Orphaned child domain controller information may not be replicated to o...

http://support.microsoft.com/kb/887430

Orphaned child domain controller information may not be replicated to other Windows 2000 Server-based domain controllers
Article ID: 887430 - View products that this article applies to.

System Tip This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you.
Visit the Windows 7 Solution Center

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows Registry

SYMPTOMS
A Microsoft Windows 2000 Server-based child domain is orphaned from the rest of the forest. This child domain can replicate in changes from domain controllers in the parent (root) domain, but no domain controllers in the root domain or any other child domains have knowledge of the domain controllers in the affected child domain. When an administrator tries to view the domain controllers in the orphaned child domain, no domain controllers are displayed. For example, no domain controllers are displayed in the following configuration naming context: CN=Servers,CN=Site_Name,CN=Sites,CN=Configuration,DC=Domain_Name,DC=com

CAUSE
This issue may occur because the child domain was orphaned from the parent domain.

RESOLUTION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To resolve this issue, you must create a replication link, and you must enable one-way authentication instead of two-way authentication. To do this, follow these steps: 1. On a domain controller in the root domain, add the Replicator Allow SPN Fallback registry value. To do this, follow these steps. Note Perform steps 1 through 6 on this same domain controller. a. Click Start, click Run, type regedit, and then click OK. b. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters c. d. e. f. On the Edit menu, point to New, and then click DWORD Value. Type Replicator Allow SPN Fallback, and then press ENTER. Double-click Replicator Allow SPN Fallback in the right-pane, type 1 in the Value data box, and then click OK. Restart the domain controller.

2. At a command prompt, type the following: repadmin /options fully_qualified_domain_name_(FQDN)_of_the_root_domain_controller +DISABLE_NTDSCONN_XLATE

Note The Repadmin.exe tool is located in the Windows 2000 Support Tools. For additional information about how to install the Windows 2000 Support Tools, click the following article number to view the article in the Microsoft Knowledge Base: 301423 (http://support.microsoft.com/kb/301423/ ) How to install the Windows 2000 support tools to a Windows 2000 Server-based computer 3. At a command prompt, type the following: repadmin /add CN=Configuration,DC=Domain_Name,DC=Domain_Name FQDN_of_the_root_domain_controller FQDN_of_the_child_domain_controller

1 of 2

7/10/2012 9:43 AM

Orphaned child domain controller information may not be replicated to o...

http://support.microsoft.com/kb/887430

2 of 2

7/10/2012 9:43 AM