DNS Host (A) Rec. is Static for new Domain Controller

Similar Messages

• New Domain controller, DNS client settings before FSMO transfer

  I recently promoted a new domain controller.  It is the fourth domain controller and third in the site.  I plan to decommission the other two domain controllers in the site leaving just the new one.   Right now the new domain controller points
  its tcp\ip client to the other other domain controller\DNS servers as primary and itself at the bottom.  The other domain controllers point to themselves as primary and the newest domain controller on the bottom of the list.  Clients on the network
  use the original domain controllers as DNS from DHCP first and then the new domain controller DNS.  Is it okay to transfer all the FSMO roles to the new domain controller or should I make all the DNS clients point to it first?

  Hi,
  It is possible to first change your FSMO roles and after this is done then point your DNS clients to the new DC. This should not be a problem.
  some interesting information about assigning your FSMO Roles: http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
  Hope this helps you out.

• Replace WS2003 domain controller for WS2012 domain controller

  Hi, I think that is a common problem but I haven't found anythink exactly like this, only something similar, but I have a lot of doubts yet.
  The thing is that I have a network with two domain controllers:
  WS2003     - 192.168.0.1, who is the first domain controller I created and is also a file sharing server
  WS2008R2 - 192.168.0.8, who is a  new domain controller I added one year ago.
  Now, I want to replace the first one, keeping the second. One.
  I thinking of removing the first one and replace it with a new machine (WS2012) with the same IP and name host. I need the same host because clients are pointing to it to get the shared files.
  My main fear is that clients get some error related with trust relationship and I will have to rejoin them one by one to the domain.
  As I have another domain controller, Will the global catalog of the new machine be synchronized automaticly with the WS2008R2 domain controller?
  Do I need to demote the old domain controller before add the new one?
  Thanks a lot

  Hi Tomas,
  As pointed by Burakm you should have an additional file server and should avoid using a Domain controller which has priviledged access, to share files. This puts you at a security risk.
  Regarding the requirement of old host name:
  Here is something that would let you keep a different servername and IP, yet allow your users to connect to the old hostname and access the share. Use CNAME records of old server to point it to the new hostname.
  How to Configure Windows Machine to Allow File Sharing with DNS Alias
  You might also look for Distributed File System Shares.
  http://blogs.technet.com/b/josebda/archive/2009/06/26/how-many-dfs-n-namespaces-servers-do-you-need.aspx
  NOTE- You can't run in-place upgrade of a 2003 to 2012 DC.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• New Domain Controller does not show in our different site's Domain controller's Sites and Services

  Hi,
  we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
  functional level is also 2003R2.
  We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
  the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
  from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
  can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happening

  Just noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
  Log Name:      Directory Service
  Source:        Microsoft-Windows-ActiveDirectory_DomainService
  Date:          1/4/2014 8:11:40 AM
  Event ID:      2042
  Task Category: Replication
  Level:         Error
  Keywords:      Classic
  User:          ANONYMOUS LOGON
  Computer:      NORDC1.vertrue.com
  Description:
  It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
   The reason that replication is not allowed to continue is that the two DCs may contain lingering objects.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
  of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".  If the local destination DC was allowed to replicate with the source DC, these potential lingering object
  would be recreated in the local Active Directory Domain Services database.
  Time of last successful replication:
  2013-05-16 15:26:38
  Invocation ID of source directory server:
  9236ac56-d046-4632-b072-acbe823c5f6c
  Name of source directory server:
  accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
  Tombstone lifetime (days):
  90
  The replication operation has failed.
  User Action:
    The action plan to recover from this error can be found at
  http://support.microsoft.com/?id=314282.
   If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD.  To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
  <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects.  To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
  DC> <Destination DC DSA GUID> <NC>".
   If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
  http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
   If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
  Registry Key:
  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
   Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
  DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved.  DCs that fail to inbound replicate deleted objects within tombstone lifetime
  number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.  Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
  located immediately.
  Alternate User Action:
  Force demote or reinstall the DC(s) that were disconnected.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
      <EventID Qualifiers="49152">2042</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>5</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8080000000000000</Keywords>
      <TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
      <EventRecordID>38018</EventRecordID>
      <Correlation />
      <Execution ProcessID="660" ThreadID="1596" />
      <Channel>Directory Service</Channel>
      <Computer>NORDC1.vertrue.com</Computer>
      <Security UserID="S-1-5-7" />
    </System>
    <EventData>
      <Data>2013-05-16 15:26:38</Data>
      <Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
      <Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
      <Data>90</Data>
      <Data>Allow Replication With Divergent and Corrupt Partner</Data>
      <Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
    </EventData>
  </Event>

• Adding new domain controller under tree domain

  i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
  i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
  Thnx

  If you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
  the new dc.  I am making the assumption that you are using AD integrated DNS.
  http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• What is the most appropriate way to generate a static IPv6 for a domain controller?

  DNS Role Best practives is giving errors. Looks like I need to assign ONE static IPv6 to each domain controller and use IT in DNS and DHCP. There are two routers on the network, each assigning a 2002: IP, plus a link local FE80: IP is also assigned.
  Is there a way to generate a static IPv6 for domain controllers that will not change even if the network cards or routers are changed?
  What is the best practice so that domain integrated DNS and DHCP with Exchange 2010 in the domain, will continue to function?
  There is ambiguous information as to whether DC's should have static or dynamic IPv6 IPs. I have tried variations such as IPv4 compatible. IPv4 mapped, ISATAP, etc. but over time have gotten different errors from different sources.
  It is one thing for Microsoft to give error messages about IPv6 but I cannot find any definitive recommednations on this.
  Thanks if anyone finds a universal answer.
  Bob.

  Excellent and valid points, Bob. Your outlook explains in an easy way how the challenges setting up Windows Server are in a sense, self-generated, and in every sense fully avoidable.
  No changes have been made to the warnings or errors in 2013 R2 despite improvements in other areas. This release mainly brought improvements to the setup in areas that were truly broken like automatic account generation for ADFS. Since that's a decade old
  feature it's probably best not to wait for Microsoft to clarify, and I appreciate your recommendations.
  I'm bumping this thread since it's the first result for 192.168.1.1 on ipv6 on Google right now, and since there's no way to see how often it's being referenced I wanted to add some additional information.
  Multiple NIC's can be specified by using the scope ID parameter supported since Vista, that appears as a percent-sign at the end of IPv6 addresses. It uniquely identifies the network adapter even when that adapter shares the same host portion of the IPv6
  address space (i.e. essentially, has the same IP, which in IPv4 is invalid.) I'll give some examples at the end of the post.
  Following the recommendation to deprecate the fec0 prefix while maintaining a link-local addressing scheme is possible through the prefix length at the beginning of the IPv6 address. As
  this reference at IBM explains, fe80:: maps to a link-local prefix length of 64 equivalent to the IPv4 version of 24, and anything else before the double-colon refers to the network portion of the IPv6 address.
  The host portion of the IP address then _could_ be ::20, ::21, etc., as you said, but to follow
  this MSDN recommendation, it would be more appropriate to use the same host portion and add a suffix for the scope ID documented on that page. The suffix may be specific to Windows
  and may not work in an equivalent way in heterogeneous platform deployments. But since the effect is limited to the local machine it should help anything past XP differentiate NICs when assigned the same host portion.
  The approach taken in the random IPv6 generator linked elsewhere on this page leaves open the possibility, however unlikely, that the generated IP can route to some other host on an open network that happens to have generated the same network portion of
  the address (the other host would be sharing the same network.) If any part should be random, it's the host portion after the double-colon, not the network portion at the beginning, so that the possibility does not exist.
  Additionally, the host portion doesn't have to be random, it's just done that way because it's usually automatically generated; a random number is safer for a computer than relying on a sequence that may not fully cover all the numbers used so far. If you're
  doing a manual deployment you can combine the above information with the inline 0-supression in IPv6 to assign numbers in the following way:
  fe80::1:1%1 (first computer is 1:1, first interface is %1)
  fe80::1:1%2 (second interface)
  fe80::1:2%1 (second computer, first interface)
  Effectively here we're swapping "192.168.1" for "fe80::1" which is roughly the same length (taking into account variations like 10.0.0). The only gotcha is that _either_ the string after the double-colon can't be 1 by itself since that's
  reserved for local machine loopback, _or_ that the second-to-last number after the double-colons can't be 0, since that's equivalent due to inline supression.
  Other combinations are fine, like fe80::2%1 and fe80::2%2 for the first computer, then ::3 for the second, etc. I thought having a 2-index for the first machine is too uncommon to look familiar so I chose the alternative, but even something like fe80::fe%80
  is perfectly fine.
  If you don't need to identify individual NICs then omitting the part after the percent sign makes fe80::10, fe80::11 a valid sequence for 2 computers. For over 255 computers just add another number before the last, so that it looks like fe80::1:10, fe80::1:11,
  etc. That should be easier to remember than the randomly generated numbers.
  There is also another way if the preference is to use IPv4-lookalike addresses. The mapped address spec is defined in RFC 4291 and it goes along the lines of "::ffff:192.168.1.1" for a valid IPv6 address to the gateway, for example. That is a newer
  recommendation than the RFC which the random-number generated linked elsewhere on this page relies on.

• How to create console for new domain

  I created new domain according to the steps given under creating new domain in
  documentation of 6.1, Can any one help me how to get console activated for this
  new domain .At present it is not able to get the console for this domain even
  though in log files it shows console.war is deployed.
  Thanks in Advence

  Please follow the exact steps given in the following document to create a new
  Domain:
  http://e-docs.bea.com/wls/docs61/////adminguide/overview.html#1031797
  Also, if you have done so, please check if a directory called .wlstaging is created
  in the new domain directory that is created. This directory has the console.war
  file.
  This is automatically created by the WLS when creating a new domain.
  hope this helps.
  thanks,
  Mihir
  surendra wrote:
  I created new domain according to the steps given under creating new domain in
  documentation of 6.1, Can any one help me how to get console activated for this
  new domain .At present it is not able to get the console for this domain even
  though in log files it shows console.war is deployed.
  Thanks in Advence

• Best practise to add new domain controller 2008r2 and de-promote 2003 x86

  Depending on the size of the environment and the complexity determines where the roles should be held.The PDCe role should be held on a machine that has the better hardware. It will resolve any password conflicts and account lockouts. It also keeps the time clocks synchronized across the domain.The other roles are responsible for kind of basic housekeeping across the domain and forest. Such as the Domain Naming master it is responsible for name changes across the domain.The Schema Master which is responsible for updates to the directory and the RID master which issues pools of IDs for DCs to issue for new users or computers.The infrastructure master is responsible for keeping multiple domains and forests in sync. The infrastructure master does not do a lot in a single forest single domain environment and can be placed on any DC....

  Also if you are upgrading why not go right to 2012. 
  Might save a few years on having to upgrade again.
  Here is a great guide from MS
  http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-201...
  

• Searching for a domain controller

  Hope everyone one is doing fine!
  I need to search for domain controller from my local machine. My machine is added to a AD domain.
  Like windows API's DsGetDcName() which returns you information about domain controller, is any such functionality available in JAVA?
  Thanks,
  Sumedh

  Thanks danny,
  But I tried to query the DNS; java.net.InetAddress.getByName( ldap.tcp.dc._msdcs.<yourdomain>)
  it throws me exception:
  Exception in thread "main" java.net.UnknownHostException: LDAP.TCP.dc._msdcs.<----yourdomain.com--->
       at java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method)
       at java.net.InetAddress$1.lookupAllHostAddr(Unknown Source)
       at java.net.InetAddress.getAddressFromNameService(Unknown Source)
       at java.net.InetAddress.getAllByName0(Unknown Source)
       at java.net.InetAddress.getAllByName(Unknown Source)
       at java.net.InetAddress.getAllByName(Unknown Source)
       at java.net.InetAddress.getByName(Unknown Source)
  I found another way, wherein you can run echo %logonserver% but i feel it wont be useful from linux machines.

• My New domain controller wont see the pdc

  hi, i have a windows 2003 pdc that is the only one on the network, previous IT people did not have a BDC or system back up. Now the current domain controller is giving trouble, i tried to install a secondary 2003 domain controller (BDC) but it dose not see
  the primary domain controller and it wants to be the pdc. The problem is how ever i want to keep all the previous user accounts and settings in the ad. I have tried using admt but it dose not recognise another dc how can i transfer all user info stored in
  the active directory. 
   

  Hi scipiotechadmin,
  Is the function level of your domain is Windows Server 2003? If so, you can use the Windows Server 2003 Active Directory Domain Rename Tools which can provide a security-enhanced and supported methodology to rename one or more domains (as well as application
  directory partitions) in a deployed Active Directory forest:
  Windows Server 2003 Active Directory Domain Rename Tools
  For your information, please refer to the following articles to get more help:
  What Is Domain Rename?
  How Domain Rename Works
  Regards,
  Lany Zhang

• New Domain Controller DNS Issues

  Hello,
  We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
  These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
  The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
  The new servers have a SYSVOL and NETLOGON share as they should.
  The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
  The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
  as normal.
  I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
  ROOTDOM          MYDOM
  2003RDC1         2003DC1
  2003RDC2         2003DC2
  2008RDC1         2003DC3
  2008RDC2         2003DC4
                          2008DC1
                          2008DC2
                          2008DC3
                          2008DC4
  The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
  Any pointers greatly appreciated.
  EDIT - DCDIAG results as follows:
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = 2008DC1
  * Identified AD Forest.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Central-Site\2008DC1
  Starting test: Connectivity
  ......................... 2008DC1 passed test Connectivity
  Doing primary tests
  Testing server: Central-Site\2008DC1
  Starting test: Advertising
  ......................... 2008DC1 passed test Advertising
  Starting test: FrsEvent
  ......................... 2008DC1 passed test FrsEvent
  Starting test: DFSREvent
  ......................... 2008DC1 passed test DFSREvent
  Starting test: SysVolCheck
  ......................... 2008DC1 passed test SysVolCheck
  Starting test: KccEvent
  ......................... 2008DC1 passed test KccEvent
  Starting test: KnowsOfRoleHolders
  ......................... 2008DC1 passed test KnowsOfRoleHolders
  Starting test: MachineAccount
  ......................... 2008DC1 passed test MachineAccount
  Starting test: NCSecDesc
  ......................... 2008DC1 passed test NCSecDesc
  Starting test: NetLogons
  ......................... 2008DC1 passed test NetLogons
  Starting test: ObjectsReplicated
  ......................... 2008DC1 passed test ObjectsReplicated
  Starting test: Replications
  ......................... 2008DC1 passed test Replications
  Starting test: RidManager
  ......................... 2008DC1 passed test RidManager
  Starting test: Services
  ......................... 2008DC1 passed test Services
  Starting test: SystemLog
  ......................... 2008DC1 passed test SystemLog
  Starting test: VerifyReferences
  ......................... 2008DC1 passed test VerifyReferences
  Running partition tests on : DomainDnsZones
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test
  CrossRefValidation
  Running partition tests on : ForestDnsZones
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test
  CrossRefValidation
  Running partition tests on : MYDOM
  Starting test: CheckSDRefDom
  ......................... MYDOM passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... MYDOM passed test CrossRefValidation
  Running partition tests on : Schema
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Running partition tests on : Configuration
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Running enterprise tests on : ROOTDOM.mycompany.co.uk
  Starting test: LocatorCheck
  ......................... ROOTDOM.mycompany.co.uk passed test
  LocatorCheck
  Starting test: Intersite
  ......................... ROOTDOM.mycompany.co.uk passed test
  Intersite

  Hi Kev,
  >>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
  Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
  of DNS records.  
  Besides, we can check DNS event logs to see if some related events were logged.
  Best regards,
  Frank Shen

• Custom dmsBase for new domain/new application

  i am having problems getting my DocumentConnectionPool to start the dmsBase located
  within my own domain structure, which is separate from the bea dir.
  i have copied the doc-schemas directory and the .xml files under it. the only
  thing that i can think is the problem is the reference to the doc-schemas.dtd
  file.
  what is strange is when i point my DocumentConnectionPool to the dmsBase located
  under the bea directory it works fine.
  which doc-schemas.dtd file is being used? under wlportal4.0, the only doc-schemas.dtd
  files i can find are located in document.jar files for applications i'm not even
  starting. and i do have a document.jar file in my application and it's deployed
  as an ejb.
  any ideas?
  thanks,
  sam

  can't explain why it works now, but it does.
  "sam" <[email protected]> wrote:
  >
  i am having problems getting my DocumentConnectionPool to start the dmsBase
  located
  within my own domain structure, which is separate from the bea dir.
  i have copied the doc-schemas directory and the .xml files under it.
  the only
  thing that i can think is the problem is the reference to the doc-schemas.dtd
  file.
  what is strange is when i point my DocumentConnectionPool to the dmsBase
  located
  under the bea directory it works fine.
  which doc-schemas.dtd file is being used? under wlportal4.0, the only
  doc-schemas.dtd
  files i can find are located in document.jar files for applications i'm
  not even
  starting. and i do have a document.jar file in my application and it's
  deployed
  as an ejb.
  any ideas?
  thanks,
  sam

• NEW Domain Controller to Replace Old One

  After you demote the physical machine, but before you change the new machine , make sure to carefully go through all your DNS zones and delete the references to the IP and Host Name of the demoted machine.  I found that demoting DCs doesn't do a good job of cleaning out DNS.

  I'm building a new DC for my network and have a couple of questions.
  I currently have 2 DCs, one is a VM (DC1 also FSMO) and the other a physical box (DC2). DC2 is on aging equipment and needs replacing so my plan was to build a new box and create a new DC, but I want to put the IP address from DC2 on the new DC (DC3) so I don't have to change the DNS config on all of my client PCs.
  How would you go about this? - I'm thinking, get DC3 up and running (fully configured as a DC) then demote DC2 and decommission it, then change the IP of DC3 to the address that was used by DC2.
  It seems a little too easy and I feel like I'm missing something so I thought I'd ask the Spice Heads :)
  Thanks
  This topic first appeared in the Spiceworks Community

• New Domain Controller in IFS 1.2

  How to configure two seperate domains in IFS 1.2 (not detail in document at all)?

  Songsin,
  You can only have one domain per schema which means if you want a second domain you'll have to use the configuration assistant to create another schema for your second domain.
  Hope that helps,
  Hanne.

