Replace WS2003 domain controller for WS2012 domain controller

Similar Messages

• The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

  I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
  with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
  The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
  Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
   is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
  I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
  is not available.
  Help please!

  Hi,
  As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC. 
  If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
  are different site then check the ports are open on firewall. 
  http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
  http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
  If issue reoccurs, post dcdiag /q result.
  NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
  Active Directory Metadata Cleanup
  http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
  Best regards,
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

• Error accessing domain database for selected domain

  when attempting to install the groupwise gateway for microsoft exchange 7.02, i receive the following error:
  error accessing domain database for selected domain. invalid or non-existant domain database.
  the existing gw80 environment consists of a few sles 10 servers (mta, po, gwia, webacc) with edirectory 8.8 sp2, and an external bind dns. i've built a gateway system with the following components:
  ws03sp2
  ex2k3sp2
  novell client 4.91sp5
  c1 1.3.6h
  edir88sp3
  gw801 mta
  can anybody share tips for getting the gateway to see the domain database? are there installation logs i can check? are there any srv records that i need to verify are manually created in the bind dns? will i need microsoft's exchange connector for novell groupwise?

  Hi
  I am having the same issue with GW6.5 Exch2003 both running on Win2003 server.
  Do you have a solution? If so please update this thread.
  Thanks
  Jason
  Originally Posted by csp122
  when attempting to install the groupwise gateway for microsoft exchange 7.02, i receive the following error:
  error accessing domain database for selected domain. invalid or non-existant domain database.
  the existing gw80 environment consists of a few sles 10 servers (mta, po, gwia, webacc) with edirectory 8.8 sp2, and an external bind dns. i've built a gateway system with the following components:
  ws03sp2
  ex2k3sp2
  novell client 4.91sp5
  c1 1.3.6h
  edir88sp3
  gw801 mta
  can anybody share tips for getting the gateway to see the domain database? are there installation logs i can check? are there any srv records that i need to verify are manually created in the bind dns? will i need microsoft's exchange connector for novell groupwise?

• Failed to Configured Domain Services for Windows

  Hi!
  I am installing OES 2 SP3 with DSfW Pattern as a "New Domain Controller in an Existing Domain Services for Windows Domain" with Replication Configuration and Schema Partition.
  During the "Perform eDirectory Configuration" at last task "Configure Domain Services for Windows " at 93% we encountered an error: "Failed to configure Domain Services for Windows".
  Here's details of error ;
  command : perl /opt/novell/xad/sbin/ndsdcinit.pl retry full-replica -d 'vec.apd.com.ph' -l 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'
  -g 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph' -f 'apd.com.ph' -p 'apd.com.ph' -o 192.168.81.92 -t
  Could not create gss directory /etc/opt/novell/xad/gss at /opt/novell/xad/sbin/ndsdcinit.pl line 463, line 652
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  SASL/GSS-SPNEGO authentication started
  SASL SSF: 56
  SASL installing layers
  Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 503
  at /opt/novell/xad/lib64/perl/Logger.pm line 119
  Logger::_err('Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') called at /opt/novell/xad/lib64/perl/Logger.pm line 202
  Logger::Log(0, 'Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 532
  adc_install::decide_domain_zones() called at /opt/novell/xad/lib64/perl/install/adc_install.pm line 150
  adc_install::stage_domain('adc_install=HASH (0X8b9370)') called at /opt/novell/xad/sbin/ndsdcinit.pl line 1383
  main::main(62, 'apd.com.ph', 'vvec.apd.com.ph', 'TRUE','ou=OESSystemObjects,dc=vec,dc=apd,dc=com,d c=ph','ADM_PASSWD_DOMAIN','ou=OESSystemObjects,dc= vec,dc=apd,dc=com,dc=ph','replops::DESTROY',
  'APD.COM.PH',...) called at /opt/novell/xad/sbin/ndsdcinit.pl line 1301
  main::main() called at /opt/novell/xad/sbin/ndsdcinit.pl line 1425
  ENV PATH = /opt/novell/xad/sbin:/opt/novell/xad/bin:/opt/novell/xad/share/dcinit:/opt/novell/eDirectory/bin:
  LIB=lib64
  LD LIBRARY PATH =
  /opt/novell/xad/lib64:/opt/novell/xad/lib64/nds-
  modules:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules
  SASL PATH = /opt/novell/xad/lib64/sasl2
  DCINIT CONFIG: /etc/opt/novell/xad/xad.ini
  DOMAIN NAME: vec.apd.com.ph
  PARENT NAME: apd.com.ph
  FOREST NAME: apd.com.ph
  NETBIOS NAME: VEC
  Any ideas on this error ?
  Regards. Thanks.
  denzmo

