No replication or resolution of new domain tree

[maddhaze]

Hello,

**not real domains

I am running a Windows 2003 AD with an FQDN of hq.xyz.com. This is the
root of my AD. Now I need to add a domain tree of remote.abc.com.
Everything goes well with the dcpromo wizard and when I am done I have
the new domain tree with DNS installed on the same server by dcpromo.
However, I can not replicate between the two sites. When I open the
Sites and Services utility on the new domain things seem ok if I
replicate from the DC in the root to me, but when I try to replicate
from new domain to root I get an error; "The naming context is in the
process of being removed or is not replicated from the specified
server." I checked DNS and found there was now reverse zone so I
created one, but everything else seemed ok. Also, if I do an Nslookup
of remote.abc.com on the root domain, it does not resolve.
Has anyone got any idea what could be wrong?

 

[Ryan Hanisco]

Maddhaze,

The reason you are getting the error is that xyz.com and abc.com are
completely different namespaces. This means that they are in completely
different forests. As such, you can have inter-forest trusts, but will
never have replication or passing of objects between the forests.

You mentioned that you had entries for both in your DNS. This implies that
you are doing unique stuff with your DNS. Give us and idea of what you're
trying to accomplish and how you have your DNS set up and perhaps we can
help you out.

As it stands, though, the systems appears to be acting correctly for the way
it has been implemented.

 

[newsbandit]

Sorry, I should have painted a better picture. You are correct with
your analysis based on the info I provided, but here is an update. The
domains should be more like hq.nyc.usa.com and remote.fla.usa.com. As
for DNS, the nyc.usa.com and fla.usa.com are managed by the UNIX side
of the house with Bind. When the AD was created, nyc.usa.com became the
root and we are tring to add fla.usa.com as a new domain tree. Nothing
special happened with the AD DNS, it was just installed during the AD
activation. Do (or rather did) I need to create an empty root? Am I
doing something wrong?

 

[Ryan Hanisco]

Newsbandit,

If you didn't put in a DC to run the domain of usa.com (to use your example)
AD still sees them as disjoint namespaces as there is no domain to tie them
together. In this case a single management domain is usually created to
act as manger for the subdomains and to hold the Forest-level FSMO roles.

As it is, you can only rely on the inter-forest trusts to provide access to
resources.

 

[newsbandit]

Thank you so much Ryan! I remeber talking about this with my partner
when we first implemented AD. Unfortunately we had to join with a
parent compny then were told to break away. During that process we just
made ourseleves the root and forgot to setup a management root. Now
because we have a sister company looking to us to manage their site, we
have run into this hurdle. Do you think just making the sister company
a subdomain of ours and using a UPN suffix and the proper MX records
would be a good alternative?