Home | Site Map | Cisco How To |  Net How To | Wireless | Search | Forums | Services | Setup Guide | Careers | About Us | Contact Us|

AD & DC

Perform a non-authoritative restore of the data

How to Repadmin.exe Tool to diagnose Replication Status

MVP Post Collection

Re: Library not registered when trying to open AD

Re: Remote Windows 2003 BDC

Re: About of Event ID : 3224

RE: Account unknown[s-1-5-21-xxxxxxxxxxxxxxxxxxxxxx]

Re: Active Directory and Reverse DNS Zones

RE: AD printers - server-centric, am i missing something?

Re: Adding Custom Attribute

Re: adding workstation to domain - access is denied

Re: Administrative rights

Re: ADUC yields no search results for anything

Re: Basic AD question, proper use of OU's

Re: Character limit

Re: Customizing Delegwiz.inf  syntax question

Re: Dcdiag

Re: Delete duplicate computer accounts in AD

Re: Delete duplicate computer accounts in AD

Re: Does AD have a Default Backup User account?

Re: Domain controller crached

Re: Domain Controller down

Re: Domain Controller File Permissions on SYSVOL

Re: Domain Login Failed

Re: Domain Rename

Re: I cant put a Group in a Group ??

Re: ifmember.exe bat script fails due to perms...

RE: listing windows 2000 domains

Re: Login restriction

Re: LSASS.exe consuming 100% of CPU on Windows 2003 DC/GC

Re: migration planning, need suggestions/advice

Re: Netlogon Errors

Re: NT Domain to AD migration

Re: Planning to Deploy SP2 on Windows Server 2003 with AD (GC)

Re: Possible GPO Setting Failure

Re: Printer not publishing in Directory?

Re: R2 Schema Extension

RE: redirection My Documents

Re: Remote Desktop connection

Re: Library not registered when trying to open AD

Re: Remote Windows 2003 BDC

Re: About of Event ID : 3224

RE: Account unknown[s-1-5-21-xxxxxxxxxxxxxxxxxxxxxx]

Re: Active Directory and Reverse DNS Zones

RE: AD printers - server-centric, am i missing something?

Re: Adding Custom Attribute

Re: adding workstation to domain - access is denied

Re: Administrative rights

Re: ADUC yields no search results for anything

Re: Basic AD question, proper use of OU's

Re: Character limit

Re: Customizing Delegwiz.inf  syntax question

Re: Dcdiag

Re: Delete duplicate computer accounts in AD

Re: Delete duplicate computer accounts in AD

Re: Does AD have a Default Backup User account?

Re: Domain controller crached

Re: Domain Controller down

Re: Domain Controller File Permissions on SYSVOL

Re: Domain Login Failed

Re: I cant put a Group in a Group ??

Re: ifmember.exe bat script fails due to perms...

RE: listing windows 2000 domains

Re: Login restriction

Re: LSASS.exe consuming 100% of CPU on Windows 2003 DC/GC

Re: migration planning, need suggestions/advice

Re: Netlogon Errors

Re: NT Domain to AD migration

Re: Planning to Deploy SP2 on Windows Server 2003 with AD (GC)

Re: Possible GPO Setting Failure

Re: Printer not publishing in Directory?

Re: R2 Schema Extension

RE: redirection My Documents

Re: Remote Desktop connection

Re: Seeing Serv03 users/groups from a WinXP client

RE: Seeking tips for setting up an AD 2003 test lab accessible by prod

Re: sending command to an AD server?

Re: Server 2000 domain upgrade to Server 2003

Re: Site Policies and Domain Controllers

Re: SYSVOL share hand icon is red

RE: Tips for setting up a test lab

Re: Types of ICMP Used by DC?

Re: User logging in as limited account

RE: Using netdom.exe to join active directory

Re: w2k3 logs me off right after user/password

Re: W32Time problem

Re: Windows 2003 & 2000 Servers

Re: Windows 2003 NtFrs Event 13508 sysvol\domain

Re: Would You Advise Adding a Domain?

Re: You have exceeded the maximum number of computer accounts ...

Re: [X-POST] Person and User.

Fixed: Adprep did not attempt to run this operation...

AD communication, including replication, fails on multihomed domain controllers

Cause: network adapters on the multihomed domain controllers are registering both the inside and outside Internet Protocol (IP) addresses with the DNS server. Replication operations require multiple lookup requests of SRV records. In this case, half of the DNS lookup requests return an IP address that cannot be contacted, and the replication operation fails.

Solved: A Schema validation check failed...

Can I rename Windows 2003 DC

If you have a Windows 2003 DC, you can use the Netdom tool to rename the DC. The Netdom provide a secure and supported methodology to rename one or more domains. You can find the tool from the Windows 2003 installation CD-ROM

Common Active Directory Issues

1. Incorrect DNS configuration.
2. Incorrect network configuration.
3. Difficulties when you upgrade from Microsoft Windows NT.

Failed to modify the necessary properties for the machine account

Symptom: When you run Dcpromo to create a replica domain controller, you may receive the following error message: Failed to modify the necessary properties for the machine account. Access is denied.

Cause: 1. The account that is used for the promotion operation may not been assigned the "Delegation Privilege" right.
2. One of the operations that takes place during the promotion of a replica domain controller is the modification of the UserAccountControl attribute for the computer you are promoting.
3. When one or more domain controllers are on a Windows 2000 server that is using NAT; and it can be caused by the H.323/Lightweight LDAP proxy service.

For consultants, please refer to case 110804RL

How to check AD DNS Registration

You should have four folders with the following names under DNS forward lookup zones are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp

How to check DC  replication status

To check DC replication status, go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.

How to Enable or Disable a Global Catalog (GC)

Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.

How to install/remove AD/DC

To install/remove AD/DC, use Promote and Demote command.

How to repopulate AD DNS entries

Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

Solved: The requested FSMO Operation failed...

This domain controller holds the last replica of the following application directory partitions

Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com

Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.

What will happen when demoting a DC

When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.