: "netdom query fsmo"

The forest wide role (DNM and SM) should be reported to be in a parent DC.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abolinhasAuthor Commented:
Hi snusgubben,

Thanks for your quick reply.

Check the output.
C:\Users\Administrator>netdom query fsmo
Schema master               DC01.florasul.lan
Domain naming master        DC01.florasul.lan
PDC                         chld01.evora01.florasul.lan
RID pool manager            chld01.evora01.florasul.lan
Infrastructure master       chld01.evora01.florasul.lan
The command completed successfully.

There  is some more testing I can do ?
0
snusgubbenCommented:
There are tons of test you can do, but adding a child is not a risky business. The transitive parent-child trust is created automatically.

From a child DC you could run:

repadmin /replsum
dcdiag /v /c

The PDC in the child will sync its time with a parent DC (PDC), and regarding DNS you could forward none local queries to your parent DNS or just leave it as it is (root hints).
0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

abolinhasAuthor Commented:
C:\Users\Administrator>repadmin /replsum
Replication Summary Start Time: 2010-04-11 20:52:12

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 CHLD01                    06m:33s    0 /   4    0
 DC01                      53m:38s    0 /   3    0


Destination DSA     largest delta    fails/total %%   error
 CHLD01                    53m:39s    0 /   3    0
 DC01                      06m:33s    0 /   4    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - abc2627d-9138-4803-81fa-ec3cb464a260._msdcs.florasul.lanC:\Users\Administrator>repadmin /replsum
Replication Summary Start Time: 2010-04-11 20:52:12

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 CHLD01                    06m:33s    0 /   4    0
 DC01                      53m:38s    0 /   3    0


Destination DSA     largest delta    fails/total %%   error
 CHLD01                    53m:39s    0 /   3    0
 DC01                      06m:33s    0 /   4    0


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - abc2627d-9138-4803-81fa-ec3cb464a260._msdcs.florasul.lan

C:\Users\Administrator>dcdiag /v /c  - errors found:
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=f
lorasul,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         Downstream topology is disconnected for
         CN=Schema,CN=Configuration,DC=florasul,DC=lan.
         Home server CHLD01 can't get changes from these servers:
            Default-First-Site-Name/WIN-MH38UR7NKBC
         * Analyzing the connection topology for CN=Configuration,DC=florasul,DC
=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         Downstream topology is disconnected for
         CN=Configuration,DC=florasul,DC=lan.
         Home server CHLD01 can't get changes from these servers:
            Default-First-Site-Name/WIN-MH38UR7NKBC
         ......................... CHLD01 failed test Topology
      Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN
         references.  Note, that  these problems can be reported because of
         latency in replication.  So follow up to resolve the following
         problems, only if the same problem is reported on all DCs for a given
         domain or if  the problem persists after replication has had
         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value
             Base Object:
            CN=WIN-MH38UR7NKBC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=florasul,DC=lan
             Base Object Description: "Server Object"
             Value Object Attribute: serverReference
             Value Object Description: "DC Account Object"
             Recommended Action: This could hamper authentication (and thus
            replication,  etc).  Check if this server is deleted, and if so
            clean up this DCs Account  Object.  If the problem persists and
            this is not a deleted DC, authoratively restore the DSA object from
            a good copy, for example the DSA on the DSA's home server.

         ......................... CHLD01 failed test


                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found prim
ary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.1.101 (<name unavailable>) [Valid]

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.1.101 (<name unavailable>)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

            DNS server: 192.168.2.101 (CHLD01)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: evora01.florasul.lan
               chld01                       PASS PASS PASS PASS PASS PASS n/a

         ......................... florasul.lan passed test DNS
      Starting test: LocatorCheck
         GC Name: \\DC01.florasul.lan
         Locator Flags: 0xe00033fd
         PDC Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         Time Server Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         Preferred Time Server Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         KDC Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         ......................... florasul.lan passed test LocatorCheck
      Starting test: FsmoCheck
         GC Name: \\DC01.florasul.lan
         Locator Flags: 0xe00033fd
         PDC Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         Time Server Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         Preferred Time Server Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         KDC Name: \\chld01.evora01.florasul.lan
         Locator Flags: 0xe00031f9
         ......................... florasul.lan passed test FsmoCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... florasul.lan passed test Intersite



0
snusgubbenCommented:
The replication cycle is fine, but you had some dcdiag issues. You should offcourse give the child time to know its parent before you do anything.