• New domain new subnet problem

  We were trying to add a new domain tree to our forest/domain with windows 2012 r2 but the promotion of the new domain controller for the new domain tree failed. Everything goes well until the final setup window, but then the new domain controller for the
  new domain tree appears to stuck at "Replicating the schema directory partition" stage... It never ends the "Replicating the schema directory partition" stage!!!
  So I went to the lab (in our Hyper-V) and try to replicate the problem. I created a new forest/domain and add a new domain tree, the process completed successfully. Bu then I replicated the same setup but using different IP subnet for each DC (like our production
  environment), and the the SAME HAPPENS again, the setup goes until the final stage and stays forever at the "Replicating the schema directory partition" stage!!!
  At this stage I don`t know if the problem is the same that we have in our PRD environment, but the problem has the same behavior. I suspect that the problem has something to do with IPV6 (I see the primary DNS for the NIC primary DNS listed with the IPV6 "::1"
  before the IPV4 address), but i don`t know much about IPV6. I already tried several configurations, I disabled the firewalls in both lab DCs, I removed the IPV6 check option from the NIC  properties from both DCs, I set BOTH DNS to respond only from their
  IPV4, I tried to pre-stage the new domain tree DNS zone in the DC, and so on... Nothing works...
  So the current scenario is:
  Hyper-V physical machine / 2 Private switches (one for each subnet)
  3 VMs
  1 DC - First Domain/Forest / Static IP / DNS IPV4 point to itself / and IPV6 DNS = ::1 / It has the First DNS/Domain Zone and a conditional Forwarder that points to the 2nd DC that is in the other subnet.
  2 DC - This is the one to be added with new domain tree in the existing Forest. Static IP address / DNS point to itself /  and IPV6 DNS = ::1 / also has a conditional Forwarder that points to the 1st DC DNS domain zone that is in the other subnet.
  Between both subnets I have a server that has RAS role to provide routing between both subnets
  From both DCs I can ping each end, I have access to the shares in both ends, DNS appears to be working ok...
  (Note: In one of the tests I created a new primary zone in DC02 to pre-stage the new domain tree zone in DC02 before running the active directory setup in DC02, then I went to DC01 and ping the DC02 by its FQDN, and DC02 replied, however if I try to ping only
  the Primary Zone by its name "newdomaintree.com" it fails in both DCs witch is weird to me, I did the same test for the First/Domain DNS Zone in DC01 and worked ok for both tests, I could ping DC01 by FQDN and ping the "Domain.com" DNS
  zone in both ends ).
  Any thoughts on this one?!
  Thank you.
  Ip Config for the Lab Servers:
  DC01
  PS C:\> IPCONFIG /ALL
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : f1d1-srv-01
     Primary Dns Suffix  . . . . . . . : f1d1.lc
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : f1d1.lc
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
     Physical Address. . . . . . . . . : 00-15-5D-01-47-17
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::3423:7d39:f13b:22e4%12(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.10.10.254
     DHCPv6 IAID . . . . . . . . . . . : 201332061
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-91-77-A5-00-15-5D-01-47-17
     DNS Servers . . . . . . . . . . . : ::1
                                         10.10.10.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{FFDDBBEF-DD20-4ADD-98B1-B3C6D6BD66FE}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  PS C:\>
  DC02
  PS C:\> ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : f1d2-srv-01
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
     Physical Address. . . . . . . . . : 00-15-5D-01-47-1A
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d562:7f42:6041:30f8%12(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.10.20.1(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.10.20.254
     DHCPv6 IAID . . . . . . . . . . . : 201332061
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-92-44-F8-00-15-5D-01-47-1A
     DNS Servers . . . . . . . . . . . : ::1
                                         10.10.20.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{545D35C6-250D-41AB-87CD-6FE8FA85E175}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  PS C:\>

  As far as getting the ::1 from being the first resolver go into network properties for ip 6 and modify the address so that both the address and dns are provided via dhcp.  Since you don't have a dhcp server for ip 6 to give a dns record that should
  go away.
  If I understand your output correctly DC2 is the new DC.  Do you have a forwarder to on DC2 so that it can find the zone for the root forest?  My guess is no.  I would recommend that although these two DC's are in different domains that they
  point at each other as primary DNS (For DC 1 you can't point at DC2 until after it has been properly promoted into the forest).
  So to start with change DC2's network settings to point to DC1 or use a conditional forwarder or a secondary zone of the root zone on DC2.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.
  Hi Paul
  As far as getting the ::1 from being the first resolver go into network properties for ip 6 and modify the address so that both the address and dns are provided via dhcp.  Since you don't have a dhcp server for
  ip 6 to give a dns record that should go away.
  I try that but makes no difference for this scenario.
  If I understand your output correctly DC2 is the new DC.  Do you have a forwarder to on DC2 so that it can find the zone for the root forest?  My guess is no. 
  Your guess wrong - remember, I can validate the credentials at the parent domain, and the setup only freezes at the
  "Replicating the schema directory partition" stage.
  I tested with forwarders, stubzones, conditional forwarding, IT WALYS FAILS at  "Replicating
  the schema directory partition" stage. when the new DC (DC2) is pointing to itself. It only WORKS when is pointing to DC01.