Domain Controllers relies on one another
I inherited a server system and was told that a certain server was the domain controller. For years we added accounts, servers, etc on this domain controller. Recently we made some changes and took other servers out of production. When doing so we noticed
that when what we thought was the main server was rebooted it would not load dns or AD. After doing some commands we found that the pdc, master, etc roles were on a server we turned off. We then immediately transferred all roles. After rebooting
again it still was not working without the old server. We then decided to just fire up the old server and had the same issues with loading the dns, ad, etc. We then fired up the old server and then server we thought was main(and is now
since we transferred all roles to it). At first both servers were unable to access the dns and ad but then after a few minutes all was running properly on both. It almost appears that they rely on one another. We ran dcdiag on both and see no issues.
One thing that is odd is that neither server has the same items within the netlogon. On the old server the folder within sysvol looks like and actual folder where as the other server it looks like a shortcut. I should mention the old server is windows 2003
and the other is 2008 R2.
My question is why would one another rely on each other and how do I make it so the old server is no longer required? I ensured the tcp properties/primary dns was set to itself. I also ran dcdiag /fix which was fine along with checking items with nslookup.
I am at a complete loss.
I do have some errors within the event viewer but they are not directing me to any possible solutions. Now just for the heck of it I tried creating another domain on a windows 2012 server and select only the one server for replication but each time it adds
the old server as dns. I then thought maybe the old server was the main dns but when I look at each server the dns point to itself but if one is off the dns is inaccessible. Now the odd part is once I have all up I can then shut the old server off and all
works fine until I reboot the server. Also both servers are GC too.
Any advice?
Checklist before demoting a Domain Controller.
1) FSMOs is present or not . If present need to transfer.
2) Need to DHCP scope accordingly.
3) Application dependency like MS-Exchange , Citrix & so on.
4) Use DNS debug log before demoting any DC.
The Fun in DNS Debug Logging - Read the DNS Debug Log
http://social.technet.microsoft.com/wiki/contents/articles/13640.the-fun-in-dns-debug-logging-read-the-dns-debug-log.aspx
Pls upload the below result & upload in skydrive and share the link.
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl * /verbose /all /intersite > c:\repl.txt
A quick little dump repadmin /replsum > c:\replsum.txt
-> ADReplStatus
-> dnslint /ad /s “ip address of your dc”
https://dirteam.com/paul/2009/01/26/troubleshooting-active-directory-issues/
Regards,
Biswajit
MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
Blog:
Script Gallary:
LinkedIn:
Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..
Similar Messages
-
Our environment has both 2008R2 and 2012R2 Domain Controllers. Recently one of our Domain Admins started having problems logging onto all servers by remote desktop except for domain controllers. The error message is as follows:
"To log on to this remote computer, you must be granted the Allow log on through Terminal
Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote
Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually"
All the other Domain Admin Accounts do not have this problem. Suggested solutions recommend checking local policies on the individual servers however I feel that is not
right. Also there many servers hence doing that in each member server would be cumbersome. There must be solution that requires a single action for all servers and also does not involve creating a new account. The account was recently used to implement
a Windows 2012R2 WSUS server and besides the DC's, it is the only other server the account can remote into. This is strange. Help please.Hi,
Does that user has permission for remoting before?
To start with, there are two types of user rights; Logon rights & Privileges. In simpler terms these are:
1) Remote Logon: rights to machine
2) Logon: privileges for access to the RDP-TCP Listener
The Remote Logon is governed by the “Allow Logon through Terminal Services” group policy. This is under
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
Also check RDP-TCP listener properties. More information.
“Allow Logon through Terminal Services” group policy and “Remote Desktop Users” group.
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Clustering Configuration with Primary & Secondary Domain Controllers
Hello.
I am trying to configure Failover Clustering on my Server 2012 computers.
I have a primary domain, as well as a secondary domain.
We will call them dc1.domain.com and dc2.domain.com.
I have Failover Clustering Manager installed on both servers.
Upon adding them both to the Create A Cluster Wizard, I receive the following error message on my report.
