Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2k Active Directory flumoxed

Status
Not open for further replies.
meby

meby

IS-IT--Management
Dec 1, 2003
43
I'm having a very difficult time with our Active Directory Forest. Any assistance will be greatly appreciated. Here is what has happened so far:

Our primary domain controller and master operator server crashed and burned with no recovery possible. The backups that we had apparently were corrupt as well.

We have 2 domains on our network in a parent-child relationship. Our parent domain has 4 DCs (now 3) on it. The child domain has 2 DCs. I took one of the 3 remaining DCs on the parent domain and seized control of all 5 roles. I have seen the seizure propogated amoung the other 2 DCs. I enabled DNS and WINS on the new Master DC as well as changed the IP to what the old one was so that I didn't have to change the 400 static IPs across our district to the new DNS/WINS manually.

The problem that we are seeing now is that many of our computers cannot logon to the domain. They get a domain cannot be contacted message. When I go to the MDC I try to verify the domains and get a message that they cannot be contacted for both the parent and the child domain. In the system log I am seeing a lot of event 5722 and 5723 for when the district computers are trying to login. I've reset passwords to no avail.

I've been scouring the Microsoft Kb trying to solve this and am just running into a brick wall. Any assistance in this would be a life saver.

All DCs on both parent and child domain are Win2k Server updated to the newest SP and critical updates.

Thank you in advance.
 
Sort by date Sort by votes
In active directory sites and services, make sure there is at least one DC configured as a GC within each site. I say at leat one, better to have two per-site.
 
Upvote 0 Downvote
Also, make sure the clients that are having issues are not configured (TCP/IP) pointing to the dead DNS servers....
 
Upvote 0 Downvote
All the other DCs are checked as Global Catalogs and all the clients are pointed to the PDC as their DNS server. The PDC is also the DNS/WINS server. However, along the lines of Global Catalogs, I tried to delete a user account and make a new one and it gives me an error that says that it cannot be verified as unique with the Global Catalogs. I looked at all the other DCs and like I said they are checked as Global Catalogs (the PDC is not but was before we started all this) and under operations masters they all show the MDC as being the role holder for all the roles.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
316
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
80
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
144
technome
technome
mkrausnick
  • Locked
  • Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
87
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top