hi team,

i have no.of domain,under domain no.servers are there, here how we can find each domain how server are located.

exp:Domain Name is A

1

2

3 like that....

Dear all,

I am planing to migrate my Domain controller from 2003 sp2 to server 2012. when i run dcdiag/v i got this warning.Could you please advice me how can i move forward in this time and how to solved this? Report is Below:-

Starting test: RidManager

         * Available RID Pool for the Domain is 3100 to 1073741823
         * KTMRDC.domain.com.np is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2600 to 3099
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1515
         * Warning :There is less than 7% available RIDs in the current pool
         ......................... KTMRDC passed test RidManager

Dipendra Paudel

Hi,

Let me tell you about the initial setup. We had a Windows Server 2003 Standard edition 32 bit operating system, which was our Domain Controller. We installed a Windows Server 2008 R2 Standard edition, which is a virtual machine hosted in ESXi Server. Adprep was ran and DCPROMO was performed. The installation was successful.

But, after installation SYSVOL and Netlogon were missing. I had changed the registry value HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady flag to 1, which was initially 0. After the change, the SYSVOL folder is showing as shared folder why typing C:\>net share. If the registry value is reverted, the SYSVOL is missing.

The issue is still, I am not getting the NETLOGON share folder. Does any one have any idea?

Also, When I try an nslookup, I get the Server: Unknown answer. Why is it so? I would really appreciate if anyone can put any clue on this issue.

Thanks in advance.

Tom Jacob

Cut long story short: I couldn´t unpromote and remove one of my DCs (DC0), and I did a force remove with GUI. All DCs are Server 2012 based. Other DC, DC6 holds all fsmo roles. After force removal of DC0, almost all services of AD is not working. Open almost any mmc console will give "Naming information cannot be located because the specified domain either does not exist or could not be contacted". This is also seeing on the DC6 which holds all FSMO roles. In DNS I see PDC pointed to DC6, but still DC6 wines in dcdiag (I´m only pasting failures on DC6)

Doing primary tests

   Testing server: Default-First-Site-Name\DC6
      Starting test: Advertising
         Fatal Error:DsGetDcName (DC6) call failed, error 1355
         The Locator could not find the server.
         ......................... DC6 failed test Advertising
      Starting test: FrsEvent
         ......................... DC6 passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC6 failed test DFSREvent
     
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\DC6\netlogon)
         [DC6] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
         ......................... DC6 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC6 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DC6] A recent replication attempt failed:
            From DC0 to DC6
            Naming Context: DC=DomainDnsZones,DC=labs,DC=dom
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2013-09-05 15:59:02.
            The last success occurred at 2013-09-05 11:00:40.
            6 failures have occurred since the last success.
         [DC0] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         [Replications Check,DC6] A recent replication attempt failed:
            From DC0 to DC6
            Naming Context: DC=ForestDnsZones,DC=labs,DC=dom
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.

            The failure occurred at 2013-09-05 15:59:02.
            The last success occurred at 2013-09-05 10:57:39.
            6 failures have occurred since the last success.
         [Replications Check,DC6] A recent replication attempt failed:
            From DC0 to DC6
            Naming Context: CN=Schema,CN=Configuration,DC=labs,DC=dom
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2013-09-05 15:59:02.
            The last success occurred at 2013-09-05 10:58:09.
            6 failures have occurred since the last success.
         [Replications Check,DC6] A recent replication attempt failed:
            From DC0 to DC6
            Naming Context: CN=Configuration,DC=labs,DC=dom
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2013-09-05 15:59:02.
            The last success occurred at 2013-09-05 11:00:47.
            6 failures have occurred since the last success.
         [Replications Check,DC6] A recent replication attempt failed:
            From DC0 to DC6
            Naming Context: DC=labs,DC=dom
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2013-09-05 15:59:02.
            The last success occurred at 2013-09-05 11:08:56.
            6 failures have occurred since the last success.
         ......................... DC6 failed test Replications

      Starting test: SystemLog
         An error event occurred.  EventID: 0xC00038D6
            Time Generated: 09/05/2013   16:20:17
            Event String:
            The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
         An error event occurred.  EventID: 0x000007D1
            Time Generated: 09/05/2013   16:24:06
            Event String:
            Microsoft Antimalware has encountered an error trying to update sign
atures.
         A warning event occurred.  EventID: 0x00001796
            Time Generated: 09/05/2013   16:32:59
            Event String:
            Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2013   16:33:30
           
            The attempt by user LABS\admin to restart/shutdown computer DC6 fail
ed
         ......................... DC6 failed test SystemLog
     
   Running enterprise tests on : labs.dom
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... labs.dom failed test LocatorCheck
      Starting test: Intersite
         ......................... labs.dom passed test Intersite

I remember I had a case many years ago with W2003 DCs, that DC was unseccussfully removed, and Domain services stoped working, so I had to remove some CN names of old DC with ndisutil.  