(My account is fairly new, so it will not let me attach an image, but I assure you, it is safe)
s14.postimg.org/lssjm2vu9/Screenshot_1.pngMore that trying to avoid clustering domain controllers, you simply cannot do it. Active Directory has high availability built into it. It is known as multimaster, meaning there is no primary and secondary domain controllers. All are 'masters',
meaning you can make changes on any domain controller and the change will be replicated to the other DCs.
If you only have two physical servers and you want to cluster them, you will first need to install the Hyper-V role on the servers (it is not recommended to install both Hyper-V and Domain Controller on the same box, so we will get this fixed). Once
you have Hyper-V installed, build a VM on each server, join them to the domain, and promote them to domain controllers. On one of the VMs, seize the FSMO roles from the FSMO master. Then demote the physical hosts from being domain controllers.
You can now form a cluster of the two physical servers.
. : | : . : | : . tim -
Patching Domain controllers on different days. Can this cause issues
You fellas are awesome. Thanks for the peace of mind.
We have a few domain controllers that need to be patched. 2 for one of our locations and 2 for the other. They are both on different subnets however they do replicate AD information. My plan were to patch the two domain controllers tonight for one of our locations. Then patch the others on a different night for the other locations. My question is will this cause any replication issues since the two DCs would have different updates and service packs? I remember having this issue with exchange when I did this but Exchange was in a DAG which the AD boxes arent. Any replies are much appreciated.
This topic first appeared in the Spiceworks Community -
Moving Domain for iWeb from one computer to another
Have moved my website domain from Library in one computer running Leopard into Library in another computer running Lion.
Deleted default Domain in new Library, but when I open iWeb app the empty default Domain opens with nothing in it and returns back to Library folder in new Library. Even when I open Domain with my site directly from Library iWeb opens as a new app without my site. Everytime I delete the default Domain
it returns.
How do I get the computer to recognise my site Domain in Library of computer running Lion? And to not keep recreating default empty Domain?
I have done this transfer before between 2 computers running Leopard and it works every time.
Help! Please.....
GarethAs previously noted I got my Domain across to new computer running Lion and everything runs just fine
Editing my site hasn't altered except that now after pressing 'Publish', the edited site won't open and I am taken to the site of my Australian Server 'Big Pond' with a message saying that my site doesn't exist.
When I navigate to my site my edits have worked and the page opens normally.
My site publishing settings are:
'Publish to Mobile Me'
Site name - gareth-sansom.com
The site though opens at http://web.me.com/gsansom/ (where it used to automatically open in after pressing Publish)
I have tried changing site name to that in 'Publish to Mobile Me' but then nothing works including publishing.
If I leave Publish to Mobile me as 'gareth-sansom.com' the publishing works, but I can't open my site after the publishing without navigating to it.
Am I missing something here? -
One way trust WMI issues - only on domain controllers
Hi all,
I'm having some interesting issues with attempting to setup remote monitoring via WMI from a trusted domain service account to some remote domains in our environment. There is a one way trust setup, and the service account has no problems with any client
machines, but gets rejected when attempting to query the domain controllers.
I've verified this is an issue both in our enterprise and production environment. I assumed it had something to do with the Domain Controller Security Policy and added the account in question to the following policies to no avail:
Act as part of the operating system
Log on as a batch job
Log on as a service
Replace a process level token
Now I'm beginning to suspect it's something to do with not being able to add the service account to the "domain admins" group, however I'd much rather a solution that didn't involve giving this account admin privileges at all.
I've given the account read permissions to /root/CIMv2 via the WMI control MMC snap-in, as well as DCOM remote enable and added it to the "Distributed COM Users" and "Performance Monitor Users" groups.
I'm fully out of ideas and my google-fu is failing. Anyone hit this before?Hi,
Yes, you will need to know the credentials of the domain admin in the trusted domain.
You can try to use Get-WmiObject command, and input trusted domain administrator’s credentials, which should give you admin privileges.
Using the Get-WMiObject Cmdlet
http://technet.microsoft.com/en-us/library/ee176860.aspx
If you have problems of applying Powershell, please refer to Powershell forum below:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell&filter=alltypes&sort=lastpostdesc
Regards,
Amy -
Configuring one LDAP domain with two OU (one RO, another RW)
Hi Team,
My client is implementing NW 7.0 Enterprise Portal on SP14, AIX 5.3 & Oracle 10.2.0.4.