  Thanks for the reply.
  I have some followup questions
  2. Can you explain the DNS setting in your setup ?
  Tree ---> Power--> apd.com.ph -- dlpc.apd.com.ph
  -- vec.apd.com.ph -- Andromeda.vec.apd.com.ph (DNS)
  -- Pictor.vec.apd.com.ph ( additional domain server ) -> "Failed to configure in DSFW"
  1. apd.com.ph, dlpc.apd.com.ph, vec.apd.com.ph are DSfW domains or just DNS domains ?
  2. Andromeda.vec.apd.com.ph (DNS) - is this the DC of a DSfW domain ?
  3. You are adding the Additional domain controller to the vec.apd.com.ph domain right ?
  The
  # LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -s sub -b dc=ph "(objectclass=dniplocator)" dn
  Heres the result ;
  a.) running the command in the DNS server (child domain) ANDROMEDA;
  SASL /EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0, cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  # extended LDIF
  # LDAPv3
  # base <dc=ph(objectclass=dniplocator) [email protected]> with scope subtree
  # filter: (objectclass=*)
  # requesting:ALL
  # search result
  search : 2
  result : 32 No such object
  text : NDS error : no such entry (-601)
  # numResponses :1
  This is strange. This ldapsearch is failing to find the locator object in the tree under dc=ph.
  - Can you try this same command from your FRD DC too and find the result ?
  - Is your server non-name mapped or your adding a DSfW server into an existing eDirectory tree (name mapped) ?
  - If it is later can you try the same search with '-b' parameter replaced with container to which FRD is mapped to into the eDirectory Tree.
  - Can you tell in your setup where are the locator object present for your first DSfW server which is acting as DNS server ?
  - While installing this ADC server, you have given the remote dns server as 192.168.81.92. In the YaST DNS screen did you do retrieve (by clicking 'retrieve' button on the screen ) or you entered those inputs manually ?
  - Another follow up question. The locator context provided to the ndsdcinit command in your first post, is 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'. Can you confirm your locator
  context is correct ?
  [/QUOTE]
  b.) running the command in the ADC PICTOR;
  SASL /EXTERNAL authentication started
  ldap_sasl_interactive_bind_s: invalid credentials (49)
  [/QUOTE]
  This is expected as the server is not completely configured.
  Please get it touch with our NTS for passing on more information about this setup.

• DNS for Multiple Domains

  I am trying to figure out the proper configuration for DNS that will support multiple domains. I have DSN working now for just one domain.
  My XServe has a static IP connected directly to cable modem and is the master nameserver. I also have an Ubuntu server with static IP connected directly to cable modem that is the secondary (slave) nameserver.
  On the XServe, I currently have a primary zone created for domain1.com. with:
  * an A record for domain.com. (Fully Qualified) and the same static IP as the XServe
  * an A record for ns1 (not fully qualified) and the same static IP as the XServe
  * Aliases for ftp, www and mail (not fully qualified) mapped to destination ns1.domain1.com. (Fully Qualified)
  Nameservers under the Primary Zone is ns1.domain1.com. and Mail Exchangers is ns1.domain1.com. with a priority of 10.
  The reverse zone is getting created appropriately for me as far as I can tell. I am able to access www.domain1.com just fine as well as mail and ftp.
  Now I want to add a new domain2.com to this master nameserver. I know that I will need a new Primary Zone for domain2.com. to be recognized and to setup it's aliases?
  Can I use the same static IP or do I have to have a unique static IP?
  Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
  Does domain2.com have it's own A records?
  Does the mail exchangers need to be different for domain2.com?
  It seems like all the documentation and information that I can find are just for configuring one domain and not so much for multiple domains. Any help would be greatly appreciated.
  Spotted Dog

