Description:

Forest company.corp, forest root domain company.corp. Another domain (as a
tree root), dept.lab.

Two DCs in company.corp, with DNS, WINS, DHCP, Global Catalog on each (DC1,
DC2), 1 DC in dept.lab (LABDC1), with DHCP and Global Catalog. The domains
are on two different subnets within the same site. The LABDC1 in dept.lab
is looking to company.corp for DNS and WINS, it does not have DNS or WINS
installed.

Both domains are an upgrade from NT 4.0 to Win2k. They had trust between
them so they were configured the same way, as separate trees in the
company.corp forest, after the upgrade. I don't know why DNS/WINS was not
installed on LABDC1, I inherited the setup. The DCs were replicating fine
after the upgrade, DC1 to DC2 and LABDC1, and DC2 to DC1 and LABDC1. Each
DC could see the other two in AD Site and Services/Servers/ServerName/NTDS
Settings, with entries automatically generated. No DNS or WINS name
resolution problems, time synch working fine, AD working fine.

There is an Exchange 2003 Ent. SP2 server in company.corp domain. It was
installed into Win2k forest. There is still an ADC connector since it was
migrated from Exchange 5.5. The E5.5 server was removed from site.

Two weeks ago I had to start upgrading to Win2k3. I ran adprep /forestprep
on schema master (PDC), then /domainprep /gpprep on both domain PDCs. It
worked like a charm, no errors. Next, I upgraded the company.corp domain
PDC (forest master) to Windows 2003 SP1. No problems.

Then I added a new W2k3SP1 domain controller, DC3, to the company.corp
domain, w/own DNS, WINS, DHCP. It worked, no errors. The only issue I see
is the replication between DC3.company.corp and LABDC1.dept.lab. They don't
have an entry for each other in AD Site and Services/Servers/ServerName/NTDS
Settings, it was not automatically generated. Dcdiag, netdiag, dns tests,
nltest - no errors anywhere. I upgraded LABDC1 to W2k3SP1 - replication to
DC1 and DC2 did not work until I changed RestrictAnonymous value to 1, since
then it works fine, but still DC3 and LABDC1 don't see each other in AD Site
and Services/Servers/ServerName/NTDS Settings

How can this be fixed? Do I need to add the connection manually between DC3
and LABDC1? I have to fix it because DC1 and DC2 controllers will be
demoted and removed after moving roles to DC3 and another new controller
that will be set up.

Also, I would like to install DNS for corp.lab domain and move corp.lab zone
to it from company.corp DNS servers. What is a proper procedure for this?
There are articles describing child domain DNS setup but not a second tree
setup like mine. A new controller will also be added to dept.lab, roles
moved, and the old one decommissioned.

Advice, , pointers to sites/articles greatly appreciated.

Jill

> How can this be fixed? Do I need to add the connection manually between
> DC3
> and LABDC1?
If by "don't see each other" you meant that there is no connection object,
then yes, you can manually create one, especially given the fact that you
said you plan to demote the other DCs. BTW, the object is only created
automatically when it is considered needed. In your case, since the LABDC is
already connected to the other 2, another one to DC3 is not considered
necessary. That's why it wasn't created. If you demote the other 2 DCs
without manually creating a connection to between DC3 and LABDC, you will
see that it will be automatically created in due course.

> Also, I would like to install DNS for corp.lab domain and move corp.lab
> zone
> to it from company.corp DNS servers. What is a proper procedure for this?
> There are articles describing child domain DNS setup but not a second tree
> setup like mine. A new controller will also be added to dept.lab, roles
> moved, and the old one decommissioned.

Install DNS, create a corp.lap zone as secondary and point to one of the DCs
as master. After the zone transfers over, change it from secondary to
AD-integrated Primary zone.

