Enterprise Server Strategies for the CIOLast year I created a Windows 2000 forest containing a root domain and three child domains. Everything worked fine until about five months ago when none of the child domains could find the Global Catalog (they could before). I don't know what changed but to "resolve" the problem I opened the Active Directory Sites and Services Console from the Administrative Tools of each child domain, expanded the Sites -> Default-First-Site-Name -> Servers and then right clicked on the NTDS Settings and checked the box that says Global Catalog.
Although this allowed the child domains to find the GC did it really resolve my problem or just work around it? This may be related to a more serious problem I'll describe in another question.
Although this allowed the child domains to find the GC did it really resolve my problem or just work around it? This may be related to a more serious problem I'll describe in another question.
Requires Free Membership to View
Check on the Flexible Single Master Operations roles (FSMO). If the roles got switched around it could cause a problem with replication. Specifically the Infrastructure Master role should not be a Global Catalog Server. If it is, the replication can fool itself into believing that all of the child domain servers are up to date, when they are not. Keep in mind that you will have multiple Infrastructure Masters. Each domain/child domain will have its own. Unless ALL servers are Global Catalog servers -- you will need to make sure the ones running the Infrastructure Master are not be GC's. You may use the DSA to find the information or the NTDSUTIL.exe (my preference):
Open a command prompt and type Ntdsutil (this requires that the Windows Support Tools have been installed from the CD). You get a NTDSUTIL: prompt. Now type…
Open a command prompt and type Ntdsutil (this requires that the Windows Support Tools have been installed from the CD). You get a NTDSUTIL: prompt. Now type…
Ntsdutil: roles fsmo maintenance: connections server connections: connect to server [servername of non-PDC emulator system] Connected to [servername] using credentials of locally logged on user. server connections: quit fsmo maintenance: Select operation target select operation target: List roles for connected serverThe output will be similar to this:
Server "myserver" knows about 5 roles Schema - CN=NTDS Settings,CN=MYSERVER2,CN=Servers,CN=Default-First-Site-Name,CN= Sites,CN=Configuration,DC=mydomain,DC=com Domain - CN=NTDS Settings,CN=MYSERVER2,CN=Servers,CN=Default-First-Site-Name,CN= Sites,CN=Configuration,DC=mydomain,DC=com PDC - CN=NTDS Settings,CN=MYSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,DC=mydomain,DC=com RID - CN=NTDS Settings,CN=MYSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sit es,CN=Configuration,DC=mydomain,DC=com Infrastructure - CN=NTDS Settings,CN=MYSERVER,CN=Servers,CN=Default-First-Site-N ame,CN=Sites,CN=Configuration,DC=mydomain,DC=comPaul Hinsberg
Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.
This was first published in December 2004
Join the conversationComment
Share
Comments
Results
Contribute to the conversation