Domain Needs Spring Cleaning..
Results 1 to 4 of 4

Thread: Domain Needs Spring Cleaning..

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    224

    Domain Needs Spring Cleaning..

    I inherited an interesting domain controller challenge.
    When I came to this Job there were two windows 2003 AD domain Controllers in the domain that were upgraded from two windows 2000 domain controllers. Before they were upgraded to 2003, they were load balanced as domain controllers. So now, I have two windows 2003 domain controllers running active directory with NLBS assigned to the nic properties. Why anyone would load balance two domain controllers is beyond me.
    To make matters worse, I have an exchange 2003 server with active directory installed. So, the network also sees our exchange server as a domain controller, but nothing on our network has it in the DNS settings.
    The operations master is always the same since it will not change when one of the servers goes down. So, esentially we have three domain controllers, of which only two are assigned as domain controllers. And of these two, only one of them function as a true domain controller even though the global catalog resides on both. Another problem is that we have a website with the same name as our domain name minus the .com. This creates a problem as well. We have Ourname.com as a website and ourname as the name of the domain when it should actually be ourname.net. There are so many things to correct I don't know where to begin. And there are so many aspects of our domain configured incorrectly that if I attempt to clean things up, there is no telling what will fail. What I would like to do is rebuild both domain controllers correctly, but they are both in production. It seems like the most logical route would be to build another server as a domain controller and migrate the Active Directory information to that server and then start collapsing the old DC 's one by one. But once again, who knows what will happen.
    Anyone ever seen this kind of a catch 22 scenario in a domain setup?
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    1. Nothing stop you from dcpromo and depromoing your all your DC except your Global Gataloc and Operationg Master. (You should do that right away on your Exchange server)
    2. You can try to manually add host (a) with a name of "www" in your dns. I did that for my domain but my domain is call mydomain.com and my website is also mydomain.com.

    Their will always be only one master DC in any domain. The other DC after just replicated the AD for load balancing. Most users access the AD a lot in a day but you rarely get request for RID, PDC or Infrastructure Master.

    Your AD is fine. You just need to tweak a bit your DNS setting and get a bit more understanding about AD load-balancing.
    -Simon \"SDK\"

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    Well. If I reboot the DC that is no operations master, the operations master DC fails and the system halts. If the operations master fails, no one can authenticate through the other DC.
    So, something is definitley wrong other than the global catalog issue. Also, there is no FQDN and I'm not brave enough to rename it.
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    You can force the change of operations master for RIP, PDC, Infrastructure from another DC. Open Your Active Directory Users and Computers, right click the root your domain and click Operationnal Master.

    You might want to get your hand on Mastering Windows Server 2003 from Sybex. Very good information bible.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides