Strange one here that I can't figure out.

We have a domain with just over 40 DC's in it.  This is due to having remote sites that each have a DC in them.

Replication is working fine according Sonar and FRSDiag.

The issue I have is that there is one file that we need to remove from SYSVOL that will not go from just 2 of the DC's.  All other DC's have removed the file but thses two will not delete it.  If I delete the file from one of them it comes staight back under a F5 refresh.  This happens on each of the two DC's.

Strange thing is this file is not getting replicated to all the other DC's even though replication is working.  I have tested this by creating a new file on a DC and watching as it is replicated to all the other DC's with no problems.  I can also delete this test file with no problems.

Anyone got any idea why this one particular file will not delete of just two of the DC's in the domain??

I am lost with this one now!

Rob

Nirmal Singh IT Administrator

I have all windows server 2008 r2 sp1 ent servers for my domain controllers, 2 in two different sites and 2 in my main site. Forest and domain functional levels are both "windows server 2008 r2". In DNS I have Forward lookup Zones scavenging set to 7 days the default and in my Reverse lookup zones i have scavenging set to 3 or 7 days on a few subnets.

Here is my issue that DNS isn't scavenging stale records, I'm finding that when we decommission a computer its dns record stays and is never deleted. 

What can I look at to ensure that stale records are removed after 7 days in DNS?

Thanks,

Hello, guys!

We got some strange behavior in our AD 2003.

We lost second account today, it was deleted and we found in Security Audit that it was deleted by machine account of Exchange 2010 CAS Server.

Any ideas?

Hi,

Now that we are no longer able to issue SSL SAN certificates with invalid fully qualidifed domain names like server1.mydomain.local, I'm thinking of having a different naming convention for new domains.

http://support.godaddy.com/help/article/6935

Previously, I would just use .local like server1.mydomain.local for internal and mail.mydomain.com for external.

Option 1 - keep them both the same:

-mail.mydomain.com (For both internal and external and I would have to make sure the external dns records are on the internal dns server as well)

Option 2 - keep them different

-server1.mydomain.net(internal)

-mail.mydomain.com (external)

Option 3 - use a sub-domain

-server1.ad.mydomain.com (internal)

-mail.mydomain.com (external

What do you recommend for the naming conventional for internal and external domain names? It doesn't have to be one of those options above. What's the best pratice?

Thanks

Hello all Microsoft geeks,

I am standing before renewal process for our production ADFS 2.0 farm - 2 servers and as proxy we use UAG server. I would like to ask you what is standard process for it if there is any. We use public CA certificates published by Verisign. Can I proceed this via renewal process in IIS on both servers? We use ADFS for own SSO applications between our company and partners. Do you have any experience with that? I have read some topics on the internet but i am not quite sure.

Thanks for each comment

Libor

Liibas

I am currently working on re-designing a 2008 Active Directory that I inherited from a previous admin. I plan to make changes to the OU structure, Group Policies, delegation of authority, etc. I am also planning to upgrade to 2012.

My question is...would it be better to complete the re-design before upgrading to 2012 or upgrade first and then work on the re-design?

Thanks,

Kenny

Kenny

Hi All,

I am starting a project of building a ded. server which will host Hyper-V. I am planning to place one DC as a VM inside Hyper-V (with the option set to start automatically). The other DC will sit outside as a physical server (1-2gb ram, small server). This is a dev environment only. 

Are there any issues with this?

Of course, I won't sync the time with Hyper-V etc. I am looking at posts such as this: http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/08/13/active-directory-in-hyper-v-environments-part-1.aspx  There are also plenty of threads about this sort of topic which I am looking at.

Thanks

Greetings everyone,

I was reading this article about Stub Zones vs Forwarders.

http://technet.microsoft.com/en-us/library/cc780434(v=ws.10).aspx

When adding the child domain to the forest, it created the child delegation for me.  The delegation is a static pointer to the child domain's DNS.  Stub zones are supposed to get around the need for static pointers to child domains.  Now that I've created a stub zone do I need to keep the child delegation?  Also, for the child domain, is conditional forwarding the official method of child-to-parent DNS lookups?

Thanks!

- S_B_

I have a one way trust with an external domain.  I am a domain admin on my domain and have a domain user account in the remote domain (domainA).  My domain (domainB) is trusting the remote domain.  We normally add users from domainA to domain local security groups in domainB.  This allows remote users to authenticate to application servers in domainB.  The AD upgrade process from 2003 server to 2008R2 has recently been started on both domainA and domainB.  Both domains are still 2003 functional levels.  DomainB has both 2008R2 and one 2003 DC.  

The problem is that when I try to open a security group in domainB, the SID's are not resolved to friendly names.  I have a wireshark capture of attempting to enumerate the objects that have been added to the security group from domainB (clicked on the "members" tab) and have seen the DC in domainB connect to a DC in domainA.  DomainA replies with a message: NCA_S_ACCESS_DENIED.  

The following failure audit recorded in the security event log of a DC in domainA: 

Failure Reason: Unknown username or bad password

I am confused why domainA would care about username/passwords when that domain has a trust established with domainB?  

Thanks in advance for the help. 

Hi all,

When I running DCDiag /test:DNS on server DC1 (IP Address 172.16.0.98, OS=Windows Server 2008 R2 SP1), I getting warning & Error

TEST: Basic (Basc)
                  Warning: adapter
                  [00000007] Microsoft Virtual Machine Bus Network Adapter has
                  invalid DNS server: 172.16.0.99 (DC2)
                  Warning: adapter
                  [00000007] Microsoft Virtual Machine Bus Network Adapter has
                  invalid DNS server: 172.16.0.98 (DC1)
                  Error: all DNS servers are invalid

TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network
               adapters

 Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 172.16.0.98 (DC1)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 172.16.0.98

            DNS server: 172.16.0.99 (DC2)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 172.16.0.99

Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain.com
               DC1                       PASS FAIL PASS PASS WARN FAIL n/a

         ......................... domain.com failed test DNS

Note: This server is a virtual machine from Hyper-V 2008 R2.... The NIC corrupted? Because I running all my client PC with command SET L, all are login to DC2....

But I can ping to DC1 without any issue....

JF

Users are unable to connect to Wifi, when verificated in RADIUS server (Domain Controller as well) found the below logs;

Authentication Details:
                Connection Request Policy Name:  Use Windows authentication for all users
                Network Policy Name:                   CORPWIFI
                Authentication Server:                  DCWIFI101.corporateroot.net
                Authentication Type:                     PEAP
                EAP Type:                                    Microsoft: Smart Card or other certificate
                Account Session Identifier:             -
                Logging Results:                           Accounting information was written to the local log file.
                Reason Code:                               259
                Reason:                                       The revocation function was unable to check revocation because the revocation server was offline.

If its problem with Certificates could you please help solving the same and how to check the validity of CRL and make sure its published to AD?

Mahesh

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = NTEDC01

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Paris\NTEDC01

      Starting test: Connectivity

         ......................... NTEDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Paris\NTEDC01

      Starting test: Advertising

         ......................... NTEDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... NTEDC01 passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... NTEDC01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... NTEDC01 passed test SysVolCheck

      Starting test: KccEvent

         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         A warning event occurred.  EventID: 0x8000061E

            Time Generated: 01/03/2013   15:23:58

            Event String:

            All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable. 


         An error event occurred.  EventID: 0xC000051F

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 


         A warning event occurred.  EventID: 0x80000749

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. 


         A warning event occurred.  EventID: 0x8000061E

            Time Generated: 01/03/2013   15:23:58

            Event String:

            All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable. 


         An error event occurred.  EventID: 0xC000051F

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 


         A warning event occurred.  EventID: 0x80000749

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. 



         ......................... NTEDC01 failed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... NTEDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... NTEDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... NTEDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... NTEDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... NTEDC01 passed test ObjectsReplicated

      Starting test: Replications

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=EUROPE,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:49:22.

            The last success occurred at 2012-12-22 02:47:54.

            300 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=EUROPE,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 15:06:06.

            The last success occurred at 2012-12-22 02:47:54.

            301 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:49:49.

            The last success occurred at 2012-12-18 07:47:58.

            391 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc


            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:49:58.

            The last success occurred at (never).

            42 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:02.

            The last success occurred at (never).

            24 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC03 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:04.

            The last success occurred at (never).

            8 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC02 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:25.

            The last success occurred at (never).

            4 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AMERICADC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:28.

            The last success occurred at (never).

            2 failures have occurred since the last success.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 15:06:13.

            The last success occurred at (never).

            385 failures have occurred since the last success.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:49:53.

            The last success occurred at 2012-12-18 08:47:59.

            390 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:36.

            The last success occurred at (never).

            42 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:39.

            The last success occurred at (never).

            24 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC03 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:42.

            The last success occurred at (never).

            8 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC02 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:49.

            The last success occurred at (never).

            4 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AMERICADC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:52.

            The last success occurred at (never).

            2 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 15:06:20.

            The last success occurred at (never).

            385 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         ......................... NTEDC01 failed test Replications

      Starting test: RidManager

         ......................... NTEDC01 passed test RidManager

      Starting test: Services

         ......................... NTEDC01 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 01/03/2013   15:20:37

            Event String:

            The SNMP Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

         ......................... NTEDC01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... NTEDC01 passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : EUROPE

      Starting test: CheckSDRefDom

         ......................... EUROPE passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... EUROPE passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.loc

      Starting test: LocatorCheck

         ......................... mydomain.loc passed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.loc passed test Intersite

Dear all,

Im facieng a replication issues bettwen difrent servers on the ADDS tomology and I need your help in order to solve it, please find attached copy of dcdiag output from the server where replication errors accured.

