Right, backgrond is I'm trying to get SUS and Group Policy working properly. I have one domain with two domain controllers A and B. B is the operations master.

I've through B changed the Group Policy as required and I couldn't understand why the clients weren't picking it up. Anyhow after troubleshooting a client with GPresult the clients apepar to be getting the Group policy from server A

having looked at A under operations master it is confirming the master as B but says it is offline.

Right I assume I need to get B working correctly and get A to sychronise with it so there is a single Group policy......The question is HOW.

Any help would be much appreciated, I know it is very specialist and a phone call or something would help. I've currently read through two white papers about 300pages now and I'm a little stumped.

Thanks in advance

James

fish said:

Anyone....

Have you got the replication all set up right - with the appropiate security as well.

Don't ask me how, but I would imagine it is a failure of AD replication between the servers.

Neil

fish said:

I beleived I had but it would appear not. How do I go about resettign this. Or am I better to demote the server A to a member server then re promote it to domain controller?

I don't think you need to, you just need to ensure that the scurity and trusts are there, and that they both have replication schedules set up and enabled.

Quite how you do this I'm not sure, as I was never allowed to play with my last companies servers, but was involved in the troubleshooting...how I was supposed to know how things worked I don't know but there you go...

Anyhow check that, and wish me luck, I've got an interview tomorrow morning for a Network Administrator role in Bristol! Eeek!

PS you can always force a manual replication by right clicking the site and telling it thitch its skirt and and get on with it.

Mind you how quick it is, is dependant on AD size and server ooopmh...

Install the support tools, from the os cd, in a folder called support tools , suptools.msi I think. you should then get a couple of utils that will help you track this down.

Netdiag, dcdiag and replmon.

replmon is quite useful for quickly finding any failed replications

dcdiag will allows you to check if the rpc connections etc are working ok. Its a while since I did this so I usually have to relearn whats going on. If you have read the white papers then the output from these utils should make sense.

Some things to look for

Make sure DNS is installed and WORKING CORRECTLY.
make sure that the DC's have registered their service records in DNS.

Do you have multiple IPs bound to the dc network cards (I fell for this one). I could only get 1 way replication with 2 IPs on one NIC (I was using a temp IP for other reasons)



Hope this helps

Neil

Glad you got it going. 2000/2003 relies heavily on DNS. Its always one of the first things to check on replication failure.

Neil