Problems with a new domain tree

I have installed four servers.

1 I installed server01 as the dc of the forest root domain (contoso.com)
2 I installed server02 as the dc of a child domain of the forest root domain (west.contoso.com)

Everything works fine so far.

3 I installed server 03 as the dc of a new domain tree in the forest (northwindtraders.com)
Before installing it I made a manual zone delegation in DNS, as explained by the training kit (lessson 9, by the Ruests, don't like their writing style at all). I first created a new zone for northwindtraders.com, and then created a delegation for server03 in that zone. Then I ran dcpromo on server03, and installed the new domain tree. It installed just fine.

4 On server04, I tried to install a child domain in the new domain tree (east.northwindtraders.com), used enterprise admins credentials to do so
But received an error while running dcpromo (AD DS could not create the object cn=east,cn=partitions,cn=configuration,dc=Contoso,dc=com)

I think its due to server03 not replicating the configuration NC with Server 01. The problem is that if I go into AD Domains and Trusts on Server01 or Server 02, I am not able to check properties of northwindtraders.com domain, or work with in any other way. If I also go into AD sites and services, I am not able to pull anything from Server03.

But on Server03, I am able to pull replication data from Server 01 and Server 02, I am also able to check properties of both contoso.com and east.contoso.com in AD domains and trusts.

What have I done wrong?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Krunchi

I did not see you mention ADFS "Active Directory Federation Services" are you using it in this scenario?

Dracula28

No, I'm not, I just wanted to create four different domains.

Contoso.com (forest root domian)
west.contoso.com (child domain of forest root domain)

northwindtraders.com (new tree in the contoso.com forest)
east.northwindtraders.com (child domain of northwindtraders.com)

jmritenour

Off the top of my head, was the zone set to replicate forest wide when you created in it DNS? Is the IP address for the root domains DC set as the preferred DNS server for the northwind DCs? Does dcdiag turn up any replication issues?

Dracula28

jmritenour wrote: »

Off the top of my head, was the zone set to replicate forest wide when you created in it DNS? Is the IP address for the root domains DC set as the preferred DNS server for the northwind DCs? Does dcdiag turn up any replication issues?

Well, according to the TK the delegation dummy should only replicate domain wide (to all DCS on the forest root domain). But I tried as you suggested as well, without it working. There are several replication errors in dcdiag.

Dracula28

Does Server03 need to be a member server in contoso.com before I can install it as a DC in a new tree? I generally never make servers member servers, I just provide the credentials at dcpromo. Perhaps there needs to be an A Host record for Server03 in the contoso.com zone before the delegation is made?

That way Server01 can recognize and validate it.