Forum Discussion
Domain authentication issue
We are a small single-domain company. We've had one WinSvr2012 domain controller for years. Recently we added 2 Server 2019 DCs with the objective of demoting and decommissioning the 2012 DC. The ...
Our DHCP is 192.168.0.98. 2012 DC is 192.168.0.100. 2019/new DCs are 192.68.0.99 and .102.
Ok, my question was.. What DNS servers do your clients get assigned from your DHCP server? If you run a "ipconfig /all" on a client which can't authenticate to the domain.. What is the primary and secondary dns server, 192.168.0.99 and 192.168.0.102 or? These options are set in your DHCP, perhaps not changed?
Other than that, if you run "netdom query FSMO" Are all the FSMO roles present on one or both of the new DC's?
Other than that, if you run "netdom query FSMO" Are all the FSMO roles present on one or both of the new DC's?
- .99 and .102 are also DNS. IPconfig /all correctly shows them as DNS on our domain clients. I'm not sure how many FSMO roles should be present. Until now, I was only aware of "domain naming master".
Schema master: 2012 DC
domain naming master: 2019 DC (I changed this)
PDC: 2012 DC
RID pool manager: 2012 DC
Infrastructure master: 2012 DC
Thank you very much, Harm, for taking an interest in my AD problem.They should all be present on a running domain controller (They can be offline for a little while, but not too long) , so it's best to move them to one or divide them across two domain controllers. (Nice article here about that https://www.dtonias.com/transfer-fsmo-roles-domain-controller/) But the 2012 DC is just turned off or did you demote it first? If it's not demoted, please turn it back on and move the FSMO roles from it to another DC/DC's. If it's demoted, then seize the roles using the article (The NTDSUTIL part)
- The 2012 DC is running, and I'm afraid to demote it because it doesn't find the other two DCs during the demoting process. I'll move the FSMO roles tomorrow morning.