Incorporating Orphaned Tree back into Forest

S

SMFX

Hi all,

Running out of tricks for my customer as they are really
trying to hold together their existing domain, however
I'm thinking its not really practical. So anyone that
has any suggestions, I'll be happy to hear.

We have DomainA that is the root of the forest and
DomainB that is a seperate tree.

ServerA1, ServerA2, and ServerA3 are all Domain
Controllers of DomainA. ServerB1 was setup for DomainB
and later ServerB2 was added as well. How and what
happened to DomainB is a mystery as there have been a few
admins that have come and gone and not much history, but
here's what I have so far.

ServerA1, ServerA2, and ServerA3 all have site entries to
replicate to ServerB1, but nothing for ServerB2.
ServerB2 has site replication entries to ServerA1,
ServerA2, and ServerA3, but nothing for ServerB1. I know
it sounds amazing, but replication is not working.
However, surprisingly, machines in DomainA can
authenticate users in DomainB and vice versa.

ServerA3 and ServerB2 are both Global Catlog servers and
have DNS entries to reflect it. However, while ServerA1
& ServerA2 have the option checked in ADS&S, they don't
list as services in DNS. Again another shocker, ServerA3
goes down and the domain is shot. Crazy I know, no DNS
entry and clients can't find them; so picky!

ServerB1 has been DOA for months. I have a very old
backup, but as the server is not recent, I don't expect
it to be very useful.

What I would like to be able to do is:
* Reincorporate ServerB2 into the forest and allow for
intrasite communications to resume

What I feel I'm going to have to do, but is very
unpopular with the customer:
* Rebuild DomainB anew

What I would love to know:
* How in the world did ServerB2 get added to DomainB, but
never replicated to the DomainA servers.

Anyway, any ideas would be helpful. Thanks,
SMFX
 
P

ptwilliams

Firstly, replication is transitive; therefore it is not essential for there
to be connection objects between all DCs. This is more apparent in
intersite replication, whereby there'll be links between bridgehead servers
and that's about it (not always, but usually). Therefore domain A DCs could
be pulling domainB info from the other domainB server, and that would be
fine.

However, that's probably not the case here.

When you say the DC has been DOA for some time, then it's likely that the
tombstone period has gone. You don't have to rebuild domain B. You simply
make the live domainB server a GC and seize the three domain operations
masters roles (a.k.a. FSMO roles) to this box. Then perform a metadata
cleanup of the domain and rebuild and promote a new DC using the hardware of
DomainB-SB.

You'll also want to sort that DNS out...so, point all DCs at one DNS server
and restart the netlogon service on them all (be sure to check that the DHCP
*client* service *is* running on all DCs and that dynamic updates are
enabled for that zone(s)).

To perform a metadata cleanup, follow these steps:
-- http://support.microsoft.com/?id=216498


For information on seizing the OM roles, see:
-- http://support.microsoft.com/?id=223787
-- http://support.microsoft.com/?id=255504


If you're unsure about anything please do post back. There's lots of us
here willing to help...

;-)


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hi all,

Running out of tricks for my customer as they are really
trying to hold together their existing domain, however
I'm thinking its not really practical. So anyone that
has any suggestions, I'll be happy to hear.

We have DomainA that is the root of the forest and
DomainB that is a seperate tree.

ServerA1, ServerA2, and ServerA3 are all Domain
Controllers of DomainA. ServerB1 was setup for DomainB
and later ServerB2 was added as well. How and what
happened to DomainB is a mystery as there have been a few
admins that have come and gone and not much history, but
here's what I have so far.

ServerA1, ServerA2, and ServerA3 all have site entries to
replicate to ServerB1, but nothing for ServerB2.
ServerB2 has site replication entries to ServerA1,
ServerA2, and ServerA3, but nothing for ServerB1. I know
it sounds amazing, but replication is not working.
However, surprisingly, machines in DomainA can
authenticate users in DomainB and vice versa.

ServerA3 and ServerB2 are both Global Catlog servers and
have DNS entries to reflect it. However, while ServerA1
& ServerA2 have the option checked in ADS&S, they don't
list as services in DNS. Again another shocker, ServerA3
goes down and the domain is shot. Crazy I know, no DNS
entry and clients can't find them; so picky!

ServerB1 has been DOA for months. I have a very old
backup, but as the server is not recent, I don't expect
it to be very useful.

What I would like to be able to do is:
* Reincorporate ServerB2 into the forest and allow for
intrasite communications to resume

What I feel I'm going to have to do, but is very
unpopular with the customer:
* Rebuild DomainB anew

What I would love to know:
* How in the world did ServerB2 get added to DomainB, but
never replicated to the DomainA servers.

Anyway, any ideas would be helpful. Thanks,
SMFX
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NetUserGetLocalGroups in multi-domain AD environment 2
What is LDAP command line to query entire directory ? 1
Can active directory have 2 domains? 1
Cross-Domain question (Parent - Child) 11
Minimum permissions to create mailboxes, multiple domains 5
Trust between 2000 and 2003 domain 19
New root level or new forest domain, same gateway 5
AD properties in federated forest environment 4

Top