Hi,

We are planning on moving one of domain controllers to another location. It's a physical server so we have no choice but to turn it off then turn it back on after transporting. We were thinking of transfering the Fsmo roles to another DC before proceeding with this. What are the best practices in such scenarios to minimize impact on authentication? 

*The activity could take some hours to complete.

Cheers,

Xy

Hi,

The schema:

My company new AD infrastrure (built from scratch) is made of

- 3 DC (DC01,DC02,DC03)

- 47 RODC

All servers are W2012 ,clients are W7

DC01 and DC02 are on the same site (SITE0) with a synchronization delay of 15 mn, cost 100

DC03 is alone on a remote site (SITE1) for AD backup. It is synchronized at a 7 days delay with DC01, cost 200 (MS best practice)

Each RODC is on a distinct site. So 47 RODC = 47 sites

The problem:

Some times when I join a computer on a remote RODC site, for example SITE20 (computer accounts are prestaged), the join is made with DC03.

Thus after reboot the user receives an error message at logon: "The trust relationship between this workstation and the primary domain failed" that's because SITE20 RODC is not uptodate . It's normal because DC03 is replicated each 7 days whith DC01 and for that reason the local RODC is not uptodate.

The solution I imagine is to forbid DC03 to be used as an active DC for AD management.

The question:

Is there a way to prevent hosts to join domain on DC03 ?

Is there a way to make our DC03 just a backup server and disable it playing any other game ?

Many thanks for your help.

Lou Gascou

Hello everyone, I have a two way transitive trust between two forest.  Forest A and forest B. 

On child domains of forest A i can create local groups and even put users from forest B. 

but when I log to a workstation on a child domain of forest A. I do not see the option to login with a user from any domain in Forest B. Is there something I am missing. 

When I look at the trusts on the root domain of forest A. I see the domains on Forest B as trusted and is transitivie. but when I go to a child domaino on Forest A. (child.forestA.local) I do not see any domains from Forest B in trusted by this domain

hey guys, i just created a new DC in a server 2012 environment. i created this DC to replace an older 2012 one. After installing AD and promoting to a DC and i shutdown my old DC i get an error when openign active directory on the new one "Naming information can not be located: because the specified Domain either does not exist or could not be contacted". When i look at the event log i see errors about no replication with the Domain System volume, log name: DFS Replication event ID 4612 and log name: DFS Replication event ID:5002. Any help on how to fix this replication problem, thanks. here is a DCDiag of my new DC;

C:\Users\Administrator.HIBISCUSHOUSE>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Advertising
         Warning: DsGetDcName returned information for (wasnt letting me put a link)
         when we were trying to reach DC01.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... DC01 failed test Advertising
      Starting test: FrsEvent
         ......................... DC01 passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... DC01 failed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: SystemLog
         ......................... DC01 passed test SystemLog
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : HibiscusHouse
      Starting test: CheckSDRefDom
         ......................... HibiscusHouse passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... HibiscusHouse passed test CrossRefValidation

   Running enterprise tests on : HibiscusHouse.loc
      Starting test: LocatorCheck
         ......................... HibiscusHouse.loc passed test LocatorCheck
      Starting test: Intersite
         ......................... HibiscusHouse.loc passed test Intersite

Last night, I moved the DHCP role to a second domain controller, and then demoted the one I moved it off of (had to be force removed because of some errors).

This morning, about half of the DNS A records of the computers in that office showed up in DNS (timestamp at 6 AM, when they automatically booted). But half of them have no DNS records. Why are some of them not showing up?

The only unusual event viewer warning is that it didn't have DNS credentials. http://support.microsoft.com/kb/282001/en-us I put those in like the website said, and still nothing.

In IPV4 & scope Properties > DNS tab, I changed the option to Always dynamically update DNS. No good.

 Why is this half working?  What else can I try? 

