AD problems

[cptkirkh]

I am haivng some strange problems with my win2k setup. Here is what
we have. I upgraded my win nt boxes to win2000 server. After
upgrading i tried to do dcpromo to make a member server a dc but it
will not let me. When i try to "turn on " Active Directory on the
member server it first asks me for which i want to do a new domain
controller for a new domain or an additional dc for a current domain.
i choose the second option and click next. It now asks me for a user
account to setup the domain with. I add one of the admin accounts in
the domain. it also asks for the domain name. it has listed what i
feel is the win2k domain name xxx.com. When i try this domain name i
get the xxx.com is not an active Directory domain or a dc for xxx.com
domain could not be contacted error message. I then click ok and it
takes me back to user account page. i then place in the domain box
what i consider to be the old win nt domain yyy. it takes this name
and goes to the next box to the addtional domain controllers windows.
Here it asks for the full DNS name for the existing domain that this
addtional domain controller will be a dc on. ex.
(headquaters.microsoft.com). inside this box is xxx.com. i click ok
and it says that this domain could not be located. i then place the
old nt domain name yyy and it says that yyy refers to xxx.com is that
what you intended? i click ok and it starts the database setup for
AD. then it asks for the syvol location. i go through all of these
and leave the defualts alone. it then asks for the ad admin password
i put this in there and click next and then it shows the box that
shows the summary of my changes. I then click next and it tries to
configure AD. An error message comes up saying "The operation falied
because: Failed finding a suitable domain controller for domain
xxx.com. The specified domain either does not exist or could not be
contacted" After that it says AD not installed. I need some help.
Everything works on my network. people can still log in and work But
AD is crazy.... What did i do wrong? I feel it is something to do
with DNS but that seems to be functioning just fine. Any suggestions
would be helpful. I have noticed login times on the netowrk are
really slow ofr win2k machines. They take around 1 to 3 minutes. i
feel these should be a lot faster.

 

[sumaya]

1. what dns are you running?
2. what are you using for your pdc and bdc?

 

[zoeythecat]

I would start by checking the "DNS settings" on the server you are trying to demote to a member server. Make sure your DNS settings and DNS Suffix points to the correct IP Address of the DNS server and the correct DNS suffix name. If it is not than during the process of running the DCPromo you won't be able to contact a domain controller. Which server are you trying to demote? Make sure its not the first DC you upgraded.

In regards to your clients being slow you may need to check into setting up a Site Link depending on how your network is setup (I.E - Multiple subnets). You need to readup and check out MS Website for articles relating to this.

 

[SFTechie]

Make sure you have all service packs installed on your win2k servers. we had similar problems during one of our upgrades.

 

[q123we]

to make it easy on yourself:

1st get a clean install of win2k server (NOT UPGRADED FROM NT4) and promote it to master dc & make a new domain name

2nd demote your current dc's

3rd add all 2ndary and member servers to new domain

4th set up primary & 2ndary DNS servers (maybe WINS and DHCP if u want)

5th re-create logins/shares/network paths

6th add clients to domain

** note - you may want to do this during non-production time since your domain will be down for about an hour if all goes well

 

[cptkirkh]

Can you elaborate on the following items.

5th re-create logins/shares/network paths
Do you mean add all of the users individually to the new domain? I have quite a few users and that might take a long time. Is there a way to copy them to the new domain?


6th add clients to domain
Do i have to go up to all of the client pc's and add them? That could also take quite a long time.

i realized a while back that the last way suggested is what i might have to do but is there a way to add the client PC's without walking up to each one and removing it fromthe domain? Thanks for your help.

 

[zoeythecat]

I really don't think you have to do the check list that q123we notes unless you have to completely redo your Windows2000 domain. I would again first check your DNS settings on the server you are having problems with. How many Domain Controllers do you have? Is the first controller that you upgraded (This would be the DC that you upgraded from a PDC and would host the DNS)working good? Is the Domain Controller that you are trying to promote the 2nd Domain Controller you are trying to connect to AD? Can you list more info (list your DNS IP Settings (not the exact settings, but give some more info so we can better understand the scenario you are in).

 

[q123we]

Some links for you to explore:

http://www.microsoft.com/windows200...sp?url=/windows2000/en/server/help/ntcmds.htm

http://helpdesk.kixtart.org/

http://www.labmice.net/scripting/default.htm

http://www.winnetmag.com/Articles/Index.cfm?ArticleID=8315

I'll check out some stuff for you today, if I find anything useful, I'll post it for you

 

[q123we]

Zoey -

From his description in the 1st post it seems to me that he dcpromo'd his DC. That's why I suggested to make a new domain.