HTH
Deji

"gm" <yyy@yyy.com> wrote in message
news:%23iwIWQAOGHA.3732@TK2MSFTNGP10.phx.gbl...
> Description:
>
> Forest company.corp, forest root domain company.corp. Another domain (as
> a
> tree root), dept.lab.
>
> Two DCs in company.corp, with DNS, WINS, DHCP, Global Catalog on each
> (DC1,
> DC2), 1 DC in dept.lab (LABDC1), with DHCP and Global Catalog. The
> domains
> are on two different subnets within the same site. The LABDC1 in dept.lab
> is looking to company.corp for DNS and WINS, it does not have DNS or WINS
> installed.
>
> Both domains are an upgrade from NT 4.0 to Win2k. They had trust between
> them so they were configured the same way, as separate trees in the
> company.corp forest, after the upgrade. I don't know why DNS/WINS was not
> installed on LABDC1, I inherited the setup. The DCs were replicating fine
> after the upgrade, DC1 to DC2 and LABDC1, and DC2 to DC1 and LABDC1. Each
> DC could see the other two in AD Site and Services/Servers/ServerName/NTDS
> Settings, with entries automatically generated. No DNS or WINS name
> resolution problems, time synch working fine, AD working fine.
>
> There is an Exchange 2003 Ent. SP2 server in company.corp domain. It was
> installed into Win2k forest. There is still an ADC connector since it was
> migrated from Exchange 5.5. The E5.5 server was removed from site.
>
> Two weeks ago I had to start upgrading to Win2k3. I ran adprep
> /forestprep
> on schema master (PDC), then /domainprep /gpprep on both domain PDCs. It
> worked like a charm, no errors. Next, I upgraded the company.corp domain
> PDC (forest master) to Windows 2003 SP1. No problems.
>
> Then I added a new W2k3SP1 domain controller, DC3, to the company.corp
> domain, w/own DNS, WINS, DHCP. It worked, no errors. The only issue I
> see
> is the replication between DC3.company.corp and LABDC1.dept.lab. They
> don't
> have an entry for each other in AD Site and
> Services/Servers/ServerName/NTDS
> Settings, it was not automatically generated. Dcdiag, netdiag, dns tests,
> nltest - no errors anywhere. I upgraded LABDC1 to W2k3SP1 - replication
> to
> DC1 and DC2 did not work until I changed RestrictAnonymous value to 1,
> since
> then it works fine, but still DC3 and LABDC1 don't see each other in AD
> Site
> and Services/Servers/ServerName/NTDS Settings
>
> How can this be fixed? Do I need to add the connection manually between
> DC3
> and LABDC1? I have to fix it because DC1 and DC2 controllers will be
> demoted and removed after moving roles to DC3 and another new controller
> that will be set up.
>
> Also, I would like to install DNS for corp.lab domain and move corp.lab
> zone
> to it from company.corp DNS servers. What is a proper procedure for this?
> There are articles describing child domain DNS setup but not a second tree
> setup like mine. A new controller will also be added to dept.lab, roles
> moved, and the old one decommissioned.
>
> Advice, , pointers to sites/articles greatly appreciated.
>
> Jill
>
>