We're using MS-ADS LDAP as an UME data source. The client wishes to configure UME for one single ADS LDAP (domain) with two OU (NOT domains) such that:
1. One OU has read only access
2. Second OU has read/write access
Following is an illustration of the LDAP tree structure:
CORP_DOM
-- INT_USERS (CN=IntUsers, DC=CORP_DOM, DC=NET) - read-only
-- INT_GROUPS (CN=IntUsers, DC=CORP_DOM, DC=NET) - read-only
-- EXT_USERS (CN=ExtUsers, DC=CORP_DOM, DC=NET) - read/write
-- EXT_GROUPS (CN=ExtGrp, DC=CORP_DOM, DC=NET) - read/write
|-- SAccounts
|--
|--
Note the single LDAP domain, multiple user and group paths with different access privileges.
Based on what I've read so far, this does not seem feasible as the datasource configuration file has to have unique datasource id and the private section allows only one tag for user path and group path.
I checked OSS, SDN but could only find information on configuring multiple domain/LDAP and not one LDAP domain but two OU/CN.
Kindly let me know if anyone has come across or done such a configuration.
Thanks.Hi GLM,
You are right, access permissions to the OU are given to the service account used to access the directory from the portal.
The issue I have is not about granting permissions - its more about whether it is possible at all to configure UME for one single ADS LDAP (domain) containing two OU (NOT domains). I'd need to access the directory with two different service users having differen access privileges.
I don't see how it can be done, since the datasource id in the portal datasource configuration file has to be same as the domain and the private section allows only one tag for user path and group path.
Thanks. -
Disabling IPv6 on 2008R2 Domain Controllers... Best Practice?
At the end of last year I had a call with Microsoft Support in which I spoke with a member of the Directory Services team regarding an issue. The issue was resolved with no further problems, but while conversing with the Technical Support Engineer
I queried him on another issue regarding a second copy of our DNS zone in Active Directory. He looked at it (remoted in via RDP) then looked at my NIC properties and stated that the reason it happened is because we are running IPv6 on our DCs.
I told him we do that on all our servers. (leave IPv6 enabled.) He then stated that we should not do that, expanding by saying that "Microsoft is in the process of rewriting documentation as IPv6 is no longer supported on Domain Controllers."
Needless to say I could not believe this. I told him how Exchange on an SBS server cannot have IPv6 disabled as the server will stop booting, but he was very adamant about it; he even put me on hold for 10 minutes then came back saying he confirmed
that this is the case and spoke with the "Documentation Team" and the new Best Practices would be released within the next month. In the meantime he recommended I disable IPv6 on all my DCs. (I work in Consulting so that's a lot of DCs at various different
business entities.)
I didn't believe him then, and I don't believe him now. Reviewing the FAQ linked through http://support.microsoft.com/kb/929852 Says that Microsoft does not recommend disabling IPv6. Of course no documentation ever came out, nor have I
found anything to agree with his statements. (we solved the duplicate partition issue ourselves.)
I just wanted to post here and see if anyone else has heard of this, maybe I'm the one not up and up on my info. Has or does Microsoft plan on reversing course on the new IPv6 technology that 2008 and up are built on? I would think that quite
preposterous!
Thanks,
Christopher Long
Science is a way of thinking much more than it is a body of knowledge. -- Carl SaganThere are cases where you DO WANT to disable IPv6 on a domain controller.
Example: you have an IPV4 network and do not have IPV6 deployed. In this case if you are not using IPv6 but leave it enabled than Windows will assign itself an IPv6 at random via the APIPA process. That IP address can and does change when you reboot the
server.... So I bet you see the problem here.
If you build a domain controller with IPv6 enabled - it will register it's IPV6 address in DNS as offering AD services. Then when you reboot that domain controller and that address changes - BOOM. AD comes crashing down. AD relies heavily on DNS. Windows
thinks it's smarter than you and registers it's IPv6 address obtained via APIPA in DNS. Now that's a problem. Particularly because Win Server 2008+ prefer IPV6 over IPV4 networks. So communication can blow up even if a valid IPv4 network is available.