  Don't think of subsequent domains as being any different from the first domain.
  For every domain you need to provide certain information, including a list of the hostnames within that domain. There is no relationship between 'www' in domain1.com and 'www' in domain2.com (unless you point them to the same address, but that's a different issue).
  Any host record in the zone can either be an A record (where you specify an IP address) or a CNAME (where you specify another hostname that it maps to).
  In the case of your web server handling both domains you could set 'www.domain2.com' as an A record with the appropriate IP address, or you could set it as a CNAME with a value of 'www.domain1.com.' (essentially saying 'www.domain2.com has the same IP address of www.domain1.com, so go find that address').
  It's also possible to use cross-domain records for things like name servers and mail servers - in other words you can set your MX record for domain2.com to mail.domain1.com (essentially saying that domain2.com's email is handled by mail.domain1.com).
  Can I use the same static IP or do I have to have a unique static IP?
  That's not a question for DNS. What you're defining are the hostnames in that domain. If you have one server (e.g. a web server) that can handle multiple domains (e.g. one apache server handling web traffic for both domain1.com and domain2.com) then, sure, you can use the same IP address for both.
  If, on the other hand, you have specific services that cannot be multi-hosted (e.g. HTTPS) then you will need different IP addresses.
  Can I use the ns1.domain1.com. nameserver or does the new domain2.com need new nameservers?
  Sure, it's entirely possible to use domain1.com's name servers for domain2.com.
  Does domain2.com have it's own A records?
  It can do, or not, as you choose. If you're running www.domain2.com on the same server as www.domain1.com then you could use a CNAME record to point www.domain2.com to www.domain1.com.,or you could set an A record with the same IP address.
  The result would be the same, but the CNAME has the advantage that if your IP address changes you only need to change your DNS in one place (www.domain1.com) and all the other addresses would automatically follow.
  Does the mail exchangers need to be different for domain2.com?
  Not at all, if your mail server is configured to handle mail for both domains it's entirely possible to specify mail.domain1.com as the MX record for domain2.com.

• Domain login for Sun convergence

  Hi,
  i've created two domains on the sun convergence and created 5 users on each domain.
  For instance
  domainA.net - 5 users
  domainB.net - 5 users
  i took one user from domainA and logged with user name(login name) & password.it was sucessful.
  but i took one user from domainB and logged with user name(login name) & password.but it failed.whereas i can able to logon with [email protected]
  Please can you tell what modification to be done , inorder to the users on domainB can log on without the full email address.
  Thanks
  V Balu

  Make an A record for domainA.net and domainB.net to point to the server hosting iwc
  User from domainA login to
  http://mail.domainA.net/iwc
  Users from DomainB login to
  http://mail.domainB.net/iwc
  Thats the easy way.

• ACL migration Error : 1210 could not find a domain controller for domain "Test Domain" (Old Domain)

  Hi
  We are migrating from old domain to new domain. Before live migration, we are trying to check the ACE/ACL migration through SubInACL. We are running the SubInACL on a cluster, which is a member of the Old Domain (Test Domain). We are able to resolve and
  ping both Old Domain and the New domain from this cluster machine. We have created a network share on this cluster, which is accessible to all Domain Users of the Old Domain. Both Domains have two way forest level trust. we are trying to migrate
  the ACL of this share (\\ClusterMachine\testshare$) to the new domain using SubInACL. We are trying to run the below command to get it done.  
  subinacl /outputlog=C:\Users\Administrator\Desktop\Migrationlog.txt /subdirectories
  \\ClusterMachine\testshare$\*.* /migratetodomain=OldDomain=NewDomain=mappingfile.txt
  Mapping file contains : Domain Users=NewDomain_Users
  But we are geeting the Error that "1210 could not find a domain controller for domain "Test Domain". Error finding domain name : 1210 the format of the specified computer name is invalid. Current Object "\\ClusterMachine\testshare$"
  will not be processed."

