AD
& DC
A Global Catalog Server could not be located - All GC's are down.
Fixed:
Adprep did not attempt to
run this operation...
Can't contact domain when attempting to join
Can't open Active
Directory Users and Computers, Active Directory Domains and Trusts, Active
Directory Sites and Services with an error
Access denied when trying to create a new
user
Active Directory domain is in mixed mode
Active Directory Domain Services is currently unavailable
AD
communication, including replication, fails on multihomed domain controllers
Use Additional
Domain
Controller after failing
Primary
DC
Solved: A Schema validation check
failed...
Can I rename Windows 2003 DC
Can't change domain name on a server because DC is not available
Can't access Active directory from member server
Can't join the domain because of name
resolution
Can't join domain -
DNS name does not exist
Can't join
domain -
error code
0x0000232B RCODE_NAME_ERROR
Can't logon
using domain credential offline
Can't see the DFS folder in another DC
Causes of Active Directory
replication
issues
Connected to domain not verified
Common
Active Directory Issues
DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
Domain
name (pre-Windows 2000) is empty in Active Directory Domain and Trusts
Microsoft DFS Issues
Domain cached credentials issue
domain
controller was not validated because Access is denied
Fixed: Failed test KnowsOfRoleHolders with error 1722
Failed to modify the necessary properties for the machine account
How to check AD DNS Registration
How to check DC replication
status
How to Enable
or Disable a Global Catalog (GC)
How to
install/remove AD/DC
How to repopulate AD DNS entries
Incorrect Primary
Domain
Controller
Logon scripts
don’t synchronize between two domain controllers
Logon Server is in remote location - should been
local
NETDIAG.EXE - ENTRY POINT NOT FOUND
Object cannot be accessed because: The specified
directory service attribute or value does not exist - Resolution with screenshots
One or more Active Directory Connectors have been found
Problem joining computer to domain
Server doesn't have computer account for trust relationship
Solved: The requested FSMO
Operation failed...
The Active
Directory Domain Service is currently unavailable
The Active Directory Domain Services object could
not be displayed - Resolution with screenshots
The format for the specified network name is invalid
Two same print server names in one
Domain.
This domain controller holds the last replica of the following application
directory partitions
Troubleshoot the File Replication
Service
Troubleshooting File Replication Service Issues
Troubleshooting Windows Time Issues and Tools
Trust relationship between workstation and
domain failed
Unable to logon after changing the domain name
Unable to view attribute or value. You may not
have permissions to view this object - Resolution with screenshots
Unknown Object in Active
Directory - Resolution with screenshots
What will happen when demoting a
DC
Windows 2003 and SBS 2003 installed on
multihomed computer
Windows cannot connect to the domain
Windows cannot create object because Directory problem
Why does my network crash when 1 DC goes down?
Win issues
XP can't connect the same domain in newer server
Perform a non-authoritative restore of the data
How to Repadmin.exe Tool to diagnose Replication Status
MVP Post Collection
Cause: network adapters on the multihomed domain controllers are
registering both the inside and outside Internet Protocol (IP) addresses with
the DNS server. Replication operations require multiple lookup requests of SRV records. In
this case, half of the DNS lookup requests return an IP address that cannot be
contacted, and the replication operation fails.
Can I rename
Windows 2003 DC
If you have a Windows 2003 DC, you can use the Netdom tool to rename the DC.
The Netdom provide a secure and supported methodology to rename one or more
domains. You can find the tool from the Windows 2003 installation CD-ROM
1. Incorrect DNS configuration.
2. Incorrect network configuration.
3. Difficulties when you upgrade from Microsoft Windows NT.
Symptom: When you run Dcpromo to create a
replica domain controller, you may receive the following error message: Failed
to modify the necessary properties for the machine account. Access is denied.
Cause: 1. The account that is used
for the promotion operation may not been assigned the "Delegation Privilege"
right.
2. One of the operations that takes place during the promotion of a replica
domain controller is the modification of the UserAccountControl attribute for
the computer you are promoting.
3. When one or more domain controllers are on a Windows 2000 server that is
using NAT; and it can be caused by the H.323/Lightweight LDAP proxy service.
For consultants, please refer to case 110804RL
How to
check AD DNS Registration
You should have four folders with the following names under DNS forward
lookup zones are present when DNS is correctly registering the Active Directory
DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
How to
check DC replication status
To check DC replication status, go to event logs for NTFRS (File Replication
Service) It will tell you when the last synch was.
Open to Administrative Tools>Active Directory Sites
and Services>Sites, and then double-click the domain
controller you want to work with in the Server folder for your
desired site: Right-click NTDS Settings>Properties.
Make a change accordingly.
WARNING: Do not turn on this option unless you are certain it
will provide value in your deployment. For this option to be useful, your
deployment must have multiple domains, and even then, only one global catalog is
(typically) useful in each site.
How to
install/remove AD/DC
To install/remove AD/DC, use Promote and Demote command.
How to
repopulate AD DNS entries
Manually repopulate the Active Directory DNS entries. You can use the Windows
2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is
included with the Windows 2000 Support tools. At a command prompt, type
netdiag /fix.
This domain controller holds the last replica of the following application
directory partitions
Symptoms: When you demote a DC
by using the Active Dcpromo, you may receive the following error message: This
domain controller holds the last replica of the following application directory
partitions:
DC=MSTAPI,DC=yourdomain,DC=com
Resolutions: Try NTDSUTIL,
Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.
What
will happen when demoting a DC
When a domain controller is demoted, if it is not the last domain controller
in the domain, it performs a final replication and then transfers the roles to
another domain controller. If the domain controller is a global catalog, that
role is not transferred to another domain controller. In this case, you must
manually select the check box in Active Directory Sites and Services Manager for
another domain controller to take over the role.
|