So yes - there are instances where you do want to - in fact need to - disable IPv6 on domain controllers. Microsoft's documentation does not reflect this but it should. At a minimum if they want you to leave it on they should at least remind you to set a
static IPv6 address if you're running an IPv4 network.
(ask me how I know all this over a beer some time)
I opted to just disable it. Despite MS's documentation warning of the contrary - I've seen no adverse impacts. Exchange, Sharepoint, AD, etc. all humm along fine. -
I need to find domain controllers that have been removed but never demoted.
Here's the story...
I came on an Active Directory administrator for an organization which has 600+ domain controllers, most running Server 2003, but I have some Server 2008R2. Throughout all this time the organization has had DCs that have stopped working, crashed or failed
for some reason and all the IT department has done is created another domain controller name it the same thing with an (A), (B) appended to the name and then never removed any of the failed controllers from the directory.
Thing is this has been going on for quite some time, don’t know for sure how long as I am still trying to clean up DNS replication problems and have been having to go around and reset machine passwords for the forest. What I need to be able to do is to script
something that will return all the failed DCs so that I can go into the directory and use NTDUTIL to clean the machines. I don’t want to go into the directory and remove a machine that’s still out there. No one in the organization has a list or record of failed
machines.
You can see this may be a gargantuan task, but I need to be able to make it easier on
myself by finding the machines first and cleaning out DNS, cleaning the DCs out of the “Sites” and cleaning them out of the directory.
Appreciate any help I can get…Hi,
Thanks for posting in the forum.
Regarding your question, maybe we should remove these orphaned DC from AD, please try to refer to the following articles to perform the cleanup task.
How to remove completely orphaned Domain Controller
http://support.microsoft.com/kb/555846
Complete Step by Step to Remove an Orphaned Domain controller
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
Metadata Cleanup of a Domain controller
http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/
Here is a similar thread as reference, hope it helps.
Remove References of a Failed DC/Domain
http://social.technet.microsoft.com/Forums/windowsserver/en-US/87516188-731a-4b7f-a4cc-06ce4ad27b19/remove-references-of-a-failed-dcdomain
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Andy Qi
TechNet Community Support -
Communication issues between domain controllers
Hi everyone,
I am experiencing some problems in communication between domain controllers in our organization
We have three domain controllers, one of them is a Windows 2003 server service pack 2 which is physical (controller A), another which is Windows 2008 Service Pack 2 (controller B), also physical, and a third one (controller C) which is a Windows 2008
service pack 1 and is virtual.
I have problems with this last DC, it won't respond to pings, or DNS query. I can't Access it by remote desktop client even when it is enabled. I cannot update it, it prompts error messages if I try to do so.
This problems are solved if I reboot it, it will work fine some hours or days, but not much longer. I have checked event viewer and I didn't found any message about this.
I read some time ago it would be great to have a DC in a virtual machine, so I did it, but is it right?
Do you know what might be going on with it? would depromoting it and seting it up again the best solución?
Thank you very much.
Best regards.
David.This sounds like a NIC issue, which is odd since it is a virtual machine. Have you checked the host for any logs about the client?
I think the first thing I would do is destroy the current virtual NIC card and add a new one. Since this has nothing to do with Active Directory I would also suggest you post this in a forum of for the Host (VMWare or Hyper-V).
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hi, we are looking to retire 2 out of our 5 2008 r2 domain controllers. There are no FMSO roles on these 2 controllers. The only other role is DNS. All devices and workstations are now pointing to other DNS servers besides these two.
My question is that I want to simply shutdown these 2 servers for a week or so and see if anything screams. If it does I can simply bring the controllers back up and figure out what went wrong. If nothing screams I can then safely demote them from being
a domain controller
Is the act of shutting them down for a bit a valid way of testing? This will be done off hours but what can the end users or application servers expect if the DC they were using is no longer there, will they get error messages on the screen or
will it silently go to another DC in the background?
