DC added to workgroup now has problems

F

Fran

Perhaps I'm nuts (my coworkers can add to this...) but I cannot seem
to get our department AD server to work properly on this new network.
Here's the scenario:

We have a general workgroup network at the office. After consolidating
two offices I added office #2's AD server to the LAN. Since the main
office has a DHCP server I set up our clients to use static IP
addresses (as we need to have the clients point to the AD server for
DNS) I manually configured DNS and addresses for our part of the LAN.
But now I get all sorts of errors on the server (like cannot determine
the name of a computer or user, sometimes the Backup Exec service just
shuts down.)

Is there something I'm missing on adding this to the network properly?
Are there changes I need to make to have this operate properly in a
workgroup LAN?

I'm lost...

-Fran-
 
C

codigo

Fran > said:
Perhaps I'm nuts (my coworkers can add to this...) but I cannot seem
to get our department AD server to work properly on this new network.
Here's the scenario:

We have a general workgroup network at the office. After consolidating
two offices I added office #2's AD server to the LAN. Since the main
office has a DHCP server I set up our clients to use static IP
addresses (as we need to have the clients point to the AD server for
DNS) I manually configured DNS and addresses for our part of the LAN.
But now I get all sorts of errors on the server (like cannot determine
the name of a computer or user, sometimes the Backup Exec service just
shuts down.)

Is there something I'm missing on adding this to the network properly?
Are there changes I need to make to have this operate properly in a
workgroup LAN?

I'm lost...

-Fran-
Click to expand...

There is a certain level of confusion raised by your questions. An AD server
is a domain controller that manages a domain, not a workgroup. You can't
append an AD server to a domain since both represent unique security
principles with an authoritative hierarchy. What you could do is create a
Trust relationship between the two domains.

A trust relationship essentially says: I, the trusting domain, is giving the
trusted domain the right to authenticate on my behalf. So in your case, set
up 2 trust relationships to and fro the domains at both offices. Which now
gets us into the murky waters of Groups and how they should cross a trust.

Never give permissions to a global group, only global groups are exportable
(accross a trust). Local groups are a)not exportable b)can't cross a trust
c)but should be given rights and/or permissions to resources. Never give a
user membership to a local group if that user comes from a trusted domain.
Instead, place the user in a global group within his own domain and make
that global group a member of a local group at the remote location(the
global group crosses the trust relationship). The remote domain
administrator now controls the permissions simply by modifying the local
group. All within inherit.

UGLP

http://windows.microsoft.com/windows2000/en/advanced/help/domadmin_concepts_und.htm
 
R

Robert L [MS-MVP]

can you ping the DNS server? or you may want to use nslookup to check the DNS status.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"Fran >" <<fran> wrote in message Perhaps I'm nuts (my coworkers can add to this...) but I cannot seem
to get our department AD server to work properly on this new network.
Here's the scenario:

We have a general workgroup network at the office. After consolidating
two offices I added office #2's AD server to the LAN. Since the main
office has a DHCP server I set up our clients to use static IP
addresses (as we need to have the clients point to the AD server for
DNS) I manually configured DNS and addresses for our part of the LAN.
But now I get all sorts of errors on the server (like cannot determine
the name of a computer or user, sometimes the Backup Exec service just
shuts down.)

Is there something I'm missing on adding this to the network properly?
Are there changes I need to make to have this operate properly in a
workgroup LAN?

I'm lost...

-Fran-
 
F

Fran

Perhaps I was not clear. The OTHER company uses a workgroup, not a
domain. Group 2 uses a domain. They share the same IP subnet
(192.168.1) and gateway to the internet. Since the wiring existed
already I have not isolated the domain traffic from the workgroup
traffic with a router. OUR group (Group 2) is joined to the domain.
All the [Group 2] computers are a member of the domain.

It's just that these backup issues and other new error messages I'm
seeing are new since bringing the server and PC's over to the main
location.

I understand the trust relationship part but they (Group 1) does not
have a domain...they just use a workgroup. I am not sharing any
resources on their network...just the gateway to the internet.

Does this help?

-Fran-
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

After joining new server backups don't work 2
Workgroup & Domain... Peaceful Coexistence 4
New Workgroup showed up? 1
DHCP server Unauthorized, Need to Authorize (Not in an AD environm 1
xp laptop unable to join win2000 workgroup 2
How to hide "Workgroup" from browsing 1
Workgroup is in accessible - no access to shared resources 3
Does DNS HAVE to be on an AD DC? 4

Top