"deji" <noemail@akomolafe.com> wrote in message
news:OLvhTxCOGHA.720@TK2MSFTNGP14.phx.gbl...
> > How can this be fixed? Do I need to add the connection manually between
> > DC3
> > and LABDC1?
> If by "don't see each other" you meant that there is no connection object,
> then yes, you can manually create one, especially given the fact that you
> said you plan to demote the other DCs. BTW, the object is only created
> automatically when it is considered needed. In your case, since the LABDC
is
> already connected to the other 2, another one to DC3 is not considered
> necessary. That's why it wasn't created. If you demote the other 2 DCs
> without manually creating a connection to between DC3 and LABDC, you will
> see that it will be automatically created in due course.
>
> > Also, I would like to install DNS for corp.lab domain and move corp.lab
> > zone
> > to it from company.corp DNS servers. What is a proper procedure for
this?
> > There are articles describing child domain DNS setup but not a second
tree
> > setup like mine. A new controller will also be added to dept.lab, roles
> > moved, and the old one decommissioned.
>
> Install DNS, create a corp.lap zone as secondary and point to one of the
DCs
> as master. After the zone transfers over, change it from secondary to
> AD-integrated Primary zone.
>
> HTH
> Deji
>
> "gm" <yyy@yyy.com> wrote in message
> news:%23iwIWQAOGHA.3732@TK2MSFTNGP10.phx.gbl...
> > Description:
> >
> > Forest company.corp, forest root domain company.corp. Another domain
(as
> > a
> > tree root), dept.lab.
> >
> > Two DCs in company.corp, with DNS, WINS, DHCP, Global Catalog on each
> > (DC1,
> > DC2), 1 DC in dept.lab (LABDC1), with DHCP and Global Catalog. The
> > domains
> > are on two different subnets within the same site. The LABDC1 in
dept.lab
> > is looking to company.corp for DNS and WINS, it does not have DNS or
WINS
> > installed.
> >
> > Both domains are an upgrade from NT 4.0 to Win2k. They had trust
between
> > them so they were configured the same way, as separate trees in the
> > company.corp forest, after the upgrade. I don't know why DNS/WINS was
not
> > installed on LABDC1, I inherited the setup. The DCs were replicating
fine
> > after the upgrade, DC1 to DC2 and LABDC1, and DC2 to DC1 and LABDC1.
Each
> > DC could see the other two in AD Site and
Services/Servers/ServerName/NTDS
> > Settings, with entries automatically generated. No DNS or WINS name
> > resolution problems, time synch working fine, AD working fine.
> >
> > There is an Exchange 2003 Ent. SP2 server in company.corp domain. It
was
> > installed into Win2k forest. There is still an ADC connector since it
was
> > migrated from Exchange 5.5. The E5.5 server was removed from site.
> >
> > Two weeks ago I had to start upgrading to Win2k3. I ran adprep
> > /forestprep
> > on schema master (PDC), then /domainprep /gpprep on both domain PDCs.
It
> > worked like a charm, no errors. Next, I upgraded the company.corp
domain
> > PDC (forest master) to Windows 2003 SP1. No problems.
> >
> > Then I added a new W2k3SP1 domain controller, DC3, to the company.corp
> > domain, w/own DNS, WINS, DHCP. It worked, no errors. The only issue I
> > see
> > is the replication between DC3.company.corp and LABDC1.dept.lab. They
> > don't
> > have an entry for each other in AD Site and
> > Services/Servers/ServerName/NTDS
> > Settings, it was not automatically generated. Dcdiag, netdiag, dns
tests,
> > nltest - no errors anywhere. I upgraded LABDC1 to W2k3SP1 - replication
> > to
> > DC1 and DC2 did not work until I changed RestrictAnonymous value to 1,
> > since
> > then it works fine, but still DC3 and LABDC1 don't see each other in AD
> > Site
> > and Services/Servers/ServerName/NTDS Settings
> >
> > How can this be fixed? Do I need to add the connection manually between
> > DC3
> > and LABDC1? I have to fix it because DC1 and DC2 controllers will be
> > demoted and removed after moving roles to DC3 and another new controller
> > that will be set up.
> >
> > Also, I would like to install DNS for corp.lab domain and move corp.lab
> > zone
> > to it from company.corp DNS servers. What is a proper procedure for
this?
> > There are articles describing child domain DNS setup but not a second
tree
> > setup like mine. A new controller will also be added to dept.lab, roles
> > moved, and the old one decommissioned.
> >
> > Advice, , pointers to sites/articles greatly appreciated.
> >
> > Jill
> >
Thank you, Deji. When I change secondary zone in DNS in corp.lab, will I
need a seconday zone for corp.lab in company.corp?

Jill

You don't "NEED" it, but you can create one.

