Domain Controller Question
-
@gjacobse i usually browse my printers via ip address of the printer server
-
There's not enough info here to give you accurate answer. How are printers deployed? With group policy?
-
@marcinozga yes. the users get error access denied and unable to connect to the printers. I also get not accessible - don't have permission when browsing the IP address of the print server.
-
broken domain anywhere means broken domain everywhere.
-
@justin867 check if your onsite domain controller hold any FSMO roles. If not, things like permission control won't function properly if main branch is offline.
-
So many questions.
What is broken about the main site AD?
Where is the print server?
What is the print server - we assume it's a windows Server that's part of the AD, but should we?
Is your local AD a read only DC? (not sure this really matters - but I'm asking anyhow) -
@marcinozga said in Domain Controller Question:
FSMO roles.
what roles should my onsite DC has so it will function properly even the main branch is down? I have an onsite DC and an onsite Print Server. But I don't want any other branch to be dependent on my branch DC server either.
-
@justin867 Having an independent domain from your main Office will make it that you are not relying on that site.
-
@justin867 said in Domain Controller Question:
@marcinozga said in Domain Controller Question:
FSMO roles.
what roles should my onsite DC has so it will function properly even the main branch is down? I have an onsite DC and an onsite Print Server. But I don't want any other branch to be dependent on my branch DC server either.
RID, PCD and Operations Masters. These 3 roles are domain wide, each domain should have these roles. We don't know how's your domain setup, whether it's a forest, or just one domain for all sites. If one domain, these roles were probably held by domain controller at main data center, so you're sol. You could seize the roles, but once main site comes back, you're in a world of hurt.
-
@marcinozga said in Domain Controller Question:
@justin867 said in Domain Controller Question:
@marcinozga said in Domain Controller Question:
FSMO roles.
what roles should my onsite DC has so it will function properly even the main branch is down? I have an onsite DC and an onsite Print Server. But I don't want any other branch to be dependent on my branch DC server either.
RID, PCD and Operations Masters. These 3 roles are domain wide, each domain should have these roles. We don't know how's your domain setup, whether it's a forest, or just one domain for all sites. If one domain, these roles were probably held by domain controller at main data center, so you're sol. You could seize the roles, but once main site comes back, you're in a world of hurt.
it seems like we should have opted to have multiple domains on 1 forest instead of 1 domain for the entire forest that used by all branches. the current design is flawed and all branches will have to be dependent on the main branch.
-
What exactly is failing?
Here's a thought - do you have local DNS? That might be the whole issue here.
If your local DC doesn't have DNS, and you can't get the central DNS servers, that would explain why you can't get to some functions.
But beyond that - I think we need more details on what exactly does and doesn't work. Is printing the only thing affected? Do you have file shares? can you get to the internet?
Can you log into the Print Server server?
Please tell us about your server setup - is it a single VM host with two VMs (a DC and a Print Server)? What OS is are the servers? -
@dashrender said in Domain Controller Question:
What exactly is failing? So far only Print Server, mapped printers is showing access denied
Here's a thought - do you have local DNS? Yes That might be the whole issue here.
If your local DC doesn't have DNS, and you can't get the central DNS servers, that would explain why you can't get to some functions.
But beyond that - I think we need more details on what exactly does and doesn't work. Is printing the only thing affected? Yes Do you have file shares? Yes can you get to the internet? Yes
Can you log into the Print Server server? - Yes
Please tell us about your server setup - is it a single VM host with two VMs (a DC and a Print Server)? DC and Print Server is separated What OS is are the servers? 2012 -
@justin867 said in Domain Controller Question:
@dashrender said in Domain Controller Question:
What exactly is failing? So far only Print Server, mapped printers is showing access denied
Here's a thought - do you have local DNS? Yes That might be the whole issue here.
If your local DC doesn't have DNS, and you can't get the central DNS servers, that would explain why you can't get to some functions.
But beyond that - I think we need more details on what exactly does and doesn't work. Is printing the only thing affected? Yes Do you have file shares? Yes can you get to the internet? Yes
Can you log into the Print Server server? - Yes
Please tell us about your server setup - is it a single VM host with two VMs (a DC and a Print Server)? DC and Print Server is separated What OS is are the servers? 2012Can you access the web interface of the printers?
Are the printers mapped via GPO?
Have you tried re-deploying any of the printers (just as a test)? -
@justin867 said in Domain Controller Question:
So far only Print Server, mapped printers is showing access denied
you don't think this is related?
-
In a multi-controller setup, assuming you have DNS - and the clients local to the DC are using the DC as that DNS source, then you should be able to cut off the other remote DCs at any time and everything local should just still work.
I'd check the print server's settings and make sure it's using the local DNS server as it's source.
-
@dashrender said in Domain Controller Question:
@justin867 said in Domain Controller Question:
So far only Print Server, mapped printers is showing access denied
you don't think this is related?
aren't they considered the same?
-
@dashrender said in Domain Controller Question:
In a multi-controller setup, assuming you have DNS - and the clients local to the DC are using the DC as that DNS source, then you should be able to cut off the other remote DCs at any time and everything local should just still work.
I'd check the print server's settings and make sure it's using the local DNS server as it's source.
Thanks will look into this.
-
@justin867 Is there anything else as far as print-management going on? We use papercut-ng on our printservers, with one central server and the remote sites configured as secondary servers. If things are set too tightly, the secondary server will refuse print jobs if it can't call home to the master..... just some food for thought since most everything else seems to be working.
-
@justin867 said in Domain Controller Question:
@dashrender said in Domain Controller Question:
@justin867 said in Domain Controller Question:
So far only Print Server, mapped printers is showing access denied
you don't think this is related?
aren't they considered the same?
I read it wrong - I thought it said - mapped drives were access denied