Solved

New tree DNS problem in existing forest

Posted on 2010-09-06
5
862 Views
Last Modified: 2012-05-10
In a test environment, I have two forests: abc.local and ghi.local.

Forest abc.local contains two trees:
   domain abc.local.
       subdomain sales.abc.local.
   domain def.local.

Replication, as tested by running repladmin /replsummary, appears to be working between all nodes.

The problem is with the def.local domain, which is a different tree in the abc.local forest.

When I look at the DC of def.local, everything looks fine, including DNS.

But in the DNS setup of the abc.local domain, it doesn't look right. For example, I can see the def.local domain, and it has the SOA and NS records for the servers in abc.local, but there are no A records. And the SOA for that domain is the DNS server for abc.local. If I manually add an A record pointing to the DC of the def.local domain, I still cannot do an NSLOOKUP or ping def.local and get replies.

Short of demoting the sole def.local server and then promoting it again, is there a simple fix for this? Or is this normal behavior?

Thanks.
0
Comment
Question by:ovidbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 

Author Comment

by:ovidbailey
ID: 33614638
FWIW, if I force replication with repadmin /syncall, I get a msg from one item that says "The naming context is in the process of being removed or is not replicated from the specified server." Don't know that that means.
0
 

Author Comment

by:ovidbailey
ID: 33614713
I have a little more info. The GC is stored on Server2.abc.local. When I ping the address of that server from the DC in def.com, I only get IPV6 replies. Looking at server2.abc.local's network settings, the primary DNS is pointing to the address of server1.abc.local (the first DC) and the secondary DNS is 127.0.0.1.
0
 

Author Comment

by:ovidbailey
ID: 33614969
Solved the IPV6 issue by unbinding from the NIC. When I try to demote the server (which will remove this domain), I get an error that "Active Directory Domain Services could not transfer the remaining data in directory partition (abc.local) to Active Directory Domain Controller (this computer). "Could not find the domain controller for this domain."

Suggestions to either fix the original problem or figure out how to demote/ remove this domain?
0
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 500 total points
ID: 33615456
To get replication to move between domains you need to manually change the zone replication default from "All domain controllers in the Active Directory domain" to "All DNS servers in the Active Directory forest"

See the following technet article: http://technet.microsoft.com/en-us/library/cc779655%28WS.10%29.aspx

Additionally to answer your other questions in order to force a removal, will cause meta-data corruption that would need to be cleaned up later, you use the command dcpromo /forceremoval

http://technet.microsoft.com/en-us/library/cc787133%28WS.10%29.aspx

In addition this may be of interest to you. It refers to reinstalling a Dynamic DNS Active Directory Integrated Zone: http://support.microsoft.com/kb/294328
0
 

Author Comment

by:ovidbailey
ID: 33617620
Perfect reply to both issue. Thanks, Dude!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question