Quote from cptkirkh's 1st post:

"...it also asks for the domain name. it has listed what i feel is the win2k domain name xxx.com. When i try this domain name i get the xxx.com is not an active Directory domain or a dc for xxx.com domain could not be contacted error message. ... The operation falied because: Failed finding a suitable domain controller for domain xxx.com. The specified domain either does not exist or could not be
contacted"

 

[cptkirkh]

Zoey i agree on there has to be a simplier way than reding the whole domain.

Here are the answers to your ?'s
these all apply to the server I want to promote.
I would again first check your DNS settings on the server you are having problems with.
Primary DNS is the IP of the PDC/DNS server.

How many Domain Controllers do you have? 1

Is the first controller that you upgraded (This would be the DC that you upgraded from a PDC and would host the DNS)working good?
Yes the netowrk works fine the only thing i have a problem with is when I ran dcdiag /test:registerdns on the DC/DNS machine i get the following error on the connectivity test.
"Warning : could not confirm the identity of this server in the directory versus the names returned by DNS server. If there are problems accessing this directory server then you made need to check that this server is correctly registered with DNS" end of the error message. i checked in the DNS settings and i have this server, DC/DNS server, listed as a name server, it has a host file both of these are in the forward lookup zomes and in the reserve lookup zone there is a pointer record for this server.

The only weird thing is the name of this server. It was originally called in win nt fileserv2. The netbios domain name for the domain was cic. After i upgraded its name became fileserv2.cic. In the network identification tab the full computer name is fileserv2.cic and the domain is scic.com. DOes all of htis make sense?

 

[zoeythecat]

Q123we,

I think we are getting a confused message what is happening in his environment. He notes, "I upgraded my win nt boxes to win2000 server" so I'm thinking he is already upgraded his network to Windows2000. I'm trying to figure out if the controller he is having a problem with is another controller he is just simply trying to upgrade to Windows2000. He needs to be more clear what exactly is happening. He has users from his NT4 environment. He has to migrate his users. You are suggesting to create a new domain. How is he gonna migrate his users that way? You have to upgrade the PDC in an NT4 domain first. I think his goal is to upgrade the PDC first (Which i'm assuming he did). This will migrate the users to AD. Then the other DC's can be upgraded to Windows2000 Server. He just needs to make sure he has his DNS settings pointing to the first Domain Controller which will be his DNS server.

 

[q123we]

I was under the impression that the NT DC was trashed & there was nothing to authenticate to..

 

[cptkirkh]

Maybe i can clear this up a little bit. I upgraded my NT4.0 PDC to win2k. I have other servers that are not DC's that are win2k and some that are NT 4.0. I can not add other DC's to my domain. These servers that i want to become DC's are win2k. My final goal is to make the DC just a member server and have naother machine be a DC. Does that help?

 

[cptkirkh]

Sorry about the confusion. My domain works I just need to be able to add new DC's. The machine's won't let me.

 

[zoeythecat]

Sounds like you just want these Domain Controllers to be Member Servers in your Domain? In that case you would not run DCPROMO as this function promotes Win2K to a Domain Controller. Just make sure you have your DNS settings pointing correctly to the first domain controller, also make sure that you have the DNS suffix name entered (From your DNS tab, "Dns Suffix" is at the bottom, also checkmark, "Register this connections address in Dns" and "Use this connections Dns Suffix in DNS registration". So you need the IP Address of the DNS server plus these entries.

That should be it. Although you should have at least 2 Domain Controllers in your enviroment for redundancy in case your main server crashes. Also, when running DCPROMO to promote, you may be entering the domain name incorrectly. Maybe you need to enter the NETBIOS name? Try SCIC.com?

Let us know how you make out.

 

[cptkirkh]

My ultimate goal is to remove the current DC to a member server. I want to make another member server the DC of the domain. I would also like to have the ability to add DC's whenever i want to. Right now i can not do that. AS far as when i run dcpromo on the member server i have to put the netbios domain name in and it resolves to the win2k domain name for example to cic to scic.com.

 

[cptkirkh]

I also have a question about AD management. Can a member server access the directory? For instance can I open the AD snap-in and look at the users on the network?