Just like you say, " Are they root.com, hq.root.com and plant.root.com"
Also, I just noticed that there was a delegation set up from root.com to hq.root.com but not to plant.root.com from root.com (is that what you meant by, did you delegate both subdomains from the root?)... I just set that up and cleared the event logs.... waiting to see what happens. Still getting the same event log messages... Joe Pelle -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, December 23, 2002 2:42 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD, DNS, Errors - THE WORKS Hmm. My first inclination is that your child domain's don't know about the empty root. How are the DNS configs done? Are they root.com, hq.root.com and plant.root.com, or is it a discontiguous namespace? If its contiguous, did you delegate both subdomains from the root? It smells of DNS issues, though, so definitely work that angle. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Pelle, Joe [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 23, 2002 2:24 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] AD, DNS, Errors - THE WORKS > > > Hello! I have a question about setting up DNS in AD... The > following is my environment (so far): > > Empty Root (2 DC's) > > Child Domain of Empty Root at HQ (2 DC's) DNS, WINS, DHCP > > Child Domain of Empty Root at 'The Plant' (for now, 1 DC's) DNS > > DNS is running on all the servers...Every 5 minutes I am > getting a warning followed by an error on both Child Domain > servers at HQ and The Plant: > > Warning: SceCli 1202 > > Security policies are propagated with warning. 0x534 : No > mapping between account names and security IDs was done. > > Please look for more details in TroubleShooting section in > Security Help. > > Error: Userenv 1000 > > The Group Policy client-side extension Security was passed > flags (17) and returned a failure status code of (1332). > > The DC/DNS server at HQ delegates to The Plant's DNS zone. I > don't have the opposite setup... Should I? Basically, I want > DHCP clients in The Plant to have access to resources at HQ > (or vice versa) or another location without having to go up > the tree to go back down... > > > Any thoughts, suggestions, comments are greatly appreciated! > > Thanks! > > Joe Pelle > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
