2

We are setting up a new network environment that will have two domain controllers and ran into an issue with Windows not recognizing the existing domain controllers (DC-01 and DC-02) as Domain Controllers. Both machines are listed in the Active Directory GUI as being DC's and are in the proper groups and folders. We have several PowerShell scripts that run off of the code below that's returning a blank set in the Domain Controllers list. 

$DC = [System.DirectoryServices.ActiveDirectory.Domain]:: GetComputerDomain()

The $DC variable returns

Forest                 :MyDomain
DomainControllers      :
DomainMode             :Windows2008R2Domain
Parent                 :    
PDCRoleOwner           :DC-01.MyDomain
RidRoleWoner           :DC-01.MyDomain
InfrastructureRoleOwner:DC-01.MyDomain
Name                   :MyDomain

Many of our scripts rely on the DomainControllers variable being populated. There should be two DC's listed in DomainControllers: DC-01-MyDomain, and DC-02-MyDomain. We've run scripts and setups on other similar environments and these objects are properly populated and work just fine. I've run this command on our primary DC and the secondary DC and they return the same results.

We're scratching our heads on this one. Any help would be appreciated.

sekernan
  • 51
  • 6
  • Does DCDIAG return anything useful? – Dan Oct 21 '14 at 15:55
  • Everything passes, but KCCEvent has a warning: 'EventID 0x80000785 Event String: The attempt to establish a replication link for the following writable directory partition failed.' – sekernan Oct 21 '14 at 16:02

1 Answers1

1

We figured out that it was a replication issue across our two Domain Controllers and that our firewall was blocking DFSRS (Distributed File System Replication Service). That caused all sorts of subtle things to break in our environment.

sekernan
  • 51
  • 6