General discussion

Locked

AD Headaches

By hannahlovesbananas ·
Hi all,

I admit now that i should've extensively thought this out before i implemented...my brain is fried.

I have a domain (domain.com) . I recently co-located some servers at a Network Operations Center off site. In order to share printers, and have connectivity to our network at the office, I created a subdomain to my domain.com hoping they'd talk to each other. Well, things didn't go so well, i ended up having to readdress the network because of an ISP change, and by that time the DC at the NOC wasn't talking to our internal network DC whatsoever. In light of this, i went and demoted the DC of the subdomain at the NOC to a member server, and went into my DC at the office and did a metadata cleanup to get rid of this orphaned subdomain. Well the metadata cleanup was successful as far as I can tell, but a trust still exists from my domain (domain.com) to the nonexistant subdomain (my.domain.com) I am unable to remove it, because the remove button is grayed out. Is there any possible way i can get rid of this without a huge mess?
Also, I want to create a DC for over at the NOC, but am willing to create it just to a be a secondary for the domain (domain.com) I've created entries for my current DC in the lmhosts file for the remote server. Has anyone had to join two W2K machines remotely? Please help...i don't have much hair left to pull out.

Thanks

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by hannahlovesbananas In reply to AD Headaches

Yes I'm using all W2K. In AD Domains and Trusts, I go to the Trusts Tab for my domain (domain.com) and the "domains trusted by this domain" and "domains that trust this domain" both contain a trust for the subdomain that doesn't exist(my.domain.com). When i highlight the domain for removal, i only have a "ADD" and "EDIT" button, the "REMOVE" isn't available. The "talk" that i want is mainly AD, so we can share files between there and here, and print from there to here. Thank you!

Collapse -

by CG IT In reply to AD Headaches

I think understanding the "tree-root" trust relationship concept for an Active Directory environment is the first step here. Domains within a single domain tree are linked with a transitive, two-way parent-child trust relationship. This is an automatic "trust". you don't need to establish manually e.g. creating a trust in Active Directory Domains & Trusts. T

Second is AD sites and services. Though a parent child trust relationship is automatically created for domains within the domain tree, "site" connectors for replication of AD between sites [which may or may not be located in the same physical area] is required. Inter-site AD replication connectors need to be made to replicate AD. Example, your NOC is a site, but you, yourself, are located at a different site, you both are in the same domain name space and wish to replicate AD. In AD sites and services, you create a site link "bridge" between the two so each can receive AD updates. The two automatically "trust" one another because of the transitive parent-child trust relationship. you just need to have each one update AD with one another.

Collapse -

by CG IT In reply to

hope this helps

Collapse -

by CG IT In reply to

well, you can try. As long as you've laid out your Domain Name Space of what site is what, and what DC's will take care of what Zones, you should be able to create a DC at a off-site of which is a subdomain of your root domain. You should be able to create a site-link between the root and subdomain and replicate AD between the two, [the transitive, parent-child trust relationship will be established automatically] From there you can set user permissions to access objects in AD that regardless of the location of the object [printers, folders] being in different physcial locations], that user can access those resources.
For some reference materials on DNS and Active Directory, I like Network Professional's Library Windows 2000 Active Directory by Joe Casad. It's well written with explanations of AD [and DNS] rather that those exam training kits which IMO is like Calculus. Calculus "assumes" you know, like the back of your hand, algegra, trig, Geometry and and jumps right in. Those exam books assumes you know and have worked with DNS, the Domain Name Space, Active Directory, DHCP, TCP/IP, and the lot and jumps right in.

Collapse -

by CG IT In reply to

The Network Professional's Library books on Active Directory [and theres one for DNS, Windows Scripting, Windows Security as well]assumes you don't know squat about it and gives you the background information that the exam books don't. Of the 4 books The Scripting, Security and Active Directory books are great. The DNS one tends to waver in how it reads like the writer begins thinking you dont know it, then kinda drifts off to assume you know like the exam prep books, then catches himself and gets back to the premise that you don't know it. Still a good book though.

Collapse -

by hannahlovesbananas In reply to AD Headaches

Thank you for all of your help, I really appreciate it. If i wanted to recreate my.domain.com am i going to run into problems? Im just worried since the my.domain.com domain doesn't currently exist and my root domain server still thinks it does.

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums