Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Auditing for dirsync attributes

$
0
0

Is there way to retrieve a log file (NOT THE LOGS AVAILABLE in MIIS client) which stores the attributes that were updated in the last synchronization.

We had a strange incident wherein a shared mailbox got converted into a user mailbox and none of the admins were aware of the same.

We are looking to retrieve the information as to when did this happen.


Netlogon Error 5719 and 5783

$
0
0

Hi,

I am getting the below netlogon error in some servers and the application services are getting restarting in those servers.

Netlogon error 5719
This computer was not able to set up a secure session with a domain controller in domain due to the following: 
The remote procedure call was cancelled. 
5783
The session setup to the Windows NT or Windows 2000 Domain Controller \\domain.com for the domain  is not responsive.  The current RPC call from Netlogon on \\machinename to \\domain.com has been cancelled.

When i checked the domain controller (PDC role) i can see that the below error in event viewer 5805 stating

 "The session setup from the computer MachineName failed to authenticate. The following error occurred: Access is denied."

This was started happening recently only. And the replication between domain controllers are working fine showing no errors..

Could any one please help.

Regards

Anu

Powershell script to export all computers in domain, including OS and the OU they are in?

$
0
0

Hello,

I have a working script to export all computers and their OS, but I need to break the list down by OU for budgeting purposes.  Each OU is a different company basically so we can allot so much money per company for upgrading the OS.

Is this possible or do you have to export separate lists by OU one at a time?

Thanks,

Matt

Event ID 1311 - Microsoft-Windows-ActiveDirectory_DomainService

$
0
0

Hi there,

Let me start from the beginning, last month my DNS server stopped, and I fixed that by using netdom resetpwd command. Since then, a lot of error occurs such as:

1. The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 

2. The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server.

Could you kindly help me guys, I am really out of idea what changed?

Kindly advise. Thanks.

How to Delete Multiple Users from specific OU through CSV from AD

$
0
0

Hi, 

Greeting of the Day!

I need help for below Powershell command, How to Delete Multiple Users from specific OU through CSV from AD

Import-Csv
C:\users.csv  | Foreach-Object
{Remove-ADUser -Identity $_.SamAccountName -Confirm:$False }

how i can specify OU?

thanks for your support :) 

How to improve query speed when checking whenCreated or whenChanged for new changes?

$
0
0

Dear technet community:

I need to fetch active directory accounts that have changed since a certain time.

In doing so, I run queries against whenCreated and whenChanged such as:

(whenCreated>=20190219174130.0Z)
or here would be a Get-ADUser command:
Get-ADUser -Filter * -Properties whenCreated | Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(1)).Date}
On my test server, this was fine worked great.

My production active directory has about 210,000 users in it, about 80,000 groups.

Now this query hangs very badly. It seems like it's doing a linear pass through the entire AD.

Shouldn't active directory has an index created on this value so it can be queried very quickly? Is there some trick to making this indexed better?



Windows Lockout issue

$
0
0

I am facing domain account lockout the issue and I am stuck in troubleshooting.

According to below link, I am able to find our problematic domain controller but unable to find event id 4625 on the caller computer name

https://activedirectorypro.com/account-lockout-tool/

change expired password on rdweb / two domains with external trust / not working

$
0
0

Hi,

We are having problems to reset expired passwords on RDWEB.
I have an exisiting topic on the forum here about it: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f43f548d-1921-401d-8ff0-5f5979411c0e/expired-password-reset-option-rdweb-2012r2?forum=winserverTS

We dont found a solution yet and we think the issue is with the existing trust relationship between the 2 domains. My RD collection is on another domain then the users that login to it.
The trust between the domains is an external one, maybe to make this work we need to change it to an transistive trust?

However 100's of users are working on this enviroment. We dont want to break it.
Is it safe to change a trust relationship from external to transistive without breaking things? Could this be the solution for the problems we are experiencing?

Thanks,

LEVD


Password Change not updating in Server

$
0
0

Hi

I have a Windows 2012 DC with ADDS running.

Whenever a user change his / her password from Ctrl+ALT+DEL option from their machine, it is not updating to the server and works only with old password. but Exchange outlook / web mail, other services which intergrated with AD works with new password.

What could be wrong? where to check?


regards Sundaresan.C

Who will be announced as the next Directory Services Guru? Read more about February 2019 competition!!

