yes. a quick question- can one restore an entire child domain without connectivity to the root domain?
-----Original Message-----
From: Anderson Santos Patricio [mailto:[EMAIL PROTECTED]
Sent: Wed 3/24/2004 2:58 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] disaster recovery
You Zones is setting for Dynamic Updates = YES???
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: quarta-feira, 24 de marÃo de 2004 16:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] disaster recovery
restarting netlogon or registerdns does not work.
where is this copy of the root zone in my dns server. i don't think i have it
by default. i had to transfer it on my dns server back home.
also if i had it, wouldnt creating a AD intergrated dns server on my test DC
also have it?
finally, when dc's replicate, do they look each other up in a gc?
i never had any gc srv records in my local domain zone, only in the root. is
this normal?
thanks for your reply
-----Original Message-----
From: Anderson Santos Patricio [mailto:[EMAIL PROTECTED]
Sent: Wed 3/24/2004 2:16 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] disaster recovery
Hi Tom,
All register of AD Zones can recover with two comand:
restart netlogon service or ipconfig /registerdns
and all workstation will update your register in dns, or dhcp will ..
In Windows 2000 is interesting you have a secondary zone of your root
in your local dns server,
In Windows 2003 you can set dns zone to level Forest then this zone is
replicated for all domain controller in the forest.
Thanks for advanced.
Anderson Patricio - Analista de Suporte
[EMAIL PROTECTED] <blocked::mailto:[EMAIL PROTECTED]>
Microsoft Certified Systems Engineer on 2003/2000
Microsoft Certified Systems Administrator on 2003/2000
Red Hat Certified Technician
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern,
Tom
Sent: quarta-feira, 24 de marÃo de 2004 16:03
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] disaster recovery
i also get a "all gc's are down" error.
gc records are just registered in the root domain, i assume. i only
have a dns for my domain.
also dcdiag output says "the server is not responding to directory
service requests" though it holds a copy of AD.
how can i get around this? do i need a copy of the root dns zone? how
can i get this? can i export it to a text file and import it into my dns server? can i
somehow pull it from the config container in AD without being connected to the root of
the tree?
is this the cause of my woes?
it would be insane on MS's part to demand connectivity to the root of
the forest when restoring or doing DR on AD.
what did i screw up?
Thanks again for any help
-----Original Message-----
From: Kern, Tom
Sent: Wed 3/24/2004 1:34 PM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] disaster recovery
I just restored AD. I had a test laptop, pulled it off the
network, ran ntdsutil, seized all 3 roles,ran metadata cleanup and removed all my old
dc's. deleted them with adsiedit and all dns records as well.
then at the DR site, i set up new servers with the same names
as the old one's, ran dcpromo. however, the new servers get dnslookup/rpc errors when
i try to force a replication.
also, they fail a dcdiag because the guid dns name is not
present and the server "fails a directory request"
Also the srv records for kerberos and kpasswd do not appear in
dns for my domain.
The test laptop had an AD intergrated dns zone pulled directly
from my real network. However, it just has the zone for my domain, not the forest root.
do i need this record as well to promote DC's. I'm not
connected to the forest anyway, but should i have the forest root records too.
what am i doing wrong?
thanks
.+wYØP×.+j joryIV+v*
<<winmail.dat>>
