Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Selecting Different DC / Domain in ADUC MMC

Answered Selecting Different DC / Domain in ADUC MMC

  • Friday, August 17, 2012 4:24 PM
     
     
    Sign In to Vote
    0

    Hi,

    We have 2 Domain. A.Local (Parent), B.Local (Sub-tree). A.Local has a DC called ParentDC1. B.local has a DC called SubtreeDC1. ParentDC1 is able to connect to SubtreeDC1 and they are the Bridgehead for these 2 Sites.

    I pull a record of a user from B.Local via ParentDC1 by ADUC MMC, change the Domain to B.Local. ADUC shows connected DC is SubtreeDC1. From the MemberOf Tab, user is under Dist.BlockExternalEmail Dist group.

    I did the same query from SubtreeDC1 directly, so it is under B.Local. Did  a query on the same user, this time the user is not the memberof Dist.BlockExternalEmail group.

    I tried to remove its membership from ParentDC1. ADUC response, User is no longer the memberOf this group. It may due to latency of Replication.

    So, I wait for few days. Check from ParentDC1 again. User back to Dist.BlockExternal Email Dist group again.....

    This Dist is used for Transport Rule in our Exchange 2010 Farm. And Users under B.Local has mailbox under A.Local. So, they are connecting to our Exchange via Outlook Anywhere or the Tunnel.

    Any thoughts?

    • Moved by Tiger LiModerator Monday, August 20, 2012 1:52 AM (From:Network Infrastructure Servers)
    •  
     

All Replies

  • Monday, August 20, 2012 7:52 AM
     
     
    Sign In to Vote
    0

    If a user is a member of any group in other domain you wont be able to see the group name in users "member of" properties. Search for the group from ADUC and look for the "members" attribute.

    Regards, Nidhin.CK

     
  • Monday, August 20, 2012 8:01 AM
     
     Answered
    Sign In to Vote
    0

    Hello,

    What do you mean exactly by Sub-tree? Is it a child domain?

    Changes may take time to be replicated and this is due to AD replication latency. For that, I would recommend that you check the scheduling of your AD replication.

    More here: http://technet.microsoft.com/en-us/library/cc728010%28v=ws.10%29.aspx

    Also, I would recommend that you perform a healthy and replication diagnosis on DCs using repadmin and dcdiag commands. This may reflect the presence of an AD replication issue.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer