What happens to Windows Parent Domain if Child Disappears?
January 7, 2009 12:30 PM Subscribe
Windows Domain Filter: In a parent/child domain scenario, where Active Directory and Exchange data is being replicated between the two domains over a VPN, what risk is there to the parent domain if the link to the child domain goes dark forever?
A company has two offices. Office A houses the servers responsible for the parent domain, and Office B houses the servers responsible for the child domain. What needs to happen at Office A to protect or clean up its own network if, from its perspective, Office B ceases to exist?
A company has two offices. Office A houses the servers responsible for the parent domain, and Office B houses the servers responsible for the child domain. What needs to happen at Office A to protect or clean up its own network if, from its perspective, Office B ceases to exist?
Best answer: If you end up with an 'orphan' child domain on your parent domain at the least you might have a long lag time during login on the workstations while the network connections time out. You will also get a ton of error messages in the System Log, DNS Log, etc, of Event Viewer. Things could be worse if the child DC was running any essential FSMO roles, or if some users only had profiles on the missing DC, but that is unlikely.
To fix this you will have to clean up the metadata on the the parent domain. There are a ton of KnowledgeBase articles which will walk you through the steps. This article is a good place to start.
I don't know about Exchange, but I had to do this job recently at my workplace. It was tedious, but not overly difficult. Make sure you have your server install CD's handy so you can get the correct support utilities.
posted by TDIpod at 3:39 PM on January 7, 2009
To fix this you will have to clean up the metadata on the the parent domain. There are a ton of KnowledgeBase articles which will walk you through the steps. This article is a good place to start.
I don't know about Exchange, but I had to do this job recently at my workplace. It was tedious, but not overly difficult. Make sure you have your server install CD's handy so you can get the correct support utilities.
posted by TDIpod at 3:39 PM on January 7, 2009
Response by poster: Thanks, TDIpod, that gives me a good starting point.
posted by rocketpup at 5:51 AM on January 8, 2009
posted by rocketpup at 5:51 AM on January 8, 2009
« Older On the trail of some undiscovered artistic joy | Help me recession-proof my future, post-college... Newer »
This thread is closed to new comments.
Server A - Primary Domain Controller (AD DC + Global Catalog + Exchange) for site A
Server B - Active Directory Domain Controller for site B
One domain. ServerA was connected to ServerB via VPN. The VPN went down for a week while I was on vacation, and it took me another week to fix it (the sites are fairly independent, so no one noticed). While trying to repair the VPN ServerA went down, and when it came up wouldnt come up as a domain controller (NETLOGON was not present).
That is fact. The following is what I believe happened:
The servers hadn't syncronized in two weeks. When ServerA lost power, it currupted "something" or had an unclean copy of Active Directory. (possibly because of the power issue, or because it hadn't synced with ServerB). As a result it wanted to confirm its data with Server A before it would come up.
As a result -- I could have forced Active Directory to come up without checking (a wierd registry hack that would have left the two servers in a wierd state?). Iinstead fixed the VPN. Once the two syncronized Server A came up and users were able to login
I am not sure how this relates to a parent-child domain -- and I would have been OK if ServerB blew up... but it left a weird taste in my mouth.
posted by SirStan at 12:41 PM on January 7, 2009