$
0
0


What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in February 2019 and must be in English. However, the original blog or forum content can be from beforeFebruary 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!


Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.


How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.


PS: Above top banner came from Vimal Kalathil.



Please Mark This As Answer if it solved your issue
Please Vote This As Helpful if it helps to solve your issue
Visakh
----------------------------
My Wiki User Page
My MSDN Page
My Personal Blog
My Facebook Page

DFS Question

$
0
0

Hi I have a question regarding my DFS. 

I started DFS replication between 2 servers about a week ago. The sending server has 475GB to send over

The receiving server has a 1TB partition dedicated. I can see that on the receiving server has 344GB used up. When I look inside the folders I see that the entire folder structure is present however everything seems to be empty. When I go to properties of the folder it is telling me only 20GB is used. I was getting a few errors regarding staging quotas that were set too low. I ran 2 commands which told me that the recommended size was to be 71GB which I set it to.

So I am trying to understand why I don't see anything in the receiving server yet? Is it simply not finished yet?

If it is not finished how can I see what is going on. I've scoured the Internet to find some kind of tool that can tell me verbosly what the DFS is doing but such a tool does not seem to exist. I am looking for something that says something to the effect of

Sending server is sending XXX file at XXX% or DFS replication is at XXX% complete.

Basically, anything that can give me a little information as to what exactly is going on, there doesn't seem to be much information as to what the DFS is doing, how much bandwidth it is consuming, resources..ETC..

Thanks!

Enable Audit in Active Directory

$
0
0

Hello ,

i have worked with many Companies and all of them i found the Audit is not enabled in their Active Directory ! i told is there a reason for that ?  any ideas ?

Regards

Phantom DNS records

$
0
0

I seem to be having a problem with my dns, it might not be my only problem, but it is the one i am currently trying to tackle. Sometimes DNS works to connect to computers, some times it doesn't. I ran a DCDiag /test:dns and got the below result. It tells me that all my srv records are missing. When i go into my dns, all my records appear to be in place. DNS in the adapter settings does point to itself.

Other symptoms of my overall problem include:

  • Error when trying to connect a second DC server (Active Directoy Domain Services could not replicate the directory partition CN=Schema,CN=Configuration,DC=faicorp,DC=local from the remote Active Directory Domain Controller DC1.)
  • can only connect a computer to the domain while it is running dhcp(cannot be staticed.)

dcdaig /test:dns; ipconfig /all; netdom query dc; detdom query fsmo; are all below.

Any help or guidance would be vastly appreciated. I've been bashing my head against this for a while now.

Thanks.

>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DC1 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : faicorp

   Running enterprise tests on : faicorp.local
      Starting test: DNS
         Test results for domain controllers:

            DC: DC1
            Domain: faicorp.local


               TEST: Basic (Basc)
                  Warning: The A record for this DC was not found
                  No host records (A or AAAA) were found for this DC

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone faicorp.local

               TEST: Records registration (RReg)
                  Network Adapter [00000003] Microsoft Hyper-V Network Adapter:
                     Warning:
                     Missing A record at DNS server 172.16.156.11:
                     DC1

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.eac4fbfb-f712-4e84-9da7-adfe7e839361.domains._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._udp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kpasswd._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.gc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _gc._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.pdc._msdcs.faicorp.local

                     Warning:
                     Missing A record at DNS server 172.16.156.11:
                     DC1

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.eac4fbfb-f712-4e84-9da7-adfe7e839361.domains._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._udp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kpasswd._tcp.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _kerberos._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.gc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _gc._tcp.Default-First-Site-Name._sites.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.faicorp.local

                     Warning:
                     Missing SRV record at DNS server 172.16.156.11:
                     _ldap._tcp.pdc._msdcs.faicorp.local

               Error: Record registrations cannot be found for all the network adapters

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: faicorp.local
               DC1                          PASS FAIL PASS PASS WARN FAIL n/a

         ......................... faicorp.local failed test DNS

>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DC1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : faicorp.local

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
   Physical Address. . . . . . . . . : 00-15-5D-D1-79-19
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.16.156.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 172.16.156.1
   DNS Servers . . . . . . . . . . . : 172.16.156.11
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FF5222BD-3646-4E33-9D9E-41A6193D6B4D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

>netdom query dc
List of domain controllers with accounts in the domain:

DC1
The command completed successfully.


C:\Users\administrator.FAICORP>netdom query fsmo
Schema master               DC1
Domain naming master        DC1
PDC                         DC1
RID pool manager            DC1
Infrastructure master       DC1
The command completed successfully.


Active Directory

$
0
0
I have been given a task of using our companies active directory and Visio to create department Org charts that will auto generate information into Visio from the active directory as new employee information is added into our active directory. Is it possible to sync the two? 

A question about cross forest trusts

$
0
0

Can someone please assist with the following question

I read an a very good blog post here https://blogs.msmvps.com/acefekay/2016/09/21/kerberos-authentication-sequence-across-trusts/

However I am unsure about a couple of things

1) Does the TDO (trusted domain object) that is stored in the GC (copied from the System container in the Domain Partition) contain the 'inter-domain key' (e.g. share secret) for the inter-forest trust which is required to encrypt a TGT for the other forest's KDC 

For example in the post above item 3 states for following

3. The KDC in the marketing.trimagna.com then issues the workstation a TGT for the contoso.com domain. This is known as a referral ticket

Therefore I am thinking as the child domain referred to in item 3 'marketing' is not the forest root domain and therefore does not host the forest root trust. Therefore In order to the KDC in the marketing domain to create a TGT for the foreign forest KDC 'contoso.com domain' it would have to encrypt the TGT with a shared secret (inter-domain key) of the forest-trust and the only place I can think a child domain would get this inter-domain key for the inter-forest trust is the GC (global catalogue)

Can someone please verify if my logic is correct please? if not where am I going wrong

Thanks

CXMelga 


I'm having some issue joining a domain on a separate segment.

$
0
0

I'm currently having trouble promoting a server to a domain controller ( windows server 2016 ).    I have 2 segment, 1 is 10.101.16.0/24 and the other is 10.101.17.0/24

The domain is on the 16.0 segment, the server that i want to join is on the 17.0 segment.  been trying off and on for a week or so to resolve this issue.  Any help would be appreciated.  Thanks

I perform NSlookup and it can resolve the name.

I did a portqry from the 17 segment to the domain server on 16 segment.  the log is below.

=============================================

 Starting portqry.exe -n 10.101.16.25 -e 135 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 135 (epmap service): LISTENING

Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d 
ncacn_ip_tcp:10.101.16.25[49664]

UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48 Remote Fw APIs
ncacn_ip_tcp:10.101.16.25[49669]

UUID: 897e2e5f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
ncacn_ip_tcp:10.101.16.25[58819]

UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 
ncacn_ip_tcp:10.101.16.25[49694]

UUID: 367abb81-9844-35f1-ad32-98f038001003 
ncacn_ip_tcp:10.101.16.25[49680]

UUID: 12345678-1234-abcd-ef00-0123456789ab 
ncacn_ip_tcp:10.101.16.25[49673]

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 
ncacn_ip_tcp:10.101.16.25[49673]

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281 
ncacn_ip_tcp:10.101.16.25[49673]

UUID: 4a452661-8290-4b36-8fbe-7f4093a94978 
ncacn_ip_tcp:10.101.16.25[49673]

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209 
ncacn_ip_tcp:10.101.16.25[49673]

UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_ip_tcp:10.101.16.25[49667]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_ip_tcp:10.101.16.25[49667]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_http:10.101.16.25[49670]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 12345778-1234-abcd-ef00-0123456789ab 
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-0123456789ab 
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 12345778-1234-abcd-ef00-0123456789ab 
ncacn_http:10.101.16.25[49670]

UUID: 12345778-1234-abcd-ef00-0123456789ab 
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 12345778-1234-abcd-ef00-0123456789ac 
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-0123456789ac 
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 12345778-1234-abcd-ef00-0123456789ac 
ncacn_http:10.101.16.25[49670]

UUID: 12345778-1234-abcd-ef00-0123456789ac 
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 12345778-1234-abcd-ef00-0123456789ac 
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_http:10.101.16.25[49670]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_http:10.101.16.25[49670]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7 RemoteAccessCheck
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_http:10.101.16.25[49670]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_ip_tcp:10.101.16.25[49671]

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
ncacn_ip_tcp:10.101.16.25[49667]

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
ncacn_http:10.101.16.25[49670]

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 KeyIso
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
ncacn_http:10.101.16.25[49670]

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b Ngc Pop Key Service
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
ncacn_np:10.101.16.25[\\pipe\\lsass]

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
ncacn_ip_tcp:10.101.16.25[49667]

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
ncacn_http:10.101.16.25[49670]

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
ncacn_np:10.101.16.25[\\pipe\\30d20c5f53e1858a]

UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018 Ngc Pop Key Service
ncacn_ip_tcp:10.101.16.25[49671]

UUID: 7f1343fe-50a9-4927-a778-0c5859517bac DfsDs service
ncacn_np:10.101.16.25[\\PIPE\\wkssvc]

UUID: 1ff70682-0a51-30e8-076d-740be8cee98b 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 1ff70682-0a51-30e8-076d-740be8cee98b 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 29770a8f-829b-4158-90a2-78cd488501f7 
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 33d84484-3626-47ee-8c6f-e7e98b113be1 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 33d84484-3626-47ee-8c6f-e7e98b113be1 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 33d84484-3626-47ee-8c6f-e7e98b113be1 
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 86d35949-83c9-4044-b424-db363231fd0c 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 86d35949-83c9-4044-b424-db363231fd0c 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 86d35949-83c9-4044-b424-db363231fd0c 
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 3a9ef155-691d-4449-8d05-09ad57031823 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 3a9ef155-691d-4449-8d05-09ad57031823 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 3a9ef155-691d-4449-8d05-09ad57031823 
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af IP Transition Configuration endpoint
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34 Proxy Manager provider server endpoint
ncacn_ip_tcp:10.101.16.25[49666]

UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b Proxy Manager client server endpoint
ncacn_ip_tcp:10.101.16.25[49666]

UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 Adh APIs
ncacn_ip_tcp:10.101.16.25[49666]

UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: b18fbab6-56f8-4702-84e0-41053293a869 UserMgrCli
ncacn_ip_tcp:10.101.16.25[49666]

UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda UserMgrCli
ncacn_ip_tcp:10.101.16.25[49666]

UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511 IKE/Authip API
ncacn_ip_tcp:10.101.16.25[49666]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_np:10.101.16.25[\\pipe\\SessEnvPublicRpc]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_np:10.101.16.25[\\PIPE\\atsvc]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_ip_tcp:10.101.16.25[49666]

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c Event log TCPIP
ncacn_np:10.101.16.25[\\pipe\\eventlog]

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c Event log TCPIP
ncacn_ip_tcp:10.101.16.25[49665]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_np:10.101.16.25[\\pipe\\eventlog]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_ip_tcp:10.101.16.25[49665]

UUID: a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 
ncacn_np:10.101.16.25[\\pipe\\eventlog]

UUID: a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 
ncacn_ip_tcp:10.101.16.25[49665]

UUID: 2d98a740-581d-41b9-aa0d-a88b9d5ce938 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: c605f9fb-f0a3-4e2a-a073-73560f8d9e3e 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 2c7fd9ce-e706-4b40-b412-953107ef9bb0 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: c521facf-09a9-42c5-b155-72388595cbf0 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 1832bcf6-cab8-41d4-85d2-c9410764f75a 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 4dace966-a243-4450-ae3f-9b7bcb5315b8 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 55e6b932-1979-45d6-90c5-7f6270724112 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 76c217bc-c8b4-4201-a745-373ad9032b1a 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 88abcbc3-34ea-76ae-8215-767520655a23 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 2513bcbe-6cd4-4348-855e-7efb3c336dd3 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 20c40295-8dba-48e6-aebf-3e78ef3bb144 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: b8cadbaf-e84b-46b9-84f2-6f71c03f9e55 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 697dcda9-3ba9-4eb2-9247-e11f1901b0d2 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 9b008953-f195-4bf9-bde0-4471971e58ed 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: fc48cd89-98d6-4628-9839-86f7a3e4161a 
ncacn_np:10.101.16.25[\\pipe\\LSM_API_service]

UUID: 76f226c3-ec14-4325-8a99-6a46348418af 
ncacn_np:10.101.16.25[\\PIPE\\InitShutdown]

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d 
ncacn_np:10.101.16.25[\\PIPE\\InitShutdown]

