QUESTIONS:
I am rebuilding my domian. I ahve 12 sites. Sites and
services never worked properly before due to an AD failed
upgrade (from nt4.0). So, again, Im starting from scratch
(MS reccomendation after hours of phone support).
So, I need to be sure of my steps when adding a server at
a diff site, in a diff ip range and have it control that
site. AD sites and Services allows users to log in to the
remote server instead of the Main DC in the forrest. So
if my links go down, my users still have functions at
their remote sites.
Is there a white paper, MS article, or anybody with a
quick (haha) checklist, procedure, or other that would
help me with this? Im pretty sure i what i need to do,
but i want to be sure things are operating correctly.
Thanks in advance for the help. Feel free to email me.
NEWGROUPS ARE AWESOME.
I would apply SP4 and any relevant hotfixes before promotion.
A search for "Active Directory Sites" yeilds the following:
http://support.microsoft.com?kbid=214677 "Automatic detection of site membership
for domain controllers"
http://support.microsoft.com?kbid=198437 "How to Convert DNS Primary Server to
Active Directory Integrated"
http://support.microsoft.com?kbid=199174 "Directory Replication Basics for
Windows 2000"
http://support.microsoft.com?kbid=203607 "HOW TO How to Modify the Default Group
Policy Refresh Interval"
http://support.microsoft.com?kbid=214745 "Troubleshooting Event ID 1311
Knowledge Consistency Checker"
http://support.microsoft.com?kbid=216294 "Cannot Delete Subnets from Quality of
Service Manager"
http://support.microsoft.com?kbid=216359 "HOW TO Identify Group Policy Objects
in the Active Directory and SYSVOL"
http://support.microsoft.com?kbid=216364 "Domain Controller Server Object Not
Removed After Demotion"
http://support.microsoft.com?kbid=216498 "HOW TO Remove Data in Active Directory
After an Unsuccessful Domain Controller Demotion"
http://support.microsoft.com?kbid=220140 "FRS Replication Protocol and Topology
for SYSVOL Content"
http://support.microsoft.com?kbid=221089 "'Last Writer Wins' Algorithm May Cause
Loss of Data for FRS-Replicated Content"
http://support.microsoft.com?kbid=223346 "FSMO Placement and Optimization on
Windows 2000 Domain Controllers"
http://support.microsoft.com?kbid=225228 "Domain DFS Does Not Support Alternate
Site Coverage"
http://support.microsoft.com?kbid=228460 "Location of ADM [Administrative
Template] Files in Windows"
http://support.microsoft.com?kbid=228814 "Servers Can Be Moved into Incorrect
Sites"
http://support.microsoft.com?kbid=229763 "Error Message DsRemoveDsDomainW Error
0x20ce"
http://support.microsoft.com?kbid=232072 "Initiating Replication Between Active
Directory Direct Replication Partners"
http://support.microsoft.com?kbid=232264 "Replication Schedule for Intra-Site
Replication Partners"
http://support.microsoft.com?kbid=232538 "Unsuccessful Replication Without
Partner Listed"
http://support.microsoft.com?kbid=233371 "Active Directory Sites and Services
Tool Does Not Handle Icons in High Color [16-Bit] Settings Properly"
http://support.microsoft.com?kbid=238117 "Cannot Cancel Dcpromo.exe While
Demoting a Domain Controller"
http://support.microsoft.com?kbid=238369 "HOW TO Promote and Demote Domain
Controllers in Windows 2000"
http://support.microsoft.com?kbid=239004 "HOW TO Allow Non-Root or Enterprise
Administrators to Authorize RIS Servers in Active Directory"
http://support.microsoft.com?kbid=239706 "Default Permission Settings for an
Enterprise Certificate Authority"
http://support.microsoft.com?kbid=244368 "How to Optimize Active Directory
Replication in a Large Network"
http://support.microsoft.com?kbid=247393 "Error Deleting a Domain Controller
Account in Active Directory Users and Computers"
http://support.microsoft.com?kbid=249256 "HOW TO Troubleshoot Intra-Site
Replication Failures"
http://support.microsoft.com?kbid=251057 "You Can Add Invalid Replication
Interval and Cost Values for Site Link Properties"
http://support.microsoft.com?kbid=251250 "NTFRS Event ID 13557 Is Recorded When
Duplicate NTDS Connection Objects Exist"
http://support.microsoft.com?kbid=255504 "Using Ntdsutil.exe to Seize or
Transfer FSMO Roles to a Domain Controller"
http://support.microsoft.com?kbid=257346 "'Access This Computer from the
Network' User Right Causes Tools Not to Work"
