New Domain Tree in existing forest

J

james t

I am trying to upgrade and NT4 domain to Win2K AD. I
already have an AD forest and would like to have the new
domain be a new tree in this forest. The two domains are
on different subnets separated by a PIX firewall (at the
same site though), and I have hard-coded RPC into the DCs
and set all rules to allow for AD transport. I get to the
point in DCPromo where I acknowledge the settings (just
before it would normally stop the Net Logon service) and
DCPromo says that the forest xxxxxx.com cannot be
located. I can ping the DCs from the upgraded PDC but
cannot get AD working. Our NT4 domain is in "lingo"
now... Any ideas? Thanks.
 
A

Ace Fekay [MVP]

In
james t said:
I am trying to upgrade and NT4 domain to Win2K AD. I
already have an AD forest and would like to have the new
domain be a new tree in this forest. The two domains are
on different subnets separated by a PIX firewall (at the
same site though), and I have hard-coded RPC into the DCs
and set all rules to allow for AD transport. I get to the
point in DCPromo where I acknowledge the settings (just
before it would normally stop the Net Logon service) and
DCPromo says that the forest xxxxxx.com cannot be
located. I can ping the DCs from the upgraded PDC but
cannot get AD working. Our NT4 domain is in "lingo"
now... Any ideas? Thanks.
Click to expand...

Speciify the current DNS server in your NT4 IP properties currently being
used for the current forest root domain. Specifiy the new domain suffix in
the DNS tab also. . Create the new zone on that server and enable updates on
it.

As for firewalls, there are about 30 ports that need to be opened for full
AD communication. RPC alone won't cut it. Better off using a VPN between the
locations.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

join an existing domain to an existing forest 1
2 Forest in one network. Not able to connect domain 9
transfer root forest domain controller 7
Creating New Domain Tree in Existing Forest 9
Strategies for cloning our production AD forest to a "dev" forest ? 2
Multi forest and Citrix farm 1
new domain tree in an existent forest 1
New AD DC cannot be seen by other Domains in Forest 7

Top