mohammad naji
asked on
child domains objects not appearing in ADUC of global catalog servers
hello dears,
this is my first question so I beleive everyone will guide me on solving the issue.
Subdomains (child domains) objects Missing from Active Directory Users and Computers in the parent domain.
I have one parent domain ( name it domain_parent) with 2 DCs (DC1 and DC2)
and two child domains, each child domain has one DC (DC3 and DC4)
all are windows 2012 R2 servers
and all DCs in all domains are global catalog servers
the replication is OK, I can search all objects from all domains by using Active Directory administrative center, repadmin result stating that the replication was successful
I beleive that the issue is related to DNS, but i do not know where exactly, the DC1 has a primary DNS and child domains are active directory integrated.
from network properties, the DNS servers are set as follow:
DC1:
DNS Server : the IP of itself
DC3:
DNS Server1: the IP of DC3
DNS Server2: IP of DC1
DC4:
DNS Server1: the IP of DC4
DNS Server2: IP of DC1
can anyone please guide me on what is the issue and how I can resolve it?
thank you
this is my first question so I beleive everyone will guide me on solving the issue.
Subdomains (child domains) objects Missing from Active Directory Users and Computers in the parent domain.
I have one parent domain ( name it domain_parent) with 2 DCs (DC1 and DC2)
and two child domains, each child domain has one DC (DC3 and DC4)
all are windows 2012 R2 servers
and all DCs in all domains are global catalog servers
the replication is OK, I can search all objects from all domains by using Active Directory administrative center, repadmin result stating that the replication was successful
I beleive that the issue is related to DNS, but i do not know where exactly, the DC1 has a primary DNS and child domains are active directory integrated.
from network properties, the DNS servers are set as follow:
DC1:
DNS Server : the IP of itself
DC3:
DNS Server1: the IP of DC3
DNS Server2: IP of DC1
DC4:
DNS Server1: the IP of DC4
DNS Server2: IP of DC1
can anyone please guide me on what is the issue and how I can resolve it?
thank you
Select that specific child Domain in ADUC and search for the object and lets see if you are able to see it
ASKER
hello pradiip,
if you mean to choose ( change domain controller), from parent domain, and then changing to the child domain controller, then yes I can change to the child domain controller and search for child objects.
if you mean to choose ( change domain controller), from parent domain, and then changing to the child domain controller, then yes I can change to the child domain controller and search for child objects.
Yes that's what I mean is it working ?if yes the everything is good at your end
ASKER
thanks, but what I need is to manage the child domains objects directly from ADUC without changing the domain controller,
when the network is disconnected between child and parend domains, I ( as administrator) cannot manage the child objects
when the network is disconnected between child and parend domains, I ( as administrator) cannot manage the child objects
I think that is the correct behaviour. If you manipulate an object in a domain then the domain should be up/contactable.
Exactly this how it should be
AFAIK, all the domains in a forest trust each other but a child-parent domain have the child namespace in addition.
ASKER
you are right, the child domain should be up if I want to manage the domain, but what about if the child domain is not contactable? how I can manage users of child domain? I also has an exchange 2016 installed on parent domain, and if the DC is not up then users cannot access their mailboxes too
That's absolutely true behaviour Exchange first verifies the Exchange permission on local DC and if it's failing it will boy work any how so to work this you have to have your Child DC up
Well even in the same domain DCs can clash and certain rules apply to decide the output.. If the domain in not contactable then effectively you are typing commands on paper.
ASKER
So what should I do to make exchange server works as normal if the child domain goes down? What is the best practice?
you are right, the child domain should be up if I want to manage the domain, but what about if the child domain is not contactable? how I can manage users of child domain?
In short, you can't. In a multi-domain forest, global catalog servers in one domain store partial, read-only replicas of all objects in other domains. If you can't contact a DC in the child domain, you may be able to look up objects in that domain through the GC, but making changes to them is not possible.
More information can be found here.
So what should I do to make exchange server works as normal if the child domain goes down? What is the best practice?One of the reasons multi domain is overkill and I recommend against it, especially now with PSOs and flexible delegation models. It just over complicates management and you need to commit hardware etc. I believe your understanding of a GC is incorrect
You can set the static DC on the exchange server and give a try so Exchange will connect to only specific DC
Won't magically make this part work
when the network is disconnected between child and parend domains, I ( as administrator) cannot manage the child objects
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.