Forest Root non-accessible\Child Domain still accessible. Can I recreate Forest Root and create Trust to current Child Domain?

Hi,
The 2 DCs for our Forest Root took a hit and are non-accessible, however the Child domain is still accessible.  Can I recreate the Forest Root from scratch and Trust/Link to current Child Domain?  So Im looking for my options to keep an accessible
Child Domain, but recreate a new Forest Root cause the current one is inaccessible.
Thanks for your help! SdeDot

Hi, 
Would you please tell us that what do you mean by they
are non-accessible?
Are you able to log onto any of the two DCs in the forest root domain? If yes, we can use dcdiag.exe to analyze the state of the dc in the forest root domain.
If you have any system state backup of the DCs in the root domain, please restore the DC from backup.
Best Regards,
Erin

Similar Messages

  • Is there any way that I can use airplay and Apple TV non mirroring, similar to what you can do with a projector and use it as a second monitor/screen?

    I am trying airplay one thing from my computer to my apple tv, but at the same time work on something else on my actual computer screen.
    Such as airplay a movie to the apple tv but use my computer to work on something else.
    Is this possible/will this in future updates.

    That was a new feature added with Mavericks (OS X 10.9).
    http://www.apple.com/osx/whats-new/features.html#displays -- see "AirPlay Display" in the right column.

  • I created a new apple id and as my billing info i put in my itunes card. i still have $18 left in the account but it wont let me buy anything because i put none as my payment method. what can i do to fix this?

    i created a new apple id and as my billing info i put in my itunes card number. i still have $18 dollars left in the account but it wont let me buy anything else because it constantly asks for my billing info and i now put none as my payment method. how can i buy stuff again?

    Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card
    Step 3 is important, no matter whether you do this on a Mac or an iPad / iPhone:
    Important: Before proceeding to the next step, you must download and install a free application. ...
    Important: Before proceeding to the next step, you must download and install the free application by tapping Free followed by tapping Install App. ...

  • Pros and cons in setting AD domain trust into my AD domain for more than 10+ AD domain and some with same FQDN or label ?

    Hi,
    Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different AD sites into my existing single domain forest let say ParentCompany.com ?
    At the moment I only have one single forest AD domain with the Domain and Forest functionality Windows Server 2003. The main domain controller FSMO role holder is in the Data Center spread across three different VMs running on Windows Server 2008 R2.
    The main/parent company has acquired smaller business chain of 15+ offices in which they have their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain).
    Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure previously.
    I'm now considering what are the benefits of creating the AD domain and trust versus importing those AD objects into my domain and then decommission them.
    No need to worry about Exchange Server since all of the user in those sites connecting to the RDS to my ParentCompany.com terminal servers.
    My requirements or goal are as follows:
    1. Simplify the AD domain structure & maintenance
    2. Try to avoid the disruptions of the user in terms of downtime and selecting multiple different domain everytime they login to their PC or SharePoint sites.
    any kind of help and suggestion would be greatly appreciated.
    Thanks.
    /* Server Support Specialist */

    Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different
    AD sites into my existing single domain forest let say ParentCompany.com ?
    I think you mean 10 AD domains.
    Managing multiple domains can be difficult for administration. I usually recommend using a single domain in a single forest with OUs to separate resources whenever it is possible.
    However, if you can't do that then you can simply create trust relationships between your domains. The advantage is that you can enable access to resources to different domains. I do not see cons here.
    The main/parent company has acquired smaller business chain of 15+ offices in which they have
    their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain). Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure
    previously.
    I'm now considering what are the benefits of creating the AD domain and trust versus importing those
    AD objects into my domain and then decommission them.
    I would recommend consolidating your domains into a single one. ADMT is a migration tool that you can use. The advantage would be the ease of administration. Also, by having multiple DCs for the same domain across sites, you will take benefit of High Availability
    of your and DRP.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Unable to create Trust between domains

    Scenario. I am trying to build 2 way trust between two Windows forests abc.com & xyz.com
    Highest OS in both domain is Win 2008 R2
    FFL and DFL in both is Win2003
    I added forwarders in DNS in both - It is resolving
    I disabled Antivirus
    I stopped Windows firewall in all the DCs of the domains and no n/w level port restrictions is there
    I am able to ping to all DCs from each of the DCs in both domains.
    Doing above all I am unable to create trust - in the trust wizard it is not identifying Domain names.
    Another thing is I have a Primary zone exists in name of each of the domain name. ie In abc.com I have another Primary zone created in xyz.com, Likewise in XYZ.com I have ABC.com primary zone . Will this be an issue?, If not guidelines please...