Deji

"gm" <yyy@yyy.com> wrote in message
news:OfyM%23WIOGHA.916@TK2MSFTNGP10.phx.gbl...
>
> "deji" <noemail@akomolafe.com> wrote in message
> news:OLvhTxCOGHA.720@TK2MSFTNGP14.phx.gbl...
>> > How can this be fixed? Do I need to add the connection manually
>> > between
>> > DC3
>> > and LABDC1?
>> If by "don't see each other" you meant that there is no connection
>> object,
>> then yes, you can manually create one, especially given the fact that you
>> said you plan to demote the other DCs. BTW, the object is only created
>> automatically when it is considered needed. In your case, since the LABDC
> is
>> already connected to the other 2, another one to DC3 is not considered
>> necessary. That's why it wasn't created. If you demote the other 2 DCs
>> without manually creating a connection to between DC3 and LABDC, you will
>> see that it will be automatically created in due course.
>>
>> > Also, I would like to install DNS for corp.lab domain and move corp.lab
>> > zone
>> > to it from company.corp DNS servers. What is a proper procedure for
> this?
>> > There are articles describing child domain DNS setup but not a second
> tree
>> > setup like mine. A new controller will also be added to dept.lab,
>> > roles
>> > moved, and the old one decommissioned.
>>
>> Install DNS, create a corp.lap zone as secondary and point to one of the
> DCs
>> as master. After the zone transfers over, change it from secondary to
>> AD-integrated Primary zone.
>>
>> HTH
>> Deji
>>
>> "gm" <yyy@yyy.com> wrote in message
>> news:%23iwIWQAOGHA.3732@TK2MSFTNGP10.phx.gbl...
>> > Description:
>> >
>> > Forest company.corp, forest root domain company.corp. Another domain
> (as
>> > a
>> > tree root), dept.lab.
>> >
>> > Two DCs in company.corp, with DNS, WINS, DHCP, Global Catalog on each
>> > (DC1,
>> > DC2), 1 DC in dept.lab (LABDC1), with DHCP and Global Catalog. The
>> > domains
>> > are on two different subnets within the same site. The LABDC1 in
> dept.lab
>> > is looking to company.corp for DNS and WINS, it does not have DNS or
> WINS
>> > installed.
>> >
>> > Both domains are an upgrade from NT 4.0 to Win2k. They had trust
> between
>> > them so they were configured the same way, as separate trees in the
>> > company.corp forest, after the upgrade. I don't know why DNS/WINS was
> not
>> > installed on LABDC1, I inherited the setup. The DCs were replicating
> fine
>> > after the upgrade, DC1 to DC2 and LABDC1, and DC2 to DC1 and LABDC1.
> Each
>> > DC could see the other two in AD Site and
> Services/Servers/ServerName/NTDS
>> > Settings, with entries automatically generated. No DNS or WINS name
>> > resolution problems, time synch working fine, AD working fine.
>> >
>> > There is an Exchange 2003 Ent. SP2 server in company.corp domain. It
> was
>> > installed into Win2k forest. There is still an ADC connector since it
> was
>> > migrated from Exchange 5.5. The E5.5 server was removed from site.
>> >
>> > Two weeks ago I had to start upgrading to Win2k3. I ran adprep
>> > /forestprep
>> > on schema master (PDC), then /domainprep /gpprep on both domain PDCs.
> It
>> > worked like a charm, no errors. Next, I upgraded the company.corp
> domain
>> > PDC (forest master) to Windows 2003 SP1. No problems.
>> >
>> > Then I added a new W2k3SP1 domain controller, DC3, to the company.corp
>> > domain, w/own DNS, WINS, DHCP. It worked, no errors. The only issue I
>> > see
>> > is the replication between DC3.company.corp and LABDC1.dept.lab. They
>> > don't
>> > have an entry for each other in AD Site and
>> > Services/Servers/ServerName/NTDS
>> > Settings, it was not automatically generated. Dcdiag, netdiag, dns
> tests,
>> > nltest - no errors anywhere. I upgraded LABDC1 to W2k3SP1 -
>> > replication
>> > to
>> > DC1 and DC2 did not work until I changed RestrictAnonymous value to 1,
>> > since
>> > then it works fine, but still DC3 and LABDC1 don't see each other in AD
>> > Site
>> > and Services/Servers/ServerName/NTDS Settings
>> >
>> > How can this be fixed? Do I need to add the connection manually
>> > between
>> > DC3
>> > and LABDC1? I have to fix it because DC1 and DC2 controllers will be
>> > demoted and removed after moving roles to DC3 and another new
>> > controller
>> > that will be set up.
>> >
>> > Also, I would like to install DNS for corp.lab domain and move corp.lab
>> > zone
>> > to it from company.corp DNS servers. What is a proper procedure for
> this?
>> > There are articles describing child domain DNS setup but not a second
> tree
>> > setup like mine. A new controller will also be added to dept.lab,
>> > roles
>> > moved, and the old one decommissioned.
>> >
>> > Advice, , pointers to sites/articles greatly appreciated.
>> >
>> > Jill
>> >
> Thank you, Deji. When I change secondary zone in DNS in corp.lab, will I
> need a seconday zone for corp.lab in company.corp?
>
> Jill
>
>

gm wrote:
>
> Thank you, Deji. When I change secondary zone in DNS in corp.lab,
> will I need a seconday zone for corp.lab in company.corp?
>
You've got it backwards. AD zones reside in DNS servers. DNS servers do
not have to reside in AD domains.

Your DNS servers do not have to be in particular domains. They don't
have to be in your domains at all. They could be on the moon and your AD
would still function correctly. All that DNS provides is the facility
for AD to register stuff in the AD zones that it looks after.

Think of DNS as being seperate from Active Directory and AD registering
and looking up stuff in DNS.

That said, most people these days who have AD do make their DCs DNS
servers and AD Integrated. Then they can take advantage of replication.
But it is NOT essential.

Cheers,

Cliff