http://support.microsoft.com?kbid=257480 "Certificate enrollment using smart
cards"
http://support.microsoft.com?kbid=257623 "Domain Controller's Domain Name System
Suffix Does Not Match Domain Name"
http://support.microsoft.com?kbid=257844 "Active Directory Replication and
Knowledge Consistency Checker Fail without Trusted Domain Object"
http://support.microsoft.com?kbid=258062 "'Directory Services cannot start'
error message when you start your Windows-based or SBS-based domain controller"
http://support.microsoft.com?kbid=258811 "BUG Windows 2000 LDAP API Cannot Bind
to LDAP Servers"
http://support.microsoft.com?kbid=261203 "Error Messages When Windows 2000
Client in Windows 2000 Domain Attempts to Open Active Directory Snap-in"
http://support.microsoft.com?kbid=262561 "Replication Not Working Properly
Between Domain Controllers After Deleting One from Sites and Services"
http://support.microsoft.com?kbid=262795 "'Replication Access Was Denied' Error
Message When Attempting to Synchronize Domain Controllers"
http://support.microsoft.com?kbid=266657 "Windows 2000 Directory Service Agent
Fails to Maintain Exclusive Control of Port 389"
http://support.microsoft.com?kbid=269098 "HOW TO Configure Windows 2000 Subnets"
http://support.microsoft.com?kbid=269489 "Missing HKEY_CLASSES_ROOT\LDAP\Clsid
Registry Key Causes Numerous Errors"
http://support.microsoft.com?kbid=271135 "Windows 2000 Microsoft Management
Console and Snap-in Restrictions"
http://support.microsoft.com?kbid=271861 "Windows Cannot Find a Certificate
Authority That Processes the Request"
http://support.microsoft.com?kbid=271988 "Replication Topology Updates"
http://support.microsoft.com?kbid=271997 "Description of Bridgehead Servers in
Windows 2000"
http://support.microsoft.com?kbid=272279 "How to Troubleshoot the File
Replication Service and the Distributed File System"
http://support.microsoft.com?kbid=272476 "Users and Group Replication Is Not in
Synchronization with LSA Changes"
http://support.microsoft.com?kbid=279297 "Removing the Network Adapter Does Not
Remove It from All Programs"
http://support.microsoft.com?kbid=280079 "Authoritative restore of groups can
result in inconsistent membership information across domain controllers"
http://support.microsoft.com?kbid=280833 "Failure to Specify All DNS Zones in
Proxy Client Leads to DNS Failures That Are Difficult to Track"
http://support.microsoft.com?kbid=281146 "How to Use Dsacls.exe in Windows 2000"
http://support.microsoft.com?kbid=281271 "Windows 2000 Certification Authority
Configuration to Publish Certificates in Active Directory of Trusted Domain"
http://support.microsoft.com?kbid=281485 "Name Collision in Active Directory
Causes Replication Errors"
http://support.microsoft.com?kbid=282522 "List of Bugs Fixed in Windows 2000
Service Pack 2 [1 of 4]"
http://support.microsoft.com?kbid=283271 "XADM How to Give Users the Permissions
to Create a Mail-Enabled User in Active Directory"
http://support.microsoft.com?kbid=283904 "How to Add Third-Party Services to the
System Services in Group Policy"
http://support.microsoft.com?kbid=284947 "Antivirus programs may modify security
descriptors and cause excessive replication of FRS data in SYSVOL and DFS"
http://support.microsoft.com?kbid=288167 "Error Message 'Target Principal Name
is Incorrect' When Manually Replicating Data Between Domain Controllers"
http://support.microsoft.com?kbid=290324 "Error Message May Occur When You
Increase the Maximum Profile Size"
http://support.microsoft.com?kbid=290616 "License Logging Service Is Not Running
on the Target Computer"
http://support.microsoft.com?kbid=292592 "Duplicate Connections Appear in the
Active Directory Sites and Services Snap-in"
http://support.microsoft.com?kbid=292822 "Name resolution and connectivity
issues on a Routing and Remote Access Server that also runs DNS or WINS"
http://support.microsoft.com?kbid=294208 "Immediate Replication Occurs After You
Create Inter-Site Connection Objects"
http://support.microsoft.com?kbid=294832 "How to Disable Windows 2000 Dynamic
Domain Name System Registrations with Group Policy"
http://support.microsoft.com?kbid=296183 "Overview of Active Directory Objects
That Are Used by FRS"
http://support.microsoft.com?kbid=296592 "How to Rename a Windows 2000 Domain
Controller"
http://support.microsoft.com?kbid=296681 "Event ID 213 is Generated After You
