Hi,

I have Windows Server 2003 DC configured. It is Catalog Server and it holds all the fsmo roles .Also DNS Server too.

Now I created an additional domain Controller (ADC) _ dns server + i made it a global catalog server too,

The problem is when i shutdown my dc, I am not able to join client machines to the domain.

It says " The domain controller could not be contacted"

DNS Successful queried srv records..

the following domain controllers were found:

---

---

"

In the client pc , i have set up dns of dc and alternate dns of adc.

Why is this problem occurring?

Samvit

Hello Everyone,

we have a forest and a domain both running in 2003 native mode. We have a mixture of domain controllers running 2003 and 2008 R2 and just recently deployed two new domain controllers running 2012 R2. The 2012 R2s are configured as global catalogs but do not hold any additional FSMO roles.

Unfortunately we have a very strange issue with the two new 2012 R2 DCs:

We have installed the domain management tools on the 2012 R2 domain controllers. When managing our domain using the locally installed tools on the DCs everything is ok. DSA.MSC shows version 6.3.9600.16384. We also have a number of admin workstations running windows 7 enterprise 64 bit with service pack 1. We have RSAT tools for windows 7 sp1 (Windows6.1-KB958830-x64-RefreshPkg.msu) installed on these machines. DSA.MSC shows version 6.1.7601.17514. Whenever we try to rename a user account from the win7 computers, the 2012 R2 DC that is targeted shows a message saying that it will reboot within 60 seconds - and then does just that. On the client we see a message saying

"Windows cannot complete the rename operation on <name> because: The server is not operational. Name related properties on this object might be out of sync."

The server logs two errors in the application log:

1. Event ID 1000, Application Error:

Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
Exception code: 0xc0000005
Fault offset: 0x000000000019e45d
Faulting process id: 0x214
Faulting application start time: 0x01cefa6743edbeec
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\ntdsai.dll
Report Id: d4cd7581-665c-11e3-80d7-005056984a2b
Faulting package full name:
Faulting package-relative application ID:

2. Event ID 1015, Source Wininit:

A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.

These issues do not occur if we target the admin workstations to use one of our older 2008 R2 DCs. Does anyone have an idea? Any help would be appreciated!

Regards

Harry

I have a domain controller that is registering all of its network addresses with DNS. The problem is this computer is connected to the internet using a PPPoE connection and connected to another network using a Site - to - Site VPN. The two connections used for those are registering themselves as well. So now I have three entries in DNS for the domain controller and if it responds with one of the two addresses associated with PPPoE or VPN it the computer does not respond because those addresses are not on the same network.

I have tried un-checking the boxes on the network adapter in the network properties and setting the registery key DisableDynamicDNS to 1 for the interfaces I do not want registered, yet they still come back. I have read that NetLogon will register these addresses for the Domain Controller and that I could disable that, but then I wouldn't have the SVR records or anything else registered properly.

Does anyone have any ideas how I can disable this or work around it? At least a few times a day some services will fail because there is no response from the domain controller on those addresses.

Hi,

is there a newer version of this document available?

Active Directory in Networks Segmented by Firewalls

https://www.microsoft.com/en-us/download/details.aspx?id=16797

The document in the link above is written for Windows 2000. Even the changes are not dramatically it would be nice to have a version with current product names handy.

Thank you,

Lutz

I have a list(in which i have certain userlogon name like 300 out of 3000 employees). Using this logon name i need to collect their userdetails like full name, display name,manager name and department, etc..

i gave a try by using "dsquery & dsget" options but doesn't worked out.

the code i tried:

dsquery user "cn=users,dc=msad2k,dc=com" -name t* | dsget user -samid -fn > c:\test.txt

the above query gives me only the user name starts with "t". But i have random userlogon name in an text document or in excel. I need those user details.

Hello,

I am looking for a AD PowerShell command to add Primary SMTP address to the user property based on user UPN.

Example i have the above user with the UPN whom i want to add SMTP proxy address, please suggest.

Regards,

Maqsood

Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

Hi everyone,

I'm french guy so sorry in advance for grammatical errors...

