Help! Can't add server to a domain

We are running a win2k forest with two domains. To the primary domain
(domain #1) I added two Win2k3 servers just fine. However, I can't seem to
add any servers to the second domain (domain #2). I am a member of "Domain
Admins", "Enterprise Admins" and "Schema Admins" in the first domain. Any
ideas what might be going on? I checked the trusts and they seem to be
working fine too.

tia,


Clayton

"Clayton Sutton" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We are running a win2k forest with two domains. To the primary domain
> (domain #1) I added two Win2k3 servers just fine. However, I can't seem
to
> add any servers to the second domain (domain #2). I am a member of
"Domain
> Admins", "Enterprise Admins" and "Schema Admins" in the first domain. Any
> ideas what might be going on? I checked the trusts and they seem to be
> working fine too.

Most such problems are really DNS problems.

This is especially likely with multi-domain
forests where having ALL of the DNS server
resolve the entire forest is commonly 'broken'.

ALL internal DNS servers must be able to resolve
ALL internal domains -- either directly or by some
form of (win2003 conditional) forwarding.

Parent domains must effectively delegate to child
domains and when you have multiple "trees" it
geneally requires that (at least the top level) DNS
servers hold "cross secondaries" for the "other
tree" (or some equivalent to the cross secondary.)

Check you DNS using the general suggestions
(especially the tools) below.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]