Demote the Domain Controller"
http://support.microsoft.com?kbid=296882 "How to promote a domain controller to
a global catalog server"
http://support.microsoft.com?kbid=297716 "Replication Does Not Work When the
Error 'Replication Access Was Denied' Is Logged"
http://support.microsoft.com?kbid=298143 "How to Verify an Active Directory
Installation"
http://support.microsoft.com?kbid=298450 "Deletion of Critical Objects in Active
Directory in Windows 2000 and Windows Server 2003"
http://support.microsoft.com?kbid=301668 "Windows 2000 SP2 NTFRS Ignores
Intersite Schedule When the Downstream Partner Is Running Windows 2000 SP1 or
Build 2195"
http://support.microsoft.com?kbid=304718 "How to remotely administer Windows
Server-based computers by using Windows XP Professional-based clients or Windows
Server 2003-based clients"
http://support.microsoft.com?kbid=305027 "Summary of 'Piling On' Scenarios in
Active Directory Domains"
http://support.microsoft.com?kbid=305104 "You Cannot Delete an Active Directory
Object of Unknown Type"
http://support.microsoft.com?kbid=305179 "Manually Created Intersite Connection
Objects Do Not Inherit Replication Schedule from Site Link"
http://support.microsoft.com?kbid=305476 "Initial synchronization requirements
for Windows 2000 Server and Windows Server 2003 operations master role holders"
http://support.microsoft.com?kbid=306074 "MMC Snap-In May Cause Access Violation
with Missing Registry Entry"
http://support.microsoft.com?kbid=306925 "Cannot Authorize New DHCP Server in
Active Directory"
http://support.microsoft.com?kbid=307593 "How to Troubleshoot Event ID 1311
Messages on a Windows 2000 Domain"
http://support.microsoft.com?kbid=308196 "HOW TO Install the Active Directory
Administrative Tools to Windows 2000 Professional"
http://support.microsoft.com?kbid=312862 "Recovering Missing FRS Objects and FRS
Attributes in Active Directory"
http://support.microsoft.com?kbid=313274 "HOW TO Configure a Certification
Authority to Issue Smart Card Certificates in Windows 2000"
http://support.microsoft.com?kbid=313994 "HOW TO Create or Move a Global Catalog
in Windows 2000"
http://support.microsoft.com?kbid=315676 "HOW TO Delegate Administrative
Authority in Windows 2000"
http://support.microsoft.com?kbid=315850 "Dcpromo.exe Does Not Work if the
Domain Naming Master Is Not a Global Catalog"
http://support.microsoft.com?kbid=316812 "HOW TO Create and Configure a Site
Link in Active Directory in Windows 2000"
http://support.microsoft.com?kbid=317097 "Lingering Objects Prevent Active
Directory Replication from Occurring"
http://support.microsoft.com?kbid=318480 "HOW TO Create and Configure an Active
Directory Site in Windows 2000"
http://support.microsoft.com?kbid=318698 "Error Message DSA Object Cannot Be
Deleted"
http://support.microsoft.com?kbid=320824 "HOW TO Configure Server Settings in
Windows 2000"
http://support.microsoft.com?kbid=321253 "HOW TO Configure Site Link Replication
in Windows 2000"
http://support.microsoft.com?kbid=322143 "HOW TO Administer GPOs in Windows
2000"
http://support.microsoft.com?kbid=322176 "HOW TO Administer GPO Properties in
Windows 2000"
http://support.microsoft.com?kbid=322212 "HOW TO Administer a Message Queuing
Network in Windows 2000"
http://support.microsoft.com?kbid=323542 "You Cannot Start the Active Directory
Users and Computers Tool Because the Server Is Not Operational"
http://support.microsoft.com?kbid=328775 "Cannot Delete a Computer Account for
the Domain Controller in Windows 2000"
http://support.microsoft.com?kbid=329887 "You Cannot Interact with Active
Directory MMC Snap-Ins"
http://support.microsoft.com?kbid=332199 "Using the DCPROMO /FORCEREMOVAL
Command to Force the Demotion of Active Directory Domain Controllers"
http://support.microsoft.com?kbid=812487 "Overview of DFS in Windows 2000"
http://support.microsoft.com?kbid=822053 "Error Message 'Windows Cannot Create
the Object Because the Directory Service Was Unable to Allocate a Relative
Identifier'"
http://support.microsoft.com?kbid=826894 "You Receive the 'RPC Server Is Too
Busy' Error When You Force Replication Between Two Domain Controllers"
http://support.microsoft.com?kbid=830057 "Knowledge Consistency Checker Creates
and Deletes Connections Every 15 Minutes"
Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com