Scenario :

On our platform, we have 3 VLAN for servers :

- VLAN "PROD" : x.x.229.0/24

- VLAN "ADMIN" : x.x.227.0/24

- VLAN "SERVICES" : x.x.223.0/24

Every production servers have 2 NIC, one in VLAN PROD, one in VLAN ADMIN.

Example : 

SERVER 01

ETH0: x.x.229.140

ETH1: x.x.227.140

##### ROUTE TABLE #####

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       x.x.229.1     x.x.229.140    261
       x.x.223.0    255.255.255.0       10.7.227.1     x.x.227.140      6
       x.x.227.0    255.255.255.0         On-link      x.x.227.140    261
     x.x.227.140  255.255.255.255         On-link      x.x.227.140    261
     x.x.227.255  255.255.255.255         On-link      x.x.227.140    261
       x.x.229.0    255.255.255.0         On-link      x.x.229.140    261
     x.x.229.140  255.255.255.255         On-link      x.x.229.140    261
     x.x.229.255  255.255.255.255         On-link      x.x.229.140    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      x.x.227.140    261
        224.0.0.0        240.0.0.0         On-link      x.x.229.140    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      x.x.227.140    261
  255.255.255.255  255.255.255.255         On-link      x.x.229.140    261

Domain controllers have 1 NIC in VLAN SERVICES.

Example :

DC01

ETH0: x.x.223.39

##### ROUTE TABLE #####

No change here, default route is x.x.223.1.

My issue :

Randomly, SERVER01 try to authenticate with AD on his NIC "PROD", instead of NIC "ADMIN". Firewall rules restrict AD traffic on VLAN "PROD".

My searchs:

I launched Network Monitor for 12 hours, and I see ARP request everytime there is request on NIC "PROD".

Question:

Do you know if there is an option in Windows Server 2008R2/2012 to restrict AD traffic on NIC ?

Do you know why SERVER01 don't use route table randomly ?

Thanks in advance for your help.

Kevin B.

I have two old 2003 DC, one named DC01 which is FSMO and one named DC02.

I want to upgrade the AD to 2012.

My plan:
Install two new AD servers (DC03 and DC04) with Windows Server 2012
Install Active Directory Services on them
Promote the servers
Check everything is replicated over to the new AD servers
Change DHCP and Servers to the new DNS servers.
Change RID, PDC, Infrastructure, Operations Master, Schema Master to DC03.
Change Global Catalog Server to DC03
Check the roles is on DC03 with netdom Query FSMO

Run DCPROMO on DC01 and DC02 to demote them from Global Catalog Server.
Raise function level from 2003 to 2012

Can any of you see a problem with this?

Regards Nicolai Pedersen.

Hello,

we recently remove a trust relationship to an external Domain that has now been retired. However there is still an object of class Microsoft_DomainTrustStatus in the database which is causing Operations Manager to trigger alerts.

How can I remove this object safely.

I tried netdom trust /remove /force however I receive the error that either the domain is unavailable or "file not found".

When I restart one of the domain controllers of the retired domain the error message changes to "The specified domain either does not exist or could not be contacted." and the error message on the object in AD changes to "Access Denied." or "The workstation does not have a trust secret".

The trust does not show up in "Active Directory Domains and Trusts". When I do a netdom query trust on some DCs the list is empty on other DCs the output looks like this:

Direction Trusted\Trusting domain                         Trust type
========= =======================                         ==========
          olddomain.local
Direct
The system cannot find the file specified.
The command failed to complete successfully.

I hope someone has some advise.

Thank you

Sascha

Hello there,

Am hoping someone can help...

On 1 of my 2008 R2 DCs (AV2) I'm seeing multiple errors for enterprise tests from DCDIAG (please see output below). The errors are mainly 1355 and they sound quite serious ("A Primary Domain Controller could not be located", "The server holding the PDC role is down.").

In Event Viewer on my AV2 server I'm also seeing errors 1202 (Active Directory Web Services) and 8016 (related to my Sophos anti-virus management console).

These issues seemed to have cropped up after installing a bunch of Microsoft updates.

Thanks in advance for any feedback.

C:\Users\admin1.mydomain>netdom query fsmo
Schema master               FS1.mydomain.com
Domain naming master        FS1.mydomain.com
PDC                         FS1.mydomain.com
RID pool manager            FS1.mydomain.com
Infrastructure master       FS1.mydomain.com
The command completed successfully.


