Hmm. My first inclination is that your child domain's don't know about the empty root. How are the DNS configs done? Are they root.com, hq.root.com and plant.root.com, or is it a discontiguous namespace?
If its contiguous, did you delegate both subdomains from the root? It smells of DNS issues, though, so definitely work that angle. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Pelle, Joe [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 23, 2002 2:24 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] AD, DNS, Errors - THE WORKS > > > Hello! I have a question about setting up DNS in AD... The > following is my environment (so far): > > Empty Root (2 DC's) > > Child Domain of Empty Root at HQ (2 DC's) DNS, WINS, DHCP > > Child Domain of Empty Root at 'The Plant' (for now, 1 DC's) DNS > > DNS is running on all the servers...Every 5 minutes I am > getting a warning followed by an error on both Child Domain > servers at HQ and The Plant: > > Warning: SceCli 1202 > > Security policies are propagated with warning. 0x534 : No > mapping between account names and security IDs was done. > > Please look for more details in TroubleShooting section in > Security Help. > > Error: Userenv 1000 > > The Group Policy client-side extension Security was passed > flags (17) and returned a failure status code of (1332). > > The DC/DNS server at HQ delegates to The Plant's DNS zone. I > don't have the opposite setup... Should I? Basically, I want > DHCP clients in The Plant to have access to resources at HQ > (or vice versa) or another location without having to go up > the tree to go back down... > > > Any thoughts, suggestions, comments are greatly appreciated! > > Thanks! > > Joe Pelle > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