  Hello,
  how in detail is DNS set up in each domain?
  Any problems when using nslookup to verify?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Windows Domain Controller certificate for non domain clients

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Regards

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Not sure that what you want to achieve here.
  However, yes, it is possible to export certificates (with private keys) from domain machines then import them to non-domain machines, and some certificates can even function well based on key usages. Please note that Domain Controller certificates are only
  meaningful to Domain Controllers. Possession of domain certificates doesn’t indicate machines are part of domain.
  Without joining a machine to a domain (or without a trust), the machine is always treated as untrusted by the domain members no matter what kind of certificates it holds.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Charm: No Domain Controller for SB5

  Hi,
  I configured Charm in solution Manager 4.0, created a satellite system SB5 in smsy and run the batch to get the info to charm. now i have it in /tmwflow/cmsconf but when i synchronize the project in solar_admin_project we get the error No Domain Controller for SB5.
  The STMS is configured correctly in SB5
  The RFC dests are OK also from SMSY i can see the dommain controller without any problem and distribution routes also.
  Any advise
  Thanks
  Ahmed

  Thanks Pascal,
  I was able to fix the problen but adding a domain link between solution manager and satellite systems.
  Ahmed

• Unable to find domain controller for the specified domain. Please explicitly specify the domain controller.

  Im getting error "Unable to find domain controller for the specified domain. Please explicitly specify the domain controller."   when I try to create an AD connection for my User Profile Service.  The entire sharepoint environment is installed
  on one server.  That server has everyting on it, AD, SQL, Sharepoint, and its the domain controller. I cant figure out why this will not identify?Trevor Fielder

  Hi,
  Did you get this error when clicking on the Populate Containers button?
  If yes, please make sure that you have provide the domain credentials in the account name and password
  boxes below when entering the domain information. The account must be granted the replicating directory changes permission on the domain.
  You can refer to this blog:
  http://www.harbar.net/articles/sp2010ups.aspx
  Xue-Mei Chang

• Changing Domain Controller for Exchange 2013

  Folks
  I have an Exchange 2013 running on Server 2012.
  Old DC on Server 2008.
  I want to decommission the 2008 server. I have build a 2012 DC and for the life of can not work out how to change the DC that my exchange box uses????
  Using Set-ADServerSettings cmdlet only seems to change the server for that current session?? reboot and back to the old DC...
  When I use the Se-ExchangeServer cmdlet, I get domain controller cant be found. I have set the execution policy on the dc to unrestricted and still Domain controlleer cant be found..
  New dc is a GC..
  Any ideas would be good.
  -graham

  First, the behavior observed for the cmdlet Set-ADServerSettings is normal. The values for the domain controllers
  designated are " per session". For example:
  The PreferredServer parameter
  specifies the FQDN of the domain controller to be used for this session.
  http://technet.microsoft.com/en-us/library/dd298063(v=exchg.150).aspx
  +++
  What parameters, exactly, did you use for Set-ExchangeServer? What was the entire command?
  If the domain controller(s) were found for "Set-ADServerSettings"
  and... if Exchange is functioning OK in general, the domain controllers should be accessible.
  +++
  Are you in a position where you could shut down the older server (during off hours for example) and see if Exchange can
  find - and use - the newer DC?
  Will you only have one DC after decommission of the old one?
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• An attempt to resolve the DNS name of a domain controller in the domain being joined has failed.

  "An attempt to resolve the DNS name of a domain controller in the domain being joined has failed." 
  This is the error message I get whenever I try to connect to my servers domain which I just set up earlier today. I have read through a bunch of other threads on the same error message
  but each of them has had different solutions and none of them have helped me. 
  The one thing that I suspect is related to my problem is that I can't ping my domain on the W7 computer I'm trying to connect. I can ping the server, but not the domain. the domain
  i'm using is set up like "domain.local" . 
  Other things that might be relevant. 
  I'v already set up user accounts and a computer under the Server 2012 active domain administrator settings. 
  I'v port forwarded ports 80 and 443 on the server. 
  The server has a static IPv4 IP adress. I haven't done anything with IPv6 
  The W7 computer has a dynamic IP adress, but I don't think it changes. I believe my router is set up to keep it constant, not 100% sure though. 
  Thanks for any help with this, I'm pretty much out of ideas on this. 

  Hi ZachPrinz,
  Firstly, would you please let us know the outputs of ipconfig /all both of the clients and the DC.
  Also, if you run nslookup FQDN of your DC from your clients, what will you receive?
  Meanwhile, regarding the issue, we can refer to
  the similar thread and see how it works.
  More information:
  Troubleshooting Domain Join Error Messages (en-US)
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Group MSA account fail when Domain Controller in Test Domain Fails to start KdsSvc. Event ID 7023

  Yesterday, in my test domain, I created the KDS root key using the Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))
  command on a DC that is not the PDC Emulator because it was the server I was on at the time.  Today, when I tried to create gMSA accounts on the PDC emulator, I get:
  Event ID 7023 The Microsoft Key Distribution Service terminated with the following error: An Exception occurred in the service when handling the control request
  I turned on logging on to the KdsSvc and get 2 other errors:
  KdsSvc Event ID 4001: Group Key Distribution Service failed to start. Status 0x80070020
  KdsSvc Event ID 4007: Group Key Distribution Service cannot connect to the domain controller on local host.  Status 0x80070020.  Group Key Distribution Service cannot be started because of the error.  Please contact the administrator to resolve
  the issue.
  I took the opportunity to clean up AD, the Schema, and DNS, but the kds errors continues.  I am replicating successfully, DNS changes are reflected immediately, and when I run the get-KDSRootKey on the failing server, the key is returned.  The
  Get-KdsConfiguration matches the KDS config on the DC that originally ran to create the key.
  I have a pretty strict GPO pushed to my DCs but I am still able to create gMSAs on the other server.  I checked ADS&S and found the msKds-ProvRootKey so I know it is at the domain level, but there is so little documentation on the KdsSvc that I
  am not sure if it is working as planned.  I have tried unassigning several GPO configuration items but I am throwing darts at this point.  I have also uninstalled McAfee AV; IDS/IPS; Firewall.
  With that said, I have questions:
  Will gMSAs still work even though the domain pdc emulator cannot start the service?
  Is the KdsSvc supposed to start only on the server Add-KDSRootKey was originally created?
  What happens if the server the KdsSvc key was created fails and has to be removed from the domain?
  Is there any books or configuration items I can review to learn the KdsSvc better?
  Env:
  Windows Standard Server 2012 R2 x64
  Active Directory 2012 R2 Schema Updated from Windows 2008 R2
  All FSMO roles are on the PDC Emulator which is a Windows 2012 R2 DC
  DCDiag returns no errors or test failures
  Repadmin returns clean results (/showreps & /replsum)
  Windows 2008 R2 Root CA hierarchy (not DCs)
  W32tm services are running with less than 6/10's of a ms difference among the domain.

  Hi,
  For Windows Server 2012, the Windows PowerShell cmdlets default to managing the group Managed Service Accounts instead of the original standalone Managed
  Service Accounts.
  New-ADServiceAccount -name <ServiceAccountName> -DNSHostName <fqdn> -PrincipalsAllowedToRetrieveManagedPassword <group>
  -ServicePrincipalNames <SPN1,SPN2,…>
  Did you use the command abouve?
  Here is a good bolg:
  Windows Server 2012: Group Managed Service Accounts
  http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
  Hope this helps.

• Force acs v.5 to join domain with a certain Domain Controller

      Hi everybody,
  I try to join an ACS v. 5.3 to the domain.  For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.
  I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on  the same location as the ACS ... this doesnt happen.
  My question:  How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?
  Thanks for any help or ideas ?!?
  Ida              

  Hi,
  Please check your sites and services in your DNS configuration to see if the right Domain controllers are being sent to the ACS when it attempts to connect to the domain. This feature is critical and will optimize the connections that the ACS chooses in order to join the domain.
  The way this works is that ACS attempts to resolve some dns records for global catalog servers and domain controllers to the dns server configured in the initial installation script. Then the dns makes a decision based on the source ip address of the dns query and thinks that the ACS is at a specific site and returns the result of which DCs and GCs are configured in that specific site.
  let me know if that helps.
  Tarik Admani
  *Please rate helpful posts*

• Adding new domain controller under tree domain

  i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
  i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
  Thnx

  If you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
  the new dc.  I am making the assumption that you are using AD integrated DNS.
  http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.