C:\Users\admin1.mydomain>
C:\Users\admin1.mydomain>
C:\Users\admin1.mydomain>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = AV2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\AV2
      Starting test: Connectivity
         ......................... AV2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\AV2
      Starting test: Advertising
         Warning: AV2 is not advertising as a time server.
         ......................... AV2 failed test Advertising
      Starting test: FrsEvent
         ......................... AV2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... AV2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... AV2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... AV2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... AV2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... AV2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=mydomain,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=mydomain,DC=com
         ......................... AV2 failed test NCSecDesc
      Starting test: NetLogons
         ......................... AV2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... AV2 passed test ObjectsReplicated
      Starting test: Replications
         ......................... AV2 passed test Replications
      Starting test: RidManager
         ......................... AV2 passed test RidManager
      Starting test: Services
         ......................... AV2 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0xC0001B6F
            Time Generated: 12/09/2013   16:54:59
            Event String:
            The Sophos Management Service service terminated with the following error:
         An error event occurred.  EventID: 0xC0001B6F
            Time Generated: 12/09/2013   17:05:01
            Event String:
            The Sophos Management Service service terminated with the following error:
         A warning event occurred.  EventID: 0x0000000B
            Time Generated: 12/09/2013   17:19:31
            Event String:
            Custom dynamic link libraries are being loaded for every application. The system adminis
trator should review the list of libraries to ensure they are related to trusted applications.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 12/09/2013   17:19:44
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart ca
rd logons, or the KDC certificate could not be verified. Smart card logon may not function correctly
 if this problem is not resolved. To correct this problem, either verify the existing KDC certificat
e using certutil.exe or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x00000C18
            Time Generated: 12/09/2013   17:19:52
            Event String: The primary Domain Controller for this domain could not be located.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 12/09/2013   17:20:01
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 ser
ver operation, you should use only static IPv6 addresses.
         An error event occurred.  EventID: 0xC0001B6F
            Time Generated: 12/09/2013   17:20:07
            Event String:
            The Sophos Management Service service terminated with the following error:
         A warning event occurred.  EventID: 0x00000012
            Time Generated: 12/09/2013   17:19:23
            Event String:
            The Remote Desktop license server "AV2" has not been activated and therefore will only i
ssue temporary licenses. To issue permanent licenses, the Remote Desktop license server must be acti
vated.
         A warning event occurred.  EventID: 0x00000081
            Time Generated: 12/09/2013   17:19:40
            Event String:
            NtpClient was unable to set a domain peer to use as a time source because of discovery e
rror. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The
error was: The entry is not found. (0x800706E1)
         A warning event occurred.  EventID: 0x00000081
            Time Generated: 12/09/2013   17:19:57
            Event String:
            NtpClient was unable to set a domain peer to use as a time source because of discovery e
rror. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The
error was: The entry is not found. (0x800706E1)
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 12/09/2013   17:21:25
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/AV2.mydomain.com; WSMAN/AV2.

         An error event occurred.  EventID: 0xC0001B6F
            Time Generated: 12/09/2013   17:29:06
            Event String:
            The Sophos Management Service service terminated with the following error:
         An error event occurred.  EventID: 0xC000271A
            Time Generated: 12/09/2013   17:29:36
            Event String:
            The server {2C5339F1-B8D3-4D40-9245-E68E0F8C6380} did not register with DCOM within the
required timeout.
         An error event occurred.  EventID: 0xC0001B6F
            Time Generated: 12/09/2013   17:29:57
            Event String:
            The Sophos Management Service service terminated with the following error:
         ......................... AV2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... AV2 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : mydomain
      Starting test: CheckSDRefDom
         ......................... mydomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... mydomain passed test CrossRefValidation

   Running enterprise tests on : mydomain.com
      Starting test: LocatorCheck
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         ......................... mydomain.com failed test LocatorCheck
      Starting test: Intersite
         ......................... mydomain.com passed test Intersite

C:\Users\admin1.mydomain>

Dear Friends

I have mail server on Linux and i joined my mail server with Active Directory and my user in Active Directory can login to my mail server but i want to manage them by tab in Active Directory such as enable/disable they email on Active Directory Without disable they account.

