• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Active Directory and Sites.

S

Saltin

Platinum Member
Morning all.

I work in an organization that spans two buildings, relatively close to each other. We have a Windows 2k Active Directory, native mode Forest. There are two domains. X is the root, and Y is a child of X.

Both X and Y have 3 DC's. DNS is handled by a DC in each domain. In X the DNS server has a primary of X and a secodary of Y, while Y is primary of Y and secondary of X.

When I came into work today,( I handle the Y side of things), none of my users could log on. I quickly investigated, and found that all of the servers (including the DC's) in X were down. I was suprised to find this affecting my side of the operation, as we do have a copy of the global catalog and our DC's and DNS were fine.

Anyhow, I ran over to the X building and got things up and running ( lazy bastards not in yet !), and the problem was resolved.
This baffles me.

The only thing I can think that would cause this behaviour is the fact that we have only one site (default first name) configured. I pushed hard for a two site scenario, mimicing our actual physical layout, but I didnt have final say. Is it possible that because we have only one site, all of the clients, regardless of domain, will attempt to authenticate with the root of the forest DC ( in X) and then hang if this is not possible?!!

Any ideas?
 
I'm at a loss for an explanation to why you had this problem as are you. Are you sure AD is replicating between all the DC correctly??? I've read some articles regarding this lately, and it can cause some serious havoc at times.

I haven't seen him on here in a while but Shadow07 might be able to provide some insight on this as well.
 
Damn, I was actually hoping you would have an idea Psy. You are one of the few guys here that actually understands AD and DNS issues.

I think the AD here, while perfectly functional, suffers from some poor design/architecture which is affecting its fault tolerance.

If I open the AD snap in in domain Y ( mine) I get a root of Y.X.yadda.com, with the usuall default and builtin containers, plus the OU's I have added in myself. All of the users and computer accounts for domain Y are held here.

If I open the AD snap in in domain X ( across the way) I get a root of X.yadda.com, and they have thier own default and builtin containers, plus thier own OU's. All the users and computers in that building are held there.

There is no replication between the DC's in different domains at all! Only replication between the DC's in each domain. So this further complicates the issue....... Our forest root DC in X goes down, and users in Y cant log on. But no DC's in X even have copies of the user accounts to begin with! They are all held within domain Y! I'm baffled.

 
Nope, no Firewalls between the domains. I have a decent understanding of replication, and the model here is fairly simple. Im begining to suspect it was a DNS issue, although I haven't come to any firm conclusions. Thanks for the links, Ill definetly give them a look-see. I won't be able to do anything else untill I get this solved anyhow. It's a pretty major fault.
 
Just found out the solution. Its poor DNS configuration. Apparently the zones have been changed around since they were set up.
There is no DNS zone configured for our Domain on any of our own DNS servers, what a mess.
At least it is an easy problem to solve.

🙂
 
Hehe, I should have known it was DNS. 9/10 higher end problems I see in 2k are DNS related somehow.....
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top