Any thoughts would be appreciated.
ThanksIs the act of shutting them down for a bit a valid way of testing? This will be done off hours but what can the end users or application servers expect if the DC they were using is no longer there, will they get error messages on the screen or
will it silently go to another DC in the background?
Greetings!
No it is not. When they are offline the replication for sure will occur and you may get replication problems due to tombstone and lingering objects may appear. If you are concerned about the drawbacks of demotion, just do them one by one and check replication
and go for the other one. But from a technical view it is OK to demote them if they are holding no FSMO roles.
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
Has anyone arrived at a good GPO(s) for domain controllers to be updated by WSUS? Of course, one in which only half of the domain controllers at each facility receive the updates at one time and another half at a separate time.
Has anyone arrived at a good GPO(s) for domain controllers to be updated by WSUS? Of course, one in which only half of the domain controllers at each facility receive the updates at one time and another half at a separate time.
Well... the conventional wisdom is that Domain Controllers should not have automated installs, but rather monitored installs. So... AUOptions = '3', and a human being to launch the installs and monitor the reboot at a time when appropriate with consideration
to the other Domain Controllers.
However, if you must *schedule* these things, then you'll have to use Active Directory Security Group Filtering, create TWO GPOs for the Domain Controllers OU, and filter one GPO to one half (via Security Group 'A') and filter the other GPO to the other
half (via Security Group 'B').
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Excessive Traffic on Port 445 between 2 Domain Controllers
Hi, my company has over 45 DC's across about 25 sites worldwide. We are noticing a lot of traffic using wireshark and Network Monitor on Microsoft-DS port 445. I have been searching if this is normal and what I see is that it is used for SMB File and
print sharing. Well, I don't have any file shares on these DC's other than the normal admin shares and sysvol share. I don't believe this is replication traffic since these 2 servers are not replication partners. I have checked sites and services to make sure
the intersite and intrasite connections look good. This traffic is constant over weeks and it is about 1 GB an hour between the 2 servers. This would not be a big deal if this was just on the local LAN but it is over the WAN and
that saturates the line. Should 2 DC's be talking that much that are not even replication partners? What type of traffic could it be. I am at a loss for troubleshooting this. I have done packet captures but that really does
not tell me much ( that I can read anyway). Oh, I have run AV scans alos and finding nothing.
Any help would be greatly appreciated.
Steve
SteveActually, DFS/FRS/DFSR replication is not related to NTDS replication. It uses a directory change notification event to trigger replication to a replica, and that is to all DCs in the domain. That's why you can have SYSVOL replication problems but AD replication
of the partitions do not have problems, such as when you create a user on one and it replicates to it's NTDS partner.
Below is a summary. You can read about how the whole process with NTFRS/DFSR works in the links below, if you like:
Introduction to Administering DFS-Replicated SYSVOL
"DFS Replication technology significantly improves replication of SYSVOL. ... When a change to a file occurs, FRS replicates the entire updated file. With DFS Replication, for files larger than 64 KB, only the updated portion of the file is replicated."
"To replicate only updates to files, DFS Replication uses an algorithm called remote differential compression (RDC). RDC detects changes ... without having to replicate the entire file. RDC detects insertions, removals, and rearrangements of data
in files. The DFS Replication service monitors SYSVOL, and, if a change occurs to any file that is stored in SYSVOL, DFS Replication automatically replicates the file updates to the SYSVOL folders on the other domain controllers in the domain. "
http://technet.microsoft.com/en-us/library/cc794837(v=WS.10).aspx
How FRS Works - Windows 2003
http://technet.microsoft.com/en-us/library/cc758169(v=WS.10).aspx
DFS Replication: Frequently Asked Questions (FAQ)
http://technet.microsoft.com/en-us/library/cc773238(v=WS.10).aspx
I think 316 MB in SYSVOL is a good amount of data. What is in there taking up that much space? Is something using SYSVOL to store it's data, such as an app that's constantly changing data?
The reason I'm asking is that this could be the cause of the issue, since if it changes on one DC, then it replicates, then another change occurs, etc., and it keeps going and it appears that a ton of data is being moved back and forth.
