AD not synching between domain controllers
I need help getting information in Active Directory to sychronize between two different domain controllers.When I create a new account on one domain controller it seems to copy over to the other domain controller automatically after a couple of minutes. However when I make changes to an account's "full name" or "display name" or "description" they do not copy over to the other domain controller. I've been asked to assist with our organizations IT needs. (we're a non-profit with no full time sys-admin-IT guy). I have some helpdesk-deskside support experience but am lacking in my System Admin-AD-Exchange skills.When adding users or making changes in active directory we use active directory on the server that has exchange running on it (Server 4). We can connect to both domain controllers from within active directory on Server 4. At some level the two domain controllers limit which information or account changes they share with each other.We have 4 servers. 1- Running Server 2000 SP4 (domain controller & print server)2- Running Server 2003 Standard (domain controller & printer server)3- Running Server 2003 Standard (fileserver & printer server)4- Running Server 2003 Standard (Mailserver running Exchange 2003)What can diagnostic tools, commands, etc are there to get our two domain controllers back in full communication?Server 1 is having problems resolving the name of server 2. By that I mean if you open a window and type: \\second_dc in the address bar it won't find the server. If you type: \\192.168.1.11 it will find it. If you type in the name of the server 1 while logged in to server 2 it is able to 'resolve' normally.Similarly if I log on to Server 1 and open Active Directory and try to connect to Domain Controller 2 (Server 2) I get the error message: The domain controller second_dc.COMPANY was not validated because access is denied.If anyone out there has any ideas on how to help us with this I'd really appreciate it. I can post some screenshots or provide more information as needed.
March 11th, 2008 5:07pm
Pls. check the trusting of both DC, aslo check the all ADS related ports are properly listing and open at both side.Milan Tyagi
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 4:12am
This is more of a directory services question than an Exchange question.
Even so...
1. Check DNS (in Admin Tools): are there entries for both domain controllers?
You can register DNS records manually on both domain controlers just in case:
ipconfig /registerdns ---> For A records
http://technet.microsoft.com/en-us/library/cc780467(v=WS.10).aspx
net stop netlogon & net start logon ---> for SRV records
2. In the TCP/IP properties of each domain controller, what DNS server(s) is (are) indicated? NOte: you can also see this is
ipconfig /all.
It is often recommended that the first IP address be that of the domain controller in question and the second, the IP address of the other (another) domain controller.
3. As for diagnostics, you can run the following:
netdiag
dcdiag
repadmin /replsum
repadmin /showrepl
You can post the result of those commands run on both domain controllers, changing the name of your domain to something like "mydomain.com" for privacy if you prefer.
netdiag and dcdiag can be run with various "switches" (options) but for now, we'll start with the above.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
May 4th, 2012 6:22am
This is more of a directory services question than an Exchange question.
Even so...
1. Check DNS (in Admin Tools): are there entries for both domain controllers?
You can register DNS records manually on both domain controlers just in case:
ipconfig /registerdns ---> For A records
http://technet.microsoft.com/en-us/library/cc780467(v=WS.10).aspx
net stop netlogon & net start logon ---> for SRV records
2. In the TCP/IP properties of each domain controller, what DNS server(s) is (are) indicated? NOte: you can also see this is
ipconfig /all.
It is often recommended that the first IP address be that of the domain controller in question and the second, the IP address of the other (another) domain controller.
3. As for diagnostics, you can run the following:
netdiag
dcdiag
repadmin /replsum
repadmin /showrepl
You can post the result of those commands run on both domain controllers, changing the name of your domain to something like "mydomain.com" for privacy if you prefer.
netdiag and dcdiag can be run with various "switches" (options) but for now, we'll start with the above.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 1:13pm