    Hi,   
    >>In ABC.com I have a Primary zone created as xyz.com, Likewise in XYZ.com I have ABC.com primary zone .
    How
    did
    you create these Primary zones?  Is there a ABC.com zone in ABC.com?
    >>I am unable to put Conditional forwarders because I have a Primary zone exists in name
    of each of the domain name
    If
    there is
    a
    DNS zone of another domain
    then we cannot create a conditional forwarder for the other domain.
    Besides,I
    suggest you check the SRV Records. You can try to restart the netlogon services
    to re-register SRV records.More
    specifically, in the command
    prompt, type
    net stop netlogon to stop netlogon services, then type net start netlogon to start netlogon services.
    Best Regards,
    Erin

  • Enabling Trust Between WebLogic Server Domains

    Hi everyone,
    We have two sites, each one running one WL 8.1 instance. The problem is that we have different users in each one, and they need to access both sites (using a RMI call).
    When the user is created in both sites, there is no problem. But we do not want to replicate all users in all sites.
    So this is what we are trying to do:
    Create the user in one site and enable trust between Weblogic Server domains (giving both sites the same password), so once one user is authenticated, the other site will not try to authenticate this user again. But since this user does not exist in the other site, he has no permission to do anything at all. Because of that we receive the following error message: "User a7ax does not have permission on br to perform lookup operation."
    Does anyone have any idea about how we can handle this, and enable the users to use other sites, without creating the user in both sites?
    Thanks in advance.
    Cesar

    In order to debug this issue you need to determine which kind of security has been applied on the web service deployed on remote weblogic server.
    Whether it requires username/password from the calling web service ?
    or it requires any kind of digital certificate from the calling web service etc......
    the most usual secnario where cross-domain security is required is as:
    If a user- Test calls a service- ServiceA on Weblogic Domain-domainA and provides its credentials and is authenticated properly.
    Then if this service requires to call another service -ServiceB on another Weblogic Domain - DomainB which is also secured then there should be a cross-domain trust should be enabled between the domains DomainA and DomainB so that the subject populated in the domainA can be transferred to DomainB.
    Now you should determine whether this is the secnario you are trying to achieve or it is something else.
    Also try to use the following debug flag in the DomainB where the provider service is deployed to get the exact reason why it is failing to verify the security check.
    -Dweblogic.DebugSecurityAtn=true
    This debug flag is enabled as JAVA_OPTIONS.
    Thanks,
    Sandeep

  • My mail is stuck in yesterday's mail.  None of the icons are accessible.  Can't open delete or change mailboxes.  Still getting mail.  Any suggestions?

    My mail is stuck in yesterday's mail.  None of the icons are accessible.  Can't open delete or change mailboxes.  Still getting mail.  Any suggestions?

    This forum is for troubleshooting Mail under Mac OS 10.4 Tiger, not Leopard. You'll probably want to post your question in the Leopard Mail discussions:
    http://discussions.apple.com/forum.jspa?forumID=1223

  • My ipad2 was stolen today and I was not able to wipe it remotely.  Apple deauthorized it but since I had a bunch of apps on there, are they still accessible?

      Apple deauthorized it but since I had a bunch of apps on there, are they still accessible?

    Check out this thread...  https://discussions.apple.com/message/12060224?messageID=12060224
    Your apps are stored in your iTunes Library on your computer. If you recover the iPad or purchase a new one just re sync your apps / music etc.

  • Create user account in Child Domain

    Dear all.
    Kindly, i have Forest contain two domain Root domain, child domain.
    in the child domain i can create a user account using the root domain.
    i want to stop this. i want the IT Department there create users for there domain only?
    thanks
    Ashraf Hilal

    Hi Ashraf,
    Your query is not clear. Do you want to restrict enterprise administrators from creating user accounts in child domain?
    By default, Enterprise Admins group is part of Builtin Administrators group in the child domain.
    When child domain is introduced, by default Enterprise Admins group is added to Child Domain\Administrators group (Builtin local Security group).
    How to Restrict Enterprise Admins From Child Domain
    http://social.technet.microsoft.com/wiki/contents/articles/16919.how-to-restrict-enterprise-admins-from-child-domain.aspx
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/a72dc036-3375-4124-9ef7-d30af104451a/enterprise-administrator-and-child-domain?forum=winserverDS
    Regards,
    Rafic
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Domain is not discovered in untrusted forest