Total endpoints found: 125



==== End of RPC Endpoint Mapper query response ====
portqry.exe -n 10.101.16.25 -e 135 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 389 -p BOTH ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:


currentdate: 02/20/2019 16:42:05 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=EFPL,DC=Local
dsServiceName: CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
namingContexts: DC=EFPL,DC=Local
defaultNamingContext: DC=EFPL,DC=Local
schemaNamingContext: CN=Schema,CN=Configuration,DC=EFPL,DC=Local
configurationNamingContext: CN=Configuration,DC=EFPL,DC=Local
rootDomainNamingContext: DC=EFPL,DC=Local
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 20801
supportedSASLMechanisms: GSSAPI
dnsHostName: EPL-M-DC1.EFPL.Local
ldapServiceName: EFPL.Local:epl-m-dc1$@EFPL.LOCAL
serverName: CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 7
forestFunctionality: 7
domainControllerFunctionality: 7


======== End of LDAP query response ========

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query response:


currentdate: 02/20/2019 16:42:09 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=EFPL,DC=Local
dsServiceName: CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
namingContexts: DC=EFPL,DC=Local
defaultNamingContext: DC=EFPL,DC=Local
schemaNamingContext: CN=Schema,CN=Configuration,DC=EFPL,DC=Local
configurationNamingContext: CN=Configuration,DC=EFPL,DC=Local
rootDomainNamingContext: DC=EFPL,DC=Local
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 20801
supportedSASLMechanisms: GSSAPI
dnsHostName: EPL-M-DC1.EFPL.Local
ldapServiceName: EFPL.Local:epl-m-dc1$@EFPL.LOCAL
serverName: CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 7
forestFunctionality: 7
domainControllerFunctionality: 7


======== End of LDAP query response ========

UDP port 389 is LISTENING

portqry.exe -n 10.101.16.25 -e 389 -p BOTH exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 636 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 636 (ldaps service): LISTENING
portqry.exe -n 10.101.16.25 -e 636 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 3268 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 3268 (msft-gc service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 3268...

LDAP query response:


currentdate: 02/20/2019 16:42:09 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=EFPL,DC=Local
dsServiceName: CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
namingContexts: DC=EFPL,DC=Local
defaultNamingContext: DC=EFPL,DC=Local
schemaNamingContext: CN=Schema,CN=Configuration,DC=EFPL,DC=Local
configurationNamingContext: CN=Configuration,DC=EFPL,DC=Local
rootDomainNamingContext: DC=EFPL,DC=Local
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 20802
supportedSASLMechanisms: GSSAPI
dnsHostName: EPL-M-DC1.EFPL.Local
ldapServiceName: EFPL.Local:epl-m-dc1$@EFPL.LOCAL
serverName: CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 7
forestFunctionality: 7
domainControllerFunctionality: 7


======== End of LDAP query response ========
portqry.exe -n 10.101.16.25 -e 3268 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 3269 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n 10.101.16.25 -e 3269 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 53 -p BOTH ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 53 (domain service): LISTENING

UDP port 53 (domain service): LISTENING or FILTERED

Sending DNS query to UDP port 53...

UDP port 53 is LISTENING
portqry.exe -n 10.101.16.25 -e 53 -p BOTH exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 88 -p BOTH ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 88 (kerberos service): LISTENING

UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n 10.101.16.25 -e 88 -p BOTH exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 445 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 445 (microsoft-ds service): LISTENING
portqry.exe -n 10.101.16.25 -e 445 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 137 -p UDP ...

portqry.exe -n 10.101.16.25 -e 137 -p UDP exits with return code 0x80000003.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 138 -p UDP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n 10.101.16.25 -e 138 -p UDP exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 139 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 139 (netbios-ssn service): LISTENING
portqry.exe -n 10.101.16.25 -e 139 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 10.101.16.25 -e 42 -p TCP ...


Querying target system called:

 10.101.16.25

Attempting to resolve IP address to a name...


IP address resolved to EPL-M-DC1.EFPL.Local

querying...

TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n 10.101.16.25 -e 42 -p TCP exits with return code 0x00000001.

Below is the Dcdiag log

C:\Windows\system32>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine EPL-M-DC1, is a Directory Server.
   Home Server = EPL-M-DC1
   * Connecting to directory service on server EPL-M-DC1.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=EFPL,DC=Local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=EFPL,DC=Local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EPL-M-DC1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... EPL-M-DC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EPL-M-DC1
      Starting test: Advertising
         The DC EPL-M-DC1 is advertising itself as a DC and having a DS.
         The DC EPL-M-DC1 is advertising as an LDAP server
         The DC EPL-M-DC1 is advertising as having a writeable directory
         The DC EPL-M-DC1 is advertising as a Key Distribution Center
         The DC EPL-M-DC1 is advertising as a time server
         The DS EPL-M-DC1 is advertising as a GC.
         ......................... EPL-M-DC1 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         Skip the test because the server is running DFSR.
         ......................... EPL-M-DC1 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication
         problems may cause Group Policy problems.
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 02/19/2019   16:09:15
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 1355 (The specified domain either does not exist or could not be contacted.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 02/19/2019   16:19:04
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         A warning event occurred.  EventID: 0x80001780
            Time Generated: 02/19/2019   16:24:04
            Event String:
            The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.

            Additional Information:
            Object Category: msDFSR-LocalSettings
            Object DN: CN=DFSR-LocalSettings,CN=EPL-M-DC1,OU=Domain Controllers,DC=EFPL,DC=Local
            Error: 1355 (The specified domain either does not exist or could not be contacted.)
            Domain Controller:
            Polling Cycle: 60
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 02/19/2019   16:30:44
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         An error event occurred.  EventID: 0xC00004B2
            Time Generated: 02/19/2019   16:57:04
            Event String:
            The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

            Additional Information:
            Error: 160 (One or more arguments are not correct.)
         ......................... EPL-M-DC1 failed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... EPL-M-DC1 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... EPL-M-DC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
         Role Domain Owner = CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
         Role PDC Owner = CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
         Role Rid Owner = CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local
         ......................... EPL-M-DC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC EPL-M-DC1 on DC EPL-M-DC1.
         * SPN found :LDAP/EPL-M-DC1.EFPL.Local/EFPL.Local
         * SPN found :LDAP/EPL-M-DC1.EFPL.Local
         * SPN found :LDAP/EPL-M-DC1
         * SPN found :LDAP/EPL-M-DC1.EFPL.Local/EFPL
         * SPN found :LDAP/f21cb588-d8e5-4a64-9b86-d4ec8478e3d5._msdcs.EFPL.Local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f21cb588-d8e5-4a64-9b86-d4ec8478e3d5/EFPL.Local
         * SPN found :HOST/EPL-M-DC1.EFPL.Local/EFPL.Local
         * SPN found :HOST/EPL-M-DC1.EFPL.Local
         * SPN found :HOST/EPL-M-DC1
         * SPN found :HOST/EPL-M-DC1.EFPL.Local/EFPL
         * SPN found :GC/EPL-M-DC1.EFPL.Local/EFPL.Local
         ......................... EPL-M-DC1 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC EPL-M-DC1.
         * Security Permissions Check for
           DC=DomainDnsZones,DC=EFPL,DC=Local
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=ForestDnsZones,DC=EFPL,DC=Local
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=EFPL,DC=Local
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=EFPL,DC=Local
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=EFPL,DC=Local
            (Domain,Version 3)
         ......................... EPL-M-DC1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\EPL-M-DC1\netlogon
         Verified share \\EPL-M-DC1\sysvol
         ......................... EPL-M-DC1 passed test NetLogons
      Starting test: ObjectsReplicated
         EPL-M-DC1 is in domain DC=EFPL,DC=Local
         Checking for CN=EPL-M-DC1,OU=Domain Controllers,DC=EFPL,DC=Local in domain DC=EFPL,DC=Local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local in domain CN=Configuration,DC=EFPL,DC=Local on 1 servers
            Object is up-to-date on all servers.
         ......................... EPL-M-DC1 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... EPL-M-DC1 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 1600 to 1073741823
         * EPL-M-DC1.EFPL.Local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1100 to 1599
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1103
         ......................... EPL-M-DC1 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... EPL-M-DC1 passed test Services
      Starting test: SystemLog
         * The System Event log test
         A warning event occurred.  EventID: 0x0000002F
            Time Generated: 02/20/2019   10:56:59
            Event String:
            Time Provider NtpClient: No valid response has been received from manually configured peer pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... EPL-M-DC1 passed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference) CN=EPL-M-DC1,OU=Domain Controllers,DC=EFPL,DC=Local and backlink on
         CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local are correct.
         The system object reference (serverReferenceBL)
         CN=EPL-M-DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=EFPL,DC=Local and backlink on
         CN=NTDS Settings,CN=EPL-M-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=EFPL,DC=Local are correct.
         The system object reference (msDFSR-ComputerReferenceBL)
         CN=EPL-M-DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=EFPL,DC=Local and backlink on
         CN=EPL-M-DC1,OU=Domain Controllers,DC=EFPL,DC=Local are correct.
         ......................... EPL-M-DC1 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : EFPL
      Starting test: CheckSDRefDom
         ......................... EFPL passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... EFPL passed test CrossRefValidation

   Running enterprise tests on : EFPL.Local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\EPL-M-DC1.EFPL.Local
         Locator Flags: 0xe001f1fd
         PDC Name: \\EPL-M-DC1.EFPL.Local
         Locator Flags: 0xe001f1fd
         Time Server Name: \\EPL-M-DC1.EFPL.Local
         Locator Flags: 0xe001f1fd
         Preferred Time Server Name: \\EPL-M-DC1.EFPL.Local
         Locator Flags: 0xe001f1fd
         KDC Name: \\EPL-M-DC1.EFPL.Local
         Locator Flags: 0xe001f1fd
         ......................... EFPL.Local passed test LocatorCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
         ......................... EFPL.Local passed test Intersite

Below is the DCPromo Log


02/20/2019 11:31:56 [INFO] Promotion request for replica domain controller
02/20/2019 11:31:56 [INFO] DnsDomainName  EFPL.Local
02/20/2019 11:31:56 [INFO] ReplicaPartner  EPL-M-DC1.EFPL.Local
02/20/2019 11:31:56 [INFO] SiteName  Default-First-Site-Name
02/20/2019 11:31:56 [INFO] DsDatabasePath  C:\Windows\NTDS, DsLogPath  C:\Windows\NTDS
02/20/2019 11:31:56 [INFO] SystemVolumeRootPath  C:\Windows\SYSVOL
02/20/2019 11:31:56 [INFO] Account efpl.local\administrator
02/20/2019 11:31:56 [INFO] Options  1179840
02/20/2019 11:31:56 [INFO] Validate supplied paths
02/20/2019 11:31:56 [INFO] Validating path C:\Windows\NTDS.
02/20/2019 11:31:56 [INFO] Path is a directory
02/20/2019 11:31:56 [INFO] Path is on a fixed disk drive.
02/20/2019 11:31:56 [INFO] Validating path C:\Windows\NTDS.
02/20/2019 11:31:56 [INFO] Path is a directory
02/20/2019 11:31:56 [INFO] Path is on a fixed disk drive.
02/20/2019 11:31:56 [INFO] Validating path C:\Windows\SYSVOL.
02/20/2019 11:31:56 [INFO] Path is on a fixed disk drive.
02/20/2019 11:31:56 [INFO] Path is on an NTFS volume
02/20/2019 11:31:56 [INFO] Start the worker task
02/20/2019 11:31:56 [INFO] Request for promotion returning 0
02/20/2019 11:31:56 [INFO] Forcing time sync
02/20/2019 11:31:56 [INFO] Forcing a time sync with EPL-M-DC1.EFPL.Local
02/20/2019 11:31:56 [INFO] Searching for a domain controller for the domain EFPL.Local that contains the account EPL-N-DC1$
02/20/2019 11:31:56 [ERROR] Failed to find a DC for domain EFPL.Local: 5
02/20/2019 11:31:56 [ERROR] Failed to get domain controller for account EPL-N-DC1$ (5)
02/20/2019 11:31:56 [INFO] Error - A domain controller could not be contacted for the domain EFPL.Local that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.
 (5)
02/20/2019 11:31:56 [INFO] The attempted domain controller operation has completed
02/20/2019 11:31:56 [INFO] Updating service status to 4
02/20/2019 11:31:56 [INFO] DsRolepSetOperationDone returned 0