How long ago did you create the child?
0
abolinhasAuthor Commented:
about one hour ago
0
abolinhasAuthor Commented:
If I do dcdiag /v /c from parent I get this error:

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 2001:0:5ef5:73bc:1042:129b:3f57:fd9a
            (chld01.evora01.florasul.lan.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:0:5ef5:73bc:1042:
129b:3f57:fd9a               [Error details: 1460 (Type: Win32 - Description: Th
is operation returned because the timeout period expired.)]
               DNS delegation for the domain evora01.florasul.lan. is broken on
IP 2001:0:5ef5:73bc:1042:129b:3f57:fd9a

               [Error details: 1460 (Type: Win32 - Description: This operation r
eturned because the timeout period expired.)]


0
abolinhasAuthor Commented:
also I found this in child domain

The attempt to establish a replication link for the following writable directory partition failed.
 
Directory partition:
CN=Configuration,DC=florasul,DC=lan
Source directory service:
CN=NTDS Settings,CN=WIN-MH38UR7NKBC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=florasul,DC=lan
Source directory service address:
abc2627d-9138-4803-81fa-ec3cb464a260._msdcs.florasul.lan
Intersite transport (if any):
 
 
This directory service will be unable to replicate with the source directory service until this problem is corrected.
 
User Action
Verify if the source directory service is accessible or network connectivity is available.
 
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
0
snusgubbenCommented:
Seems like the evora01.florasul.lan zone is delegated. Is the zone name server(s) correct?
0
abolinhasAuthor Commented:
I don't understand you question, you can be more explicit.

Sorry for my bad english
0
snusgubbenCommented:
"DNS delegation for the domain evora01.florasul.lan. is broken on" a parent domain DC.

You need to fix the delegation of the zone. You will see the delegated zone as a "greyed out" folder in the DNS management consoll. Probably are there some out of date NS in the zone.

See this PAQ regarding delegation:
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_24349599.html

0
abolinhasAuthor Commented:
I alredy remove all grey folder, and now I need to recreated again?

How can I do this ?

Regards and thanks for your support
0
snusgubbenCommented:
If you want to delegate the _msdcs zone that your parent domain is authoritative for, right click the zone and run the delegation wizard.
0
abolinhasAuthor Commented:
I send you in attach my dns server from parent, please correct me  if I'm wrong.
These are the steps I have to do ? From parent?
1º Right click in _msdcs.florasul.lan
2º New Delegation
3º Delagate domain. What? the name of child domain (evora01) or the name of dc on child domain (chld01.evora) ?
4º New name server record. Check output (attach name-server-record01 and name-server-record02)

In child I need to do all this steps to ?

dnszone.jpg
name-server-record01.jpg
name-server-record02.jpg
0
snusgubbenCommented:
Step-by-step create a delegation on the parent DNS server for the child DNS server.

http://support.microsoft.com/kb/255248

Another way is to create a secondary zone on the child. (a third way is a stub zone).
0
abolinhasAuthor Commented:
Still grey :(


0
abolinhasAuthor Commented:
and when I try add a new name server record on delagtion, I get the sema error, see name-server-record01.jpg  and name-server-record02jpg on http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_25823152.html#a30524293
0
abolinhasAuthor Commented:
The main goal of this topic was know some commands to test the comunications between parent domain and child domain and vice versa.

I will open a new topic about this dns issues.

Thanks for your great help.

Best regards

André Bolinhas
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.