Solved

New tree DNS problem in existing forest

Posted on 2010-09-06
5
861 Views
Last Modified: 2012-05-10
In a test environment, I have two forests: abc.local and ghi.local.

Forest abc.local contains two trees:
   domain abc.local.
       subdomain sales.abc.local.
   domain def.local.

Replication, as tested by running repladmin /replsummary, appears to be working between all nodes.

The problem is with the def.local domain, which is a different tree in the abc.local forest.

When I look at the DC of def.local, everything looks fine, including DNS.

But in the DNS setup of the abc.local domain, it doesn't look right. For example, I can see the def.local domain, and it has the SOA and NS records for the servers in abc.local, but there are no A records. And the SOA for that domain is the DNS server for abc.local. If I manually add an A record pointing to the DC of the def.local domain, I still cannot do an NSLOOKUP or ping def.local and get replies.

Short of demoting the sole def.local server and then promoting it again, is there a simple fix for this? Or is this normal behavior?

Thanks.
0
Comment
Question by:ovidbailey
  • 4
5 Comments
 

Author Comment

by:ovidbailey
ID: 33614638
FWIW, if I force replication with repadmin /syncall, I get a msg from one item that says "The naming context is in the process of being removed or is not replicated from the specified server." Don't know that that means.
0
 

Author Comment

by:ovidbailey
ID: 33614713
I have a little more info. The GC is stored on Server2.abc.local. When I ping the address of that server from the DC in def.com, I only get IPV6 replies. Looking at server2.abc.local's network settings, the primary DNS is pointing to the address of server1.abc.local (the first DC) and the secondary DNS is 127.0.0.1.
0
 

Author Comment

by:ovidbailey
ID: 33614969
Solved the IPV6 issue by unbinding from the NIC. When I try to demote the server (which will remove this domain), I get an error that "Active Directory Domain Services could not transfer the remaining data in directory partition (abc.local) to Active Directory Domain Controller (this computer). "Could not find the domain controller for this domain."

Suggestions to either fix the original problem or figure out how to demote/ remove this domain?
0
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 500 total points
ID: 33615456
To get replication to move between domains you need to manually change the zone replication default from "All domain controllers in the Active Directory domain" to "All DNS servers in the Active Directory forest"

See the following technet article: http://technet.microsoft.com/en-us/library/cc779655%28WS.10%29.aspx

Additionally to answer your other questions in order to force a removal, will cause meta-data corruption that would need to be cleaned up later, you use the command dcpromo /forceremoval

http://technet.microsoft.com/en-us/library/cc787133%28WS.10%29.aspx

In addition this may be of interest to you. It refers to reinstalling a Dynamic DNS Active Directory Integrated Zone: http://support.microsoft.com/kb/294328
0
 

Author Comment

by:ovidbailey
ID: 33617620
Perfect reply to both issue. Thanks, Dude!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS Help 7 46
Creating accounts AD 2k8 PowerShell - Carriage Return in addresses 5 49
DNS Replication 12 68
trying to change time server to time.windows.com, errors 2 36
This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question