Quick story - I remember a customer was using SYSVOL to store data so they can access it across the WAN link. He said he did it because of its "cool" replication features. I said, yea, but it's meant for domain data (GPO policies, templates, etc.)
and not for custom data. Create a DFS share for that so it works independently of SYSVOL.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Windows Time Configuration - 2 Domain Controllers
I have 2 Domain Controllers. One is 2012 and the other is 2003. I recently added the 2012 server and configured it to be the authoritative time server by following this article...
https://support.microsoft.com/kb/816042
I see events on some clients that indicate they got their time from the older 2003 server. Should both DCs be configured this way or do I need to do something on the 2003 server so it is no longer authoritative?Dang it, I knew I left something out! Thanks for reminding me.
On the 2003 server check HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\service\W32Time\Parameters
If the Type key is NT5DS then it should be adhering to the default hierarchy, ie: pulling time from the PDCE.
If instead it reads "NTP" then the 2003 DC still thinks it is authoritative. You can manually change it back to NT5DS and restart the Windows Time service.
Another option is to run "w32tm /query /source" on the 2003 system to see what it is using as the current time source.
If the time source is not the PDCE, you can run the commands from the following technet:
http://technet.microsoft.com/en-us/library/cc738042(v=ws.10) -
Do I still remote Domain Controllers.....
We currently have remote sites, with Domain Controllers which are also Global Catalogue servers.
We are still running as Windows 2000 Native…(Long Story).
We are planning to remove the remote DC’s as most of their functions as a file server has been removed, and we are wondering if there is any need any more for the remote locations to have a Windows Domain Controller.
The clients will shortly be running Windows 7, and we are thinking of setting up printing on a local Windows 7 machine, along with a share for roaming profiles.
Is this a good idea or are we missing something…From
http://technet.microsoft.com/en-us/library/cc978016.aspx
Automatic Site Coverage
There is not necessarily a domain controller in every site. For various reasons, it is possible that no domain controller exists for a particular domain at the local site. By default, each domain controller checks all sites in the forest and then checks
the replication cost matrix. A domain controller advertises itself (registers a site-related SRV record in DNS) in any site that does not have a domain controller for that domain and for which its site has the lowest-cost connections. This process ensures
that every site has a domain controller that is defined by default for every domain in the forest, even if a site does not contain a domain controller for that domain. The domain controllers that are published in DNS are those from the closest site (as defined
by the replication topology.
For example, given one domain and three sites, a domain controller for that domain might be located in two of the sites, but there might be no domain controller for the domain in the third site. Replication to the domain that does not have a domain controller
in the third site might be too expensive in terms of cost or replication latency. To ensure that a domain controller can be located in the site closest to a client computer, if not the same site, Windows 2000 automatically attempts to register a domain
controller in every site. The algorithm that is used to accomplish automatic site coverage determines how one site can "cover" another site when no domain controller exists in the second site.
Maybe you are looking for
-
I just don't want my brother or anybody else to have access to my iCloud or my money in my AppleID.
-
Mavericks 10.9.1 won't shutdown or restart
Just upgraded to 10.9.1 Mavericks. Since upgrading, my MacBook Pro won't shutdown or restart; nothing happens after instigating, then after a few minutes a dialogue box appears saying an open application prevented the action. I have tried to upgrade
-
Socket Exception in Admin Server Logs
Hi All, We are facing a socket exception in Admin Server log. PFB for the exception logs: [2011-12-26T00:36:21.793-06:00] [AdminServer] [WARNING] [] [oracle.adfinternal.view.faces.renderkit.rich.TreeRendererUtils] [tid: [ACTIVE].ExecuteThread: '44' f
-
ok i just got a new ipod nano and i downloaded the new software. when i connect it and it shows up to say register your ipod its too small to see and i can't see it say register now just register later on the left side. what should i do?
-
EBS Auto Subledger posting - Search String
Hi Can any one give some detail on how. EBS - Search string config work. requirement is that on customer is paying in a single payment for different invoices. all the invoice numbers are quoted in the FINSTA, can we make FINSTA work to automatch all