Strange AD / DNS / Replication issue


  • Ok so I am having an issue with one of the environments we are managing out here…

    To give some background the set-up is a very small domain 2 DC’s, 1 AV server, 2 vCenter servers, and a WSUS server…. The majority of our systems are running RHEL5. The whole windows domain is set up just to provide admin support for the vCenter and a few other admin apps that we use (not really important)… The main DNS servers for this network are Linux boxes and the Windows DNS servers were set up as stubzones to forward through to the Linux boxes. Well that setup broke and one of our admins because of this and number of other issues decided to rebuild the entire windows domain… So now we have a new windows domain however the DNS set up is different from before because no one around here can set it up like it was before. So we just built a standalone Windows DNS on the DC’s for internal use and we will worry about the correct set up later on if it’s deemed to be needed. So that’s the back drop for the problem we are seeing right now….

    Now when you try to go add any domain accounts to any member servers local groups, the accounts are showing up with their SID’s and then you get a message stating that this account is already in the group, however when you click ok and then bring up the properties of the group in question there are no domain accounts listed. Also Domain Admin accounts are not recognized on these member servers as having the rights to do anything aside from log in…. For example with a domain administrator account you cannot log into a member server and open a command prompt with elevated system privileges.  When you look in Active Directory these member servers show up and they seem to be on the domain properly but it seems like they are not truly on the domain… I suspect that the issue is related to our DNS problems however I am unsure how to proceed from here…  

    Sunday, June 30, 2013 1:05 AM