Thansk in advance for your help

I am trying to extend the AD LDS schema with LDIFDE and it is giving me a syntax error:

Connecting to "localhost"
Logging in as current user using SSPI
Importing directory from file "Test.ldif"
Loading entries.
There is a syntax error in the input file
Failed on line 1. The last token starts with 'ï'.
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please specify the log file path via the -j option.

I have looked at the LDIF file and I can't find anything obvious.  The error message is not that useful either.

dn: CN=Password-Question,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.124.113556.1.8000.2554.12372.15750.62716.18567.40207.13088528.6608499.1.1
adminDisplayName: Password-Question
adminDescription: One part of the reminder for the user when resetting their password
lDAPDisplayName: passwordQuestion
attributeSyntax: 2.5.5.12
oMSyntax: 64
rangeLower: 1
rangeUpper: 256
isSingleValued: TRUE
searchFlags: 0
systemOnly: FALSE

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

Any thoughts as to what is going on?

We have Hundreds of customers, many separated across several companies and OUs.

What I need is a Power Shell script to export existing user information (User Name, E-mail, Mailbox Size, Number of e-mails, Real Name, Creation Date, etc.) to a CSV sheet, Based on OU, Or Company name, or Domain.

Is this at all possible?

I am very new to Windows Power Shell and I have no idea where to start, especially considering of the potential of breaking something critical.

I asked in another thread about using ADMT to conduct a move from Windows 2003 domain to Windows 2008 R2

What about the option of just NOT migrating anything and manually recreating all new users in a brand new domain? 

Let's suppose I create a brand new domain, manually recreating all the usernames from the old domain (knowing they are all different) and going from there?  Are there any advantages/disadvantages to doing that?  I also have a file server and an Exchange 2003 server in the old domain as well.

Cal Miyatake

Hi, i am trying to use Excel 2007 to open Active Directory - showing users / computers / groups in Excel.
I would like to open Actice Directory via "Get external data". If i try to connect to Active Directory i cant find the right driver (ODBC) for Active Directory.
Is there a way to use Excel 2007 (or newer) as a frontend to show up all active directory content (users / computers / groups / printers) directly ?

Kind regards,
Thoralf

Hi,

I've few problems in my domain environment. Please help me to resolve this issue.

The domain setup as follows - One forest and One domain. Within a domain 4 DCs running with WS08 R2 SP1.

2 DCs in Australia and 2 DCs in US. PDCe located in Australia.

Output of dcdiag /e /q as follows -

            NtFrs Service is stopped on [SVAUAD01]
         ......................... SVAUAD01 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVAUAD01 failed test frsevent
         Some objects relating to the DC SVAUAD01 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVAUAD01 failed test VerifyReferences
            NtFrs Service is stopped on [SVAUAD02]
         ......................... SVAUAD02 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVAUAD02 failed test frsevent
         Some objects relating to the DC SVAUAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVAUAD02 failed test VerifyReferences
            NtFrs Service is stopped on [SVUSAD01]
         ......................... SVUSAD01 failed test Services
         Some objects relating to the DC SVUSAD01 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVUSAD01 failed test VerifyReferences
            NtFrs Service is stopped on [SVUSAD02]
         ......................... SVUSAD02 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVUSAD02 failed test frsevent
         Some objects relating to the DC SVUSAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVUSAD02 failed test VerifyReferences

Output of dcdiag /v /c /d /s:DC_Name (Copying only error messages & see if that helps)

Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   14:40:10
            (Event String could not be retrieved)
         ......................... SVAUAD01 failed test frsevent

Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
            NtFrs Service is stopped on [SVAUAD02]
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SVAUAD02 failed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SVAUAD02 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SVAUAD02 is in domain DC=spendvision,DC=com
         Checking for CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com in domain DC=spendvision,DC=com on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com in domain CN=Configuration,DC=spendvision,DC=com on 4 servers
            Object is up-to-date on all servers.
         ......................... SVAUAD02 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SVAUAD02 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Error Event occured.  EventID: 0x00001057
            Time Generated: 01/02/2013   10:00:23
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:05:44
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:06:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:19:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:20:32
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:12:39
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:41:38
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:57:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/02/2013   14:26:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/02/2013   14:55:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/03/2013   06:19:47
            (Event String could not be retrieved)
         ......................... SVAUAD02 failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SVAUAD02 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:23:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:24:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:24:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:25:20
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:25:58
            (