How can i fix this in Active Directory?

Hi Experts,

Earlier I started thread regarding Inter Forest Migration and it was successfully complete by your guidance. Appreciated.

Now we are supposed to complete one Intra-Forest migration (Single Forest with Multiple domain)-Tree Root trust.

I compared Prerequisites with Inter-Forest Migration in Microsoft's Official document ADMTmigguide.doc but i found below mentioned points are missing.

(a) Migration Account with required access rights

(b) DNS suffix search list.

(c) Creating Encryption key in Target domain

(d) Password export server to be installed in Source domain.

(e) Adding Account to Restrictive Groups in Source domain.

(f) SID history Migration steps using Group Policy

(g) Creating local group in the source domain to support auditing. domain$$$

I just wanted to know if these are really not required as I did not find any hint in Document, It would be great if anyone can link me to one portable Intra-Forest Migration blog/link.

Sword Maker

Dear All,

We are about to raise the domain functional level of our domain. We have two DCs, both Windows Server 2008 R2, but the domain is still Windows Server 2003. From what I understand raising it to Windows Server 2008 or Windows Server 2008 R2 should not be a problem, but reversing that process to a level below Windows Server 2008 would impossible "unless you are prepared to restore the entire domain from backups." I have looked for instructions on how this restoring of the domain from backups would work (just in case I break SaMBa compatibility), but I have only found resources on how to perform a full server restore (which is unnecessary as our servers would still be there), or how to perform an authoritative restore of deleted items (which is not enough as I would not just want to recover some lost items, but put it back to functional level Windows Server 2003).

Does anyone know of instructions specific to the "I need to reverse a domain functional level raise" question?

I am running daily "wbadmin start systemstatebackup" backups; would that be enough for this kind of restore?

Thank you for your help.

Yours,

FD

Hello,

Our domain consist of three Domain controllers, all in server 2008. Everything was working fine till we restart our Primary domain controller. After the restart when I initiate the command "repadmin /syncall" it is returning an error as below:

CALLBACK MESSAGE: Error contacting server 20547b77-7bc2-486a-2cfb-9638a89d99dbd._
msdcs.xxx.com (network error): 5 (0x5):
    Access is denied.

SyncAll exited with fatal Win32 error: 8440 (0x20f8):
The naming context specified for this replication operation is invalid.

But in additional domain controllers the same command is working fine and the  replication is happening successfully. Please help me out.

Regards,

Tony

I just migrated a 2003  domain to 2012 R2.   Things were working ok & then XP clients became AD stupid.

Steps I took:

Added a VM 2012 R2 DC to the domain.  Server had DNS installed.  Ran dcdiag & bpa and resolved any issues. 

About a week later I moved all roles over to the VM DC.

Tore down one of the NT2003 DCs (not VM) and rebuit it as a 2012 R2 DC w/DNS.  Ran dcdiag & bpa and resolved any issues.   Had problems with DNS scavenging removing some static records.  readded records & made sure the  "Delete record when it becomes stale" was unchecked on all static records (all fwd & rev zones).

Moved all roles from the VM DC to the hardware DC.

After a week I tore down the 2nd (& last) nt2003 DC (not VM) and rebuilt it as a 2012 R2 DC w/DNS.  Ran dcdiag/bpa and fixed any issues.  Also ran it on the other DCs.

Removed the VM 2012 R2 DC from the domain (demote, remove features, remove from domain, power off, delete VM).

Everything seems to be working fine.  dcdiags look clean, event logs seem good.

Bump forest/domain to 2012 R2 native.

Then, a few days later,  it goes bad.  I (after hours) install all accumulated updates on both DCs.  Reboot both.

Next AM a user calls.  Her thin client cannot connect to the terminal services server.  DNS has deleted its dns record, even though the delete when stale was unchecked.  :|  So I readd the static record and turn off scavenging.  Problem solved.

Next call s from a XP user (we have XP, Win 7, and thin clients).  She cannot print.  Printers show "cannot connect".  Try various things to no avail.  Check Win 7 boxes and they're working fine & printers are connected.  Note that the XP & Win7 boxes all pull their DHCP address from the same dhcp server/scope.