Hello Experts,

I am configuring ADC (Additional Domain controller) in a member server which is in workgroup. while configuring ADC on that server, I got a window saying "additional information for this domain controller", where there were three options, i.e. DNS server, Global Catalog, RODC (Read only Domain controller) and bydefault first two options(DNS & Global Catalog) were checked. I kept that setting and clicked on next. Now this is showing I need to give a static IP to my adapter, but I have already given a static IP. when I unchecked the DNS button from that window it was not giving such error. Now my question is if I continue without checking the DNS, will it give me trouble in future. Please suggest. I am using MS2008 R2.

Swaprakash..

hello 

i have windows server 2008 R2 as AD and ADC

clients are windows 7 and XP SP3

now my problem is :

when i want to join windows xp to domain i have not problem

but when i want to join windows 7 to domain,i enter domain name,it ask me for user name and password,i enter them,but after some seconds it show me an error :the network name cannot be found!

i tested this with several PCs 

I am thoroughly confused. Please have anyone  any idea on this?

Regards

Hi,

We have kept our web server [Win 2012 OS] on different subnet and we want to join it to our AD Domain [Installed on Win 2012 OS] using LDS.

Is it possible? If yes, please mention the steps for that... 

The only purpose is single sign-on...

Thanks,

Hi Experts,

I have a domain user (say, user1), and it is also the member of domain administrator group. Now when I run a VBscript file from user1, it shows a error message (error opening installation logfile,verify that the specified file location exists and writable), but when I run the same file from domain administrator, its not giving any such error, I think there is some permission issue. Kindly suggest.

Kindly note, user1 is the member of 1.administrator 2. domain admins 3. domain controllers 4. domain users 5. enterprise admins 6. IIS_IUSRS

Swaprakash..

I think that it's obvious that the best approach will be to have a Physical Domain Controller to be restored. But at the same time I don't think that the scenario that I exposed will not be valid.

Andres Zamora

andresz

Hi,

As in title. I receive an error stating “There is no user session key for the specified logon session”

The NetSetup.log contains

07/09 15:18:14 -----------------------------------------------------------------
07/09 15:18:14 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
07/09 15:18:14 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
07/09 15:18:14 NetpValidateName: name 'contoso.com' is valid for type 3
07/09 15:18:20 -----------------------------------------------------------------
07/09 15:18:20 NetpDoDomainJoin
07/09 15:18:20 NetpMachineValidToJoin: 'CLIENT5'
07/09 15:18:20 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:20 NetpMachineValidToJoin: status: 0x0
07/09 15:18:20 NetpJoinDomain
07/09 15:18:20  Machine: CLIENT5
07/09 15:18:20  Domain: contoso.com
07/09 15:18:20  MachineAccountOU: (NULL)
07/09 15:18:20  Account: contoso\administrator
07/09 15:18:20  Options: 0x25
07/09 15:18:20  OS Version: 5.1
07/09 15:18:20  Build number: 2600
07/09 15:18:20  ServicePack: Service Pack 3
07/09 15:18:20 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
07/09 15:18:20 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
07/09 15:18:20 NetpValidateName: name 'contoso.com' is valid for type 3
07/09 15:18:20 NetpDsGetDcName: trying to find DC in domain 'contoso.com', flags: 0x1020
07/09 15:18:20 NetpDsGetDcName: found DC '\\DC1.contoso.com' in the specified domain
07/09 15:18:20 NetpJoinDomain: status of connecting to dc '\\DC1.contoso.com': 0x0
07/09 15:18:20 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:20 NetpGetDnsHostName: Read NV Hostname: CLIENT5
07/09 15:18:20 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: contoso.com
07/09 15:18:20 NetpLsaOpenSecret: status: 0xc0000034
07/09 15:18:20 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:20 NetpLsaOpenSecret: status: 0xc0000034
07/09 15:18:20 NetpSetMachineAccountPasswordAndTypeEx: SamSetInformationUser for UserSetPasswordInformation failed: 0xc0000202
07/09 15:18:20 NetpJoinDomain: status of setting machine password: 0x572
07/09 15:18:20 NetpJoinDomain: initiaing a rollback due to earlier errors
07/09 15:18:20 NetpLsaOpenSecret: status: 0x0
07/09 15:18:20 NetpJoinDomain: rollback: status of deleting secret: 0x0
07/09 15:18:20 NetpJoinDomain: status of disconnecting from '\\DC1.contoso.com': 0x0
07/09 15:18:20 NetpDoDomainJoin: status: 0x572
07/09 15:18:20 -----------------------------------------------------------------
07/09 15:18:20 NetpDoDomainJoin
07/09 15:18:20 NetpMachineValidToJoin: 'CLIENT5'
07/09 15:18:20 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:20 NetpMachineValidToJoin: status: 0x0
07/09 15:18:20 NetpJoinDomain
07/09 15:18:20  Machine: CLIENT5
07/09 15:18:20  Domain: contoso.com
07/09 15:18:20  MachineAccountOU: (NULL)
07/09 15:18:20  Account: contoso\administrator
07/09 15:18:20  Options: 0x27
07/09 15:18:20  OS Version: 5.1
07/09 15:18:20  Build number: 2600
07/09 15:18:20  ServicePack: Service Pack 3
07/09 15:18:20 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
07/09 15:18:20 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
07/09 15:18:20 NetpValidateName: name 'contoso.com' is valid for type 3
07/09 15:18:20 NetpDsGetDcName: trying to find DC in domain 'contoso.com', flags: 0x1020
07/09 15:18:21 NetpDsGetDcName: found DC '\\DC1.contoso.com' in the specified domain
07/09 15:18:21 NetpJoinDomain: status of connecting to dc '\\DC1.contoso.com': 0x0
07/09 15:18:21 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:21 NetpGetDnsHostName: Read NV Hostname: CLIENT5
07/09 15:18:21 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: contoso.com
07/09 15:18:21 NetpLsaOpenSecret: status: 0xc0000034
07/09 15:18:21 NetpGetLsaPrimaryDomain: status: 0x0
07/09 15:18:21 NetpLsaOpenSecret: status: 0xc0000034
07/09 15:18:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1.contoso.com' for 'CLIENT5$' failed: 0x8b0
07/09 15:18:21 NetpSetMachineAccountPasswordAndTypeEx: SamSetInformationUser for UserSetPasswordInformation failed: 0xc0000202
07/09 15:18:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\DC1.contoso.com' for 'CLIENT5$': 0x572
07/09 15:18:21 NetpJoinDomain: status of creating account: 0x572
07/09 15:18:21 NetpJoinDomain: initiaing a rollback due to earlier errors
07/09 15:18:21 NetpLsaOpenSecret: status: 0x0
07/09 15:18:21 NetpJoinDomain: rollback: status of deleting secret: 0x0
07/09 15:18:21 NetpJoinDomain: status of disconnecting from '\\DC1.contoso.com': 0x0
07/09 15:18:21 NetpDoDomainJoin: status: 0x572