    I have the following Setup.
    Domain A in forest A. ASCCM2012 Primary Server  with SCCM 2012 SP1 CU1 server installed with MP,DP and SUP. Domain A i a 2008 R2 domain.
    Domain B in Forest B, MP and DP and SUP installed on BSCCM2012. Domain B is a 2012 domain.
    There is no trust between forest A and forest B. For the testing the firewalls on the SCCM servers are disabled. There is full network connectivity between the servers. I have setup a forest discover account SCCMADDiscover that is created in domain B as a normal
    user.
    Problem.
    I have setup forest discovery (and thereby forest publishing) of the Forest B on the Primary SCCM server.
    In the console on the "Active Directory Forests" it says that both the discover and the publishing have been successfully.
    But when I look at the "Domains" tab for the Forest B it says “No Items Found”.
    When I look in the ADForestDisc.log file I see the following errors:
    Entering function GetUserCredentials() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:20 7988 (0x1F34)
    ERROR: [ForestDiscoveryAgent]: Failed to save data for domain B in forest B due to ActiveDirectoryOperationException. Discovery will be attempted on next cycle. SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function ReportForestDiscoverySuccessStatusMessage() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Raising discovery success status message for forest B, in which we discovered 1 site(s) and 0 subnet(s). SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Calling ReportStatus, keys= SMS_AD_FOREST_DISCOVERY_MANAGER, 1073750724, 0 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    STATMSG: ID=8900 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_FOREST_DISCOVERY_MANAGER" SYS=ASCCM2012 SITE=P01 PID=2344 TID=7988 GMTDATE=to maj 16 11:07:21.315 2013 ISTR0="AssensOpen.dk" ISTR1="" ISTR2="" ISTR3=""
    ISTR4="0" ISTR5="1" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForAllSiteSystems() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to update forest fqdn for all site systems associated with site P01 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForSiteSystems() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::GetForestName() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to discover forest name for server BSCCM2012. SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Failed to get the domain basic info for machine BSCCM2012. Error returned is: 5 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Entering function CActiveDirectoryForestDiscovery::GetForestName() SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Trying to discover forest name for server BSCCM2012 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    Failed to get the domain basic info for machine BSCCM2012 Error returned is: 5 SMS_AD_FOREST_DISCOVERY_MANAGER 16-05-2013 13:07:21 7988 (0x1F34)
    As it can be seen in the log file it fails to get forest name and domain name for the server BSCCM2012 in the untrusted domain. It gets an error 5 that I assume is a Access Denied.
    I have tried to give the SCCMADDiscover account domain and enterprise admin rights but that did not help. I have also tried to add the SCCMADDiscover to the local admin group on BSCCM2012 server but that didn’t help either.
    It also seems that the data is not saved correct.
    ERROR: [ForestDiscoveryAgent]: Failed to save data for domain B in forest B due to ActiveDirectoryOperationException
    Where is it the SCCMADDiscover account have insufficient rights?
    Thomas Forsmark Soerensen

    Thanks for letting me know. This means that this is not the root cause, so I can focus on other things.
    There´s also another problem I´m not sure if it related to the Forest Discovery and I wonder if it´s the same for you. I will create a separate topic if it´s not related, but maybe you can confirm from your side. For the Computers which have been discovered
    in the untrusted Forest, when I go to the properties of a system, the property "System OU Name" changes from time to time. When I look at the property throughout the day for different systems it´s sometimes empty, sometimes shows the complete OU paths and
    sometimes just the single OU Containers. For example when a System is located in EU\COMPUTERS\SERVERS, sometimes the whole path is shown (like for all systems in the trusted Forest) and sometimes it just shows "EU";"COMPUTERS";"SERVERS" or it´s just empty.
    All for the same system during different times throughout the day. Like it´s not able to grab the complete OU paths. I have no error in the AD System discovery log, so I wonder if this is related to the Forest Discovery too.
    This makes it impossible to build collections based on System OUs, so I am using the DN currently (which is populated properly).

  • HT4528 My friend switched from an iphone to a non apple phone. All my texts to him in groups and one on one still come up as imessages. How do I get rid of the imessage when i talk to him? I have tried deleting his number, deleting all messages he was apa

    My friend switched from an iphone to a non apple phone. All my texts to him in groups and one on one still come up as imessages. How do I get rid of the imessage when i talk to him? I have tried deleting his number, deleting all messages he was apart of

    Did you try to unregister the phone?
    Check this discussion

  • One way trust relationship between different domain windows server 2012 in different forest

    I'd like to build trust correctly between the domains A.local and B.int. A.local is on a Windows 2012 . B.int is on a Windows 2012 . Both machines are
    connected to the same LAN. The forest level in A.local
    machine is Windows Server 2008 and The forest level in B.int
    is Windows server 2012.
    I want a one-way trust relationship, i.e. users from A.local gain access to B.local.
    my problem it i create the trust put when i go to validate the trust between A.Local and B.int give me this error :
     The secure channel (SC) reset on Active Directory Domain Controller \\dc2.B.int of domain B.int to domain A.Local failed with error: There are currently no logon servers available to service the logon request.
    NOTE : Recently I
    UPGRADE THE Active Directory FROM 2008 R2 TO 2012 and i ping on A.local to B.int
    it is ping by name and IP but from b.int ping by IP JUST >>>
    ihab