Review error logs and run dcdiag.  There are several somewhat esoteric errors.  After several hours or tail chasing I decide to take a more scorched earth tack.  I demote the 2nd DC and remove AD & DNS from it. After demotion and role removal I check AD and it still shows the DC.  I remove the now just a server from the domain.  Clean up DNS & AD removing all traces.  This takes a while as I have to run variuos scripts (tahnk you google) to ensure AD is clean.

Run dcdiag and resolve issues.  Even a detailed dcdiag comes out clean.  Replication tests show the old server is now forgotten.

Check XP boxes and they still show printers as "cannot connect".

Remove a XP PC from the domain.  Try to rejoin and I get a error.  Rename it and still get the error.  I can ping, nslookup, etc and they return the correct IP.

I've tried the simple change the join a domain in system properties.  That gives a somewht non descript error.  The network identification wizard seemed to find the domain but didn't work.  As it was trying to find the PC in AD, I went ahead and added it via AD users& Computer console.  Run the wizard and it tells me it found the record in AD.  It then says "a domain controller for the domain [ourdomain] could not be contacted."  !?  Yet the prior screen it told me it had found the record for the PC on the DC.

nslookup for ourdomain.local as well as dcname.ourdomain.local resolve correctly.  Tried chenging the PC to static - no change.  Rename the old win 2012 R2 dc (now just a server outside the domain), reboot, and the try to rejoin the domain.  Works flawlessly.

BTW - We're running tcpip w/o netbios over tcpip.

So basically my XP boxes cannot use AD printers and cannot join the domain.  IDK if they're picking up gp updates (I'll check in the AM), but I suspect they're not.

Short of buying a truckload of Win 7 licenses and reloading OSs, what can I do to fix this?

Details on the XP box error (fyi - I did a record to record comparison to a Win 2008 domain's SRV records and they look identical (except, fo course, the domain& server names)) :

The domain name [ourdomain] might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain [ourdomain]:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.[ourdomain]

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

[ourdomain]
. (the root zone)

For information about correcting this problem, click Help.

dcdiag /test:dns results

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Domctl1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DOMCTL1
      Starting test: Connectivity
         ......................... DOMCTL1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DOMCTL1

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DOMCTL1 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : [ourdomain]

   Running enterprise tests on : [ourdomain].local
      Starting test: DNS
         Test results for domain controllers:

            DC: Domctl1.[ourdomain].local
            Domain: [ourdomain].local


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone [ourdomain].local

               Domctl1                      PASS PASS PASS PASS WARN PASS n/a
         ......................... [ourdomain].local passed test DNS

hi,

we have only single domain in our forest with windows server 2008 r2 domain controller(only one domain controller)...no exchange in our environment...

we done the domain rename process using Windows Server 2008 R2 ADDS Domain Rename Operations Document.pdffounded here

everything went well until we proceed with the repadmin.exe /syncall /d /e /P /q Moneta command (Moneta is the DC name).  I get the error  

SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    The naming context specified for this replication operation is invalid.

Now the domain network in the server appears monetaks.com as the name that we wanted to be but the computers joined before with the old name cannot work through out this. Also when we look in the properties of the computer the domain apperars

Computer Name: Moneta

Full computer name: Moneta.testsrv.com 

Domain: monetaks.com (testsrv is the old name of domain, the one that we want to change)

but the document that we followed says that it should looks like: 

Computer Name: Moneta

Full computer name: Moneta.monetaks.com 

Domain: monetaks.com

any idea about this?

Thanks in advence

Hello,

Just a quick sanity check to make sure I am not ovelooking something serious here.

We are using ADAMSync to populate proxy user objects into AD LDS from production AD.

Currently we have 2 AD LDS Servers in the configuration set, and a data centre move means adding a new one, and retiring one of the old ones, & moving ADAMSync form the old instance to a new one.

We will be using the same ADAMSync configuration XML, and I am presuming that nothing nasty is going to happen to the data in AD LDS when it is moved to the new server, and the full sync runs the first time ?

I am pretty sure it will be fine, and the initial full sync on the new server just builds the state cookie for the dirsync ldap control, and it will run delta syncs after that, but want to be sure I havent overlooked anything that may damage the Data already in AD LDS.

Regards