Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Parent/Child Domain logon problems

Status
Not open for further replies.
Davetoo

Davetoo

IS-IT--Management
Joined
Oct 30, 2002
Messages
4,498
Location
US
Hello all,

I'm missing something simple probably with this problem. We have a parent domain setup (company.com) with four child domains (city1.company.com - city4.company.com). I have two DC's in my parent domain. Server1 is my DNS server, DHCP server, as well as my GC. Again, this server is a DC in company.com. All of our sites are connected via frame-relay and have their own DC's at each site.

The problem is when my network connection is lost here at the parent site (company.com) and the other child sites can't see us across the network. The users at the child sites (which have their own users for each site setup on the DC's at their sites) can not log on to their computers. They each log on to their own domain with their own username and password which is stored on their local DC. So, until we restore our network connection and the remote DC's can see the GC here at the parent site, nobody can logon to their systems.

Is there a cure?

Thanks in advance.

Dave

 
Sort by date Sort by votes
Yes, each site is running it's own DNS and it's own DHCP. We tried to set them up as independently as possible, so if the link was broken to company.com, that each site could still function otherwise.
 
Upvote 0 Downvote
What about having a GC at each remote site to validate logons?

Just a thought...

Patty [ponytails2]
 
Upvote 0 Downvote
Can you do the basics? Ping, ipconfig /all, route print and compare differences? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
Hi Patty,

Is that the problem then? The GC is required to validate the logon, even for the child domains?

I apologize, but I must ask that dumb question. :)

Thank you.
 
Upvote 0 Downvote
Anything in event logs? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
Glen,

I'm sorry, a bit confused. When the network connection to the parent domain is lost, then the child domains obviously can not ping the parent domain.

When all of the network connections are working, the network runs as expected, and I can ping all servers. I TS into them regularly to check logs, backups, etc. The problem only arises when we lose the network connection here locally, the parent domain company.com. Then the child domain users can not log onto their local machines.

Thanks.
 
Upvote 0 Downvote
Glen,

Each of the child domains registered an Event ID 1126 - unable to establish connection with global catalog.

Patty,

That's it! Thank you, I searched all over the MS site but came up empty. Guess I should have looked harder.

Now, the obvious question, and I ask it only because I'm here, I'll go check the books shortly; can I have multiple GC's within my parent/child domain structure? i.e., as you asked before, can I make each DC at the remote sites (child domains) a GC as well?

Thank you!

 
Upvote 0 Downvote
So you have tried to ping them. That's what I was wondering. Hardware or software. Can you ping anybody or are you completely down when you lose your connection. Have you tried to find out why your'e losing your connections? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us
[americanflag]

"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.
 
Upvote 0 Downvote
Glen,

My apologies, I should have stated up front that we know the reason for the network outage. It is usually our local telco's "Fault", we lose our T1 card either here at our facility or at the telco. Usually takes an hour or two to correct. During that time, no GC, no log on.

bronto,

Ten times fast? I stumbled when I tried to say it once! So I can make all of my DC's at the child site GC's, and all will be well then? I've read already where it will create some network traffic initially while it does that, but that's ok.

Thanks everyone!

Dave
 
Upvote 0 Downvote
Yeah, it should be no big deal after the initial replication is over. Of course, that's totally dependent on the number of objects in your Forest. In any case, it'll definitely help you much more than hinder you...
 
Upvote 0 Downvote
I'm sorry Patty, we must have posted at the same time. Your concern is quite valid, with the one exception where ALL DC's are GC's. In this case, the Infrastructure Master role is reduced to almost nothing since there's really no more cross-domain referencing....
 
Upvote 0 Downvote
Bronto,

If I am not mistaken, you only can have 1 (one) GC in the whole forest? If you have more than 1 GC, then as you say the trafic is going to increase somewhat.
 
Upvote 0 Downvote
Bronto,

Cool, that's good to know!

Thanks,

Patty [ponytails2]
 
Upvote 0 Downvote
beezee28,

Although there is in reality only ONE Global Catalog per forest, it stores a full replica of all objects attributes in the directory of its HOST domain, and a partial replica for all object attributes contained in the directory of every domain in the forest. So, you can have as many servers hosting the GC as you like, (it's still the same GC for the whole forest). I guess it's a trader off as far as traffic goes.
At least, the remote child domains will no longer need to 'create traffic' for logon validation.

Patty

 
Upvote 0 Downvote
beezee28, you can have as many GC's as you like, just that they will need to replicate AD objects (or at least pointers to AD objects) with each other periodically. This will cause traffic to increase on whatever links you have between these DC's for that period of time. Honestly, unless we're talking about speeds less than 128K with a huge amount of replication changes, I don't think it's something to be concerned about....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question Question
Domain Admin Logon
Replies
2
Views
562
ADB100
ADB100
goombawaho
  • Locked
  • Question Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
fredmartinmaine
  • Locked
  • Question Question
Domain Controller without DNS Server
Replies
4
Views
1K
fredmartinmaine
fredmartinmaine
froggy8
  • Locked
  • Question Question
cant add my windows 7 pc to my domain
Replies
3
Views
475
hairlessupportmonkey
hairlessupportmonkey
Till
  • Locked
  • Question Question
Domain Admin Login Mail Notification
Replies
1
Views
488
technome
technome

Part and Inventory Search

Sponsor

Back
Top