I used to manage two domain controllers when the primary DC which handled all domain roles, DNS and DHCP service went down. So I configured DHCP and DNS on the other domain controller. The problem is the following:
All PC that are already joined to the domain cannot see the domain. For example when I want to give permission to a shared folder in windows xp I could only give local users permission, I cannot see any other locations other than the local PC it self where I used to view the domain and select domain users before.
I think this problem has to do with the DNS, I am not sure if I configure it correctly as if even DHCP clients are not updating the DNS directory at all.
I am running Windows 2003 Server Standard R2. Please help!
thank you.
EDIT: I am currently running only one domain controller.
DC Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : GOLDEN.AE
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : GOLDEN.AE
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-16-35-C2-36-F1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.54
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.70
DNS Servers . . . . . . . . . . . : 192.168.0.54
PC Windows IP Configuration
Host Name . . . . . . . . . . . . : MyWorkSpace
Primary Dns Suffix . . . . . . . : GOLDEN.AE
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : GOLDEN.AE
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-11-2F-70-3A-69
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.57
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.70
DNS Servers . . . . . . . . . . . : 192.168.0.54
C:\Documents and Settings\Admin>DCDIAG
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
The host 0629e11f-c68e-4fbd-acbd-a4f99f47d67e._msdcs.GOLDEN.AE could
not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(0629e11f-c68e-4fbd-acbd-a4f99f47d67e._msdcs.GOLDEN.AE) couldn't be
resolved, the server name (DC2.GOLDEN.AE) resolved to the IP
address (192.168.0.54) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Skipping all tests, because server DC2 is
not responding to directory service requests
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ALGHAITH
Starting test: CrossRefValidation
......................... ALGHAITH passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ALGHAITH passed test CheckSDRefDom
Running enterprise tests on : ALGHAITH.AE
Starting test: Intersite
......................... ALGHAITH.AE passed test Intersite
Starting test: FsmoCheck
......................... ALGHAITH.AE passed test FsmoCheck
UPDATE:
I am getting DNS Event ID: 4521 now!
You're most likely right - DNS, the glue that binds AD, is broken. Without quite a bit more diagnostic information, it's tough to tell.
What are the DNS settings in the NIC on the "primary DC"? If it is pointing to itself (as best practices say it should), then it is currently registering its various important DNS records with a currently nonfunctional DNS server.
Your best bet would be to get DNS working properly on that "primary DC," then make sure it's properly replicating to thoe other DC. I'd also suggest running DCDIAG on both DCs, and working to make sure all tests pass.
In the short run you may get some relief by running
ipconfig /flushdnsfollowed byipconfig /registerdnson each DC or problem client.(I have been putting "primary DC" in quotes because I don't want to perpetuate the misunderstanding that AD still has the old NT4-style PDC/BDC distinction.)
You shuld have had the DNS service ruuning on both Dc's however to recreate follow teh following article. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294328&sd=RMVP
It takes more than /registerdns for a domain controller to update all the underscored records in DNS; you must stop and restart the NETLOGON service. /registerdns just does a computer's A and PTR records. Perhaps do that, then check the zone to see if it looks ok on DNS on DC2.
I assume you changed your workstation's DNS to DC2.
IMHO