    Hi,
    yes i already do it the setup conditional forwarding between the 2 domains and
    the firewall it is off 
    ihab

  • I Am from Brasil and december last year i bought a non contract iphone in usa but it still locked, now apple is sending non contract unlocked iphone, next week i am going to usa and would like to know if it is possible to pay and unlock my iphone in usa

    I Am from Brasil and december last year i bought a non contract iphone in usa but it still locked, now apple is sending non contract unlocked iphone, next week i am going to usa and would like to know if it is possible to pay and unlock my iphone in usa

    A no-contract sales price does not mean unlocked.
    Apple is now selling an officially unlocked iPhone in the U.S. which has nothing whatsoever to do with AT&T unlocking iPhones. It is up to the carrier and the carrier only to officially unlock an iPhone that was sold as carrier locked with the carrier - in this case sold as carrier locked with AT&T. This may change one day, but at the present time AT&T does not unlock an iPhone for any reason or under any circumstances.

  • Are non-Unibody Macbook Pros still viable for professional Photoshop/Lightroom work?

    I currently own a late 2008 Macbook pro (the first unibody) model with a 2.4ghz core 2 duo processor, and I am looking for something similar to get my wife who works with as an upgrade to her crappy old laptop that crashes on her when she has more than a few DNGs open in Photoshop. I was wondering if the 2007/8 Non Unibody Higher End Macbook Pros are still viable for Photoshop/Lightroom work? I know that some of these models seem very old now, but she has a 2005 Windows Toshiba Laptop that can barely handle it's own operating system...so would a decently powered non-unibody Macbook Pro still be viable today or would she have just any many headaches when trying to multitask?
    Thanks, it's my first post!

    Thank you everybody for all the replies!
    First off, I think we'll wait what the 11th of june will bring us, hopefully a new mac mini. As Michael Wasley stated, the glossy imac screen isn't going to work for him. So that brings us to a Mac Mini or Macbook Pro. I'm using the macbook pro myself for the last couple of years and i'm a great fan of it's capabilities.. but my brother prefers a fixed 'computer' and not a laptop..
    At this point i think he's going to buy (the new?) mac mini (and use his own screen), upgrade the RAM to somewhere between 12-16 GB, possible get a SSD drive and for sure get the biggest i7 processor available.
    Hopefully that will get things running.
    Kind regards,
    Mark

  • ADF 10.1.3.0.4: tree leaf with no child nodes still displays folder icon?

    I was reading through Frank Nimphius's Blog and found the entry entitled "ADF Faces: Building a hierarchical tree from recursive tables - October 05, 2006" and found a tree example in which a tree leaf with no child nodes do not display the folder icon.
    I've followed the instructions listed with adf:tree, CoreTree and ChildPropertyTreeModel, but my tree leaves with no child nodes still displays the folder icon.
    How do I remove this icon when the node is a leaf with no children?
    Thanks,
    --Todd                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

    I figured it out.
    I used the ChildPropertyTreeModel.isContainer() method.
    --Todd                                                                                                                                                                                           

Maybe you are looking for

  • Error in locating entity bean

    Hi when i tested my first session bean by IBM websphere Universal Test Client , i got the following error when execute getBookForPlatform(String workPlatform) saying error in locating entity bean Book_catalog and i tried to test Book_catalog entity b

  • How to eliminate gray rectangles?

    Hello everybody, When I erase in Photoshop part of a drawing, gray rectancles appear. How can I eliminate them? In other words: every time I erase something, text or drawings, those gray rectangles appear. Is there a way to erase something leaving th

  • Open Threads from UIX Forum?

    I've got a couple of threads on which I was still hoping for responses over on the UIX forum. I can't update them there, and it says current threads will be 'moved' here. Does that mean the existing content of the threads will literally be moved over

  • Java and SAP

    Hi all: Just wondering if someone could advise me on the following: I’m quite new to SAP and wish to look at moving my Java skills into the SAP development arena; therefore do most individuals create apps in the workbench or can applications be devel

  • I plugged in my new iPhone4 and it thought it was my husband's so it made my phone mirror his and I lost everything! Can I undo and restore it back to mine??

    I don't know what really happened but it said Restoring to Jeff's phone and now my stuff is all gone! Help!