none
Child Domain Users

答案

  • Hi sanam,

    First of all, please check DNS settings, are there other DNS Servers in the domain besides the root domain DC? Make sure each workstation/member server in child domain point to a local domain DNS server as primary DNS and parent domain DNS servers as secondary.

    Secondly, check if there are any GC servers in the child domain, you can run the command:
    dsquery server -isgc -limit0
    Authenticating Domain controller need to access a global catalog to obtain universal group membership information so GC is required for login in a multiple domains environment.

    Regards,
    Cicely

    2012年6月16日 15:42
    版主
  • Domain joined machine uses DNS to locate DC in its own or remote site & if its not configured correctly, then the issue will be the one mentioned by. Have you configured delegation for the child domain & do all the clients have local DNS server configured in its NIC, if not then you need to configure that.

    Configuring DNS in child domain

    http://awinish.wordpress.com/2011/04/09/configuring-dns-in-child-domain/


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    2012年6月16日 16:12
    版主

全部回复

  • Hi sanam,

    First of all, please check DNS settings, are there other DNS Servers in the domain besides the root domain DC? Make sure each workstation/member server in child domain point to a local domain DNS server as primary DNS and parent domain DNS servers as secondary.

    Secondly, check if there are any GC servers in the child domain, you can run the command:
    dsquery server -isgc -limit0
    Authenticating Domain controller need to access a global catalog to obtain universal group membership information so GC is required for login in a multiple domains environment.

    Regards,
    Cicely

    2012年6月16日 15:42
    版主
  • Domain joined machine uses DNS to locate DC in its own or remote site & if its not configured correctly, then the issue will be the one mentioned by. Have you configured delegation for the child domain & do all the clients have local DNS server configured in its NIC, if not then you need to configure that.

    Configuring DNS in child domain

    http://awinish.wordpress.com/2011/04/09/configuring-dns-in-child-domain/


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    2012年6月16日 16:12
    版主
  • In addition, can you provide us in detail how the DNS infrastructure is designed?

    For example,

    1. Is the _msdcs.domain.local  set to forest wide replication scope (Replicate to all DCs that have DNS installed)
    2. Is the domain.local zones (which has the child domain as a subfolder) set to forest wide replication scope (Replicate to all DCs that have DNS installed)
    3. Is the domain.local zones (which has the child domain as a subfolder) set to dommain wide replication scope (Replicate to all DCs that have DNS installed)
    4. Is the childDomain.domain.local zone set to domain wide replication scope (Replicate to all DCs that have DNS installed)
    5. Is there a forwarder from the child DC/DNS server to the parent root domain DC/DNS servers?

    .

    In addition to Awinish's informative link on parent-child delegation, please read the following for DNS design options in a multi domain forest that explains the questions above:

    DNS Design Options in a Multi-Domain Forest - How to create a Parent-Child DNS Delegation, and How to Configure DNS to create a new Tree in the Forest
    Published by Ace Fekay, MCT, MVP DS on Oct 1, 2010 at 12:22 PM
    http://msmvps.com/blogs/acefekay/archive/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年6月17日 7:13
  • Hello,

    as others already mentioned, DNS should be the problem here. SO how is DNS configured in the child domain?

    Or do you use the root domain DNS servers with a zone for the child?

    An unedited ipconfig /all from the child domain DC and a client will also give some more details about the setup.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月17日 14:55