Below is the log from dcpromoui

dcpromoui 1270.1208 23C8 11:31:57.610   posting message to progress window
dcpromoui 1270.10A8 23C9 11:31:57.611         Enter State::GetOperationResultsCode FAILURE
dcpromoui 1270.10A8 23CA 11:31:57.611         OPERATION FAILED
dcpromoui 1270.10A8 23CB 11:31:57.611         Enter State::GetOperationResultsCode FAILURE
dcpromoui 1270.10A8 23CC 11:31:57.611         Enter State::GetUserCancelled false
dcpromoui 1270.10A8 23CD 11:31:57.611         Enter State::IsOperationRetryAllowed
dcpromoui 1270.10A8 23CE 11:31:57.611           true
dcpromoui 1270.10A8 23CF 11:31:57.611         Info: 
dcpromoui 1270.10A8 23D0 11:31:57.611       performed state 28, next state 29
dcpromoui 1270.10A8 23D1 11:31:57.611       Enter FailedFunct
dcpromoui 1270.10A8 23D2 11:31:57.611         Enter State::GetOperationResultsCode FAILURE
dcpromoui 1270.10A8 23D3 11:31:57.611         FAILURE
dcpromoui 1270.10A8 23D4 11:31:57.611       performed state 29, next state 30
dcpromoui 1270.10A8 23D5 11:31:57.611       Enter FinishFunct
dcpromoui 1270.10A8 23D6 11:31:57.611         Enter State::GetFailureMessage The operation failed because:

A domain controller could not be contacted for the domain EFPL.Local that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.


"Access is denied."
dcpromoui 1270.10A8 23D7 11:31:57.611         Error: The operation failed because:

Replicating Domain Controller between PROD and TEST Environments

$
0
0

I'm wondering if anyone has a way to replicate Active Directory objects from a Win2K12 R2 domain controller in a production environment to a Win2K12 R2 DC in an isolated test environment.  It seems the recommendation is to clone a new DC into the TEST environment prior to every use, but I'm trying to avoid having to clone, change IP/DNS, register DNS, and seize FSMO repeatedly.  I would like one DC to live in TEST and be updated from another DC (cloned or live) without causing issues in the PROD environment.

I have tried every configuration that I could think of, including the use of the DCCloneConfig.xml.  I thought maybe a DC cloned from Prod to Test would successfully pair with the existing DC in Test.  Unfortunately it sat at "Domain Controller cloning...2%..." and then rebooted in Safe Mode (even though I'd set the primary DNS to the other DC in Test).  I even tried opening ports b/t a RWDC in TEST and an RODC in PROD.  They did not replicate, and this likely isn't a good idea from a security standpoint anyway.

If anyone is aware of any way to update a test DC safely I would really appreciate your input.  Thank you.

Can't log in Windows Server 2012 r2 when the network cable is plug

$
0
0
Hello every body ,
So here’s my problem, I recently made an update for windows 2012 r2 in 4 of my domain controllers. Since there is impossible for me to enter on these computers.
I can’t logon on physically on my servers and neither on rdp. The only way I find is to enter in my windows 2012 r2 server domain controllers is to unplug the network cable before the restart of windows and then I plug the network cable after 5 minutes the restart is completely over.
The problem is don’t find which KB do this kind of thing. Also I have the problem in my physical machines and my virtual servers.
Thanks


users effective permissions in AD

$
0
0

HI, we had a user that had delegated permissions all over Active directory and i need to find out exactly where she has access.

is there an easy way to export a users effective permissions in AD or a script that i can run

thx

jason

Migrate domain controllers but keep ip addresses

$
0
0

Hi all,

We want to migrate our domain controllers (server 2012R2 / DL/FL 2008R2) to server 2019 core DL/FL 2016 and keep the ip addresses but change hostnames.

Reason to keep ip addresses : many devices like printers, scanners, applications have the dns/ldap/... ip addresses manually configured to point to the domain controllers.

Current situation :

Domain controllers A and B with ip address 1 and 2 (A-1, B-2)
A and B have DHCP in failover mode (load balance), DNS, DFS, and ADDS.
C-3 and D-4 are newly installed server 2019 core domain controllers with the same roles but these domaincontrollers should have ip addresses 1 and 2 after the migration. This is our plan :

  1. migrate fsmo roles to C
  2. Create domain controllers C and D with ips 3 and 4, Server 2019 core, install all roles but dont authorize dhcp
  3. Demote B as ADDS (dhcp should not work now on B), authorize D as dhcp server, change dhcp failover replication partner on A to D (DHCP D should be synced with A now)
  4. Turn off B and remove NIC
  5. Change ip address D to 2 (old B address)
  6. Reboot D and monitor events (DHCP, DNS, ADDS, ...)
  7. Change DHCP replication partner D to C
  8. Demote A, turn off
  9. Change ip address C to 1 (old A ) + reboot
  10. check health state, monitor events, replication etc ...
  11. raise functional level to 2016 on domain,forest
  12. metadata cleanup

Any suggestions ?

kind regards

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>