Windows Server

Guest · Posted: Fri Nov 11, 2005 1:50 pm Post subject: Global catalog issue

We've recently setup an AD Forest with the root domain name and then
child domains underneath.....

And we've seem to come across an Global Catalog error, when we try to
create accounts in the Child Domains it prompts with an error saying
the it cannot contact the Global Cataglog which hosts the root domain.

But then when we create the same acct at the root domain level, it
doesn't prompt with the error............

Whats likely the cause of the issue..... is it something to do with the
DNS configuration, DNS is only configured on the root GC's and not on
the child domains, furthermore we have two DC's in the child domain....

Whats the likely cause of the DNS? Anyone please help..........

Zeno

Brian Desmond [MVP] · Guest

You need DNS running in the child domains and talking to DNS in the root
domain. The root needs to be able to resolve the children and vice versa.

--
Thanks,
Brian Desmond
Windows Server MVP

www.briandesmond.com

Guest · Posted: Sat Nov 12, 2005 1:50 am Post subject: Re: Global catalog issue

you mean I must run DNS on the child domains.............. rather than
just the forest level DCs.

Ace Fekay [MVP] · Guest

Guest · Posted: Sat Nov 12, 2005 5:50 pm Post subject: Re: Global catalog issue

Only the root domain has DNS Servers configured, in the Child domain
the DC's are configured to use the root DNS servers in there IP
settings.........., not sure if its related as well but my GPOs
aren't getting applied poperly to the Child Domain. I have configured
several password policies only for the CHild Domain. I ran gpresult and
gp modelling and the polcies settings are right but when i create
acoounts the complex password policy is still applying.

And similarly for my workstation OU in the Child Domain, GPO isn't
getting applied to the workstation and I getting a whole list of USENV
errors in App Logg 1053, 1030, and the autoenrollment error.

Would the DNS have any affect on this if its not configured properly
for the Whole Domain, I have set the workstations to use the root DC's
DNS but its still giving me the error

Brian Desmond [MVP] · Guest

Are the zones and delegations for the child domains in the root DNS servers?
You need all that there...

--
Thanks,
Brian Desmond
Windows Server MVP

www.briandesmond.com

Ace Fekay [MVP] · Guest

USENV errors are indicative for the most part of misonconfigured DNS either
on the client side or the server side.

Are there any other DNS addresses in the child domain's client machines
(such as an ISPs)?
Are the child domains across a WAN link or on the same subnet or location?
If across a link, this can affect resolution times. Plus, depending on where
the DCs are in relation to the clients, there are restrictions with WAN
speeds when it decides if certain GPO funtions and other functions are to
apply. But password restrictions are not affected by this. This leads me to
believe this is more of a DNS misconfig in your scenario.

If the child domains are across a WAN, I can suggest to install DNS on a
child DC and delegate from the parent to the child, and set a forwarder back
to the parent, as Brian is implying. This will allow the child machines to
not have to cross the WAN for queries. Here's a link onhow to set that up:

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Now I must ask: Is the AD DNS name at the parent a single label name?
("domain" rather than the required 'domain.com' format.) That can cause
serious query problems with AD.

Ace

Guest · Posted: Mon Nov 14, 2005 9:50 am Post subject: Re: Global catalog issue

The Child DC at the moment sits on the same subnet as the Root.... and
the domain name spaces is:

Root: abc.ad.internal.com
Child Domain: xx.abc.ad.internal.com

Cheers.............

	Windows Server Forum Index -> Active Directory	All times are GMT
Page 1 of 1