I've tried
- AD Domain Level 2008 and 2012
- Ensure WinXP clients are fully patched up and running SP3

But I still get the same error.

There is this thread http://social.technet.microsoft.com/Forums/windowsserver/en-US/bc5eddeb-dd85-458d-bbb9-3fa723ce943b/windows-xp-cant-join-windows-server-2012-r2-dc with an identical issue, and the post marked as solution has nothing to do with the issue at hand.

Has anyone any ideas on how to actually resolve the situation?

Ok I need I second opinion on this...

We have three 2012 DC's. Two physical and one virtual (Hyper-V 2012). On some clients (not all) the virtual DC's netlogon share is there but empty. I can go to Sysvol and view the scripts folder fine. There's just no items in the netlogon share.

It seems to be related to error 5719 on the client which is a netlogon service authentication delay (due to our Cisco STP). However, even when this error occurs the other two DCs both show their netlogon shares without a problem. Why??!! I could understand it if they all showed blank netlogon shares. The virtual DC isn't any FSMO roles just a normal DC with Global Catalog. DNS resolutions all fine.

We have scripts in our netlogon shares and any user using the virtual DC isn't running those scripts due to this error. It's very client specific in that it's not all PC's. They have no common NIC or other hardware. Very random.

Any ideas??

Gareth

Gareth Harle

my CA has been deleted and i have problem with connecting to my servers remotely ,

how can i fix it

Emergency!!!!!!!!!!!!!!!!!!!!!

S.Sanadi

Hi,

Is there any way to get Active Directory user password in plain text format. I am using windows 2008 Server R2.

Regards,

Mangesh Bhanage

Hello Experts,

I want to change my existing domain name. What are the steps and precautions I should follow? My Active Directory is running on MS 2008R2 Ent. os, all my other servers are the same version except two which is running MS 2008R2 Datacenter. I have no exchange server in my network, and I am running MS SQL2008R2 in my networks. So what would be the steps and precautions. please share your view.

Swaprakash..