Windows Legacy OS forum

General discussion

Active Directory Parent/Child Domain Issue

by darkonex / June 29, 2008 10:33 PM PDT

I have posted on experts exchange and had a guy help me get DNS all straightened out but I don't think that was the cause nor did it fix this annoying issue that I just noticed last week. This is something that has worked forever until sometime last week. The only things I have done with the domain controllers was installed Windows Updates and reboot them and I can't help but think one of the updates changed something to cause this. I also am currently logging no type of errors on either domain controller, I was until I got some DNS stuff straightened out but now EventViewer is clean on both controllers but this problem exists still. Anyway here is my issue.

I have my parent domain lets call it parentdomain.com
I have my child domain lets call it childdomain.com
I am running Windows 2000 Server with latest SP and all updates on the primary DC in parentdomain.com, and Win2k3 Server with SP2 and all updates on the primary DC in childdomain.com
I need to assign a user in childdomain.com to a security group in parentdomain.com called FINANCE_FOLDER. Used to be I could just pull up Active Directory Users and Computers in the DC in the child domain and go to the properties of the user, click on Member Of, and Add, then click Locations and it would display my entire tree like this for example.

Parentdomain.com
Accounting
Construction
Finance
Payroll
Childdomain.com
Accounting
Construction
Finance
Marketing
Payroll

So I could just click on Parentdomain.com and do a search for FINANCE_FOLDER and it found it and I could add it. Now the tree looks like this when doing this from the child domain:

Childdomain.com
Accounting
Construction
Finance
Marketing
Payroll

So now I no longer can do that because now that tree under locate only allows me to search in the childdomain.com, so I can't search or add security groups that exist on the parent domain anymore to people on the child domain. Also it doesn't list users security groups that they have assigned from the parent domain like it used to. So say I have a user Joe Blow on the child domain whom I know has always been assigned to a group parentdomain.com\FINANCE_FOLDER that exists on the parent domain, it no longer shows he's assigned to it in the Member Of tab. Oddly enough though, if I open up AD Users and Computers on the DC controller in parentdomain.com, even though it also no longer shows childdomain.com in the tree like it used to either, if I do a search for a users, it lets me select childdomain.com and actually find and display a user on the child domain, and it shows his security groups from both domains there. However it won't find security groups from the childdomain.com like it used to either so I can't assign him to new groups from there like I should and used to be able to.

I hope this makes sense, I know it's long winded but I really need this fixed as it's been broke like this for about a week now and I have some users that I currently need to add to groups from the other domain right now and can't until this is fixed. Hopefully somebody has experienced this and can help me fix or point me in the right direction

Thanks in advance.

Post a reply
Discussion is locked
You are posting a reply to: Active Directory Parent/Child Domain Issue
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Active Directory Parent/Child Domain Issue
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I thought it over and...
by R. Proffitt Forum moderator / July 13, 2008 2:20 AM PDT

The big issue here from my view is you are now out of support options. It also appears your IT staff is no longer able to handle this OS.

Is it time to move to something you can get support for?
Bob

Collapse -
Negative
by darkonex / July 13, 2008 6:11 AM PDT

My IT staff? Actually I'm the ONLY one responsible for these servers lol. It was working fine before Windows Updates, and actually I can work around this it's just easier if it worked the way it used to. I'm too new in this position to feel comfortable upgrading our primary domain controller so I'm not about to do that. Thanks anyway.

Collapse -
So what's the disaster plan here?
by R. Proffitt Forum moderator / July 13, 2008 6:14 AM PDT
In reply to: Negative

I run into situations like that. The sad shop is running something old, the IT staffer doesn't have the old resource kits and isn't allowed to call Microsoft for a shout out. So my thoughts turn to...

What happens when the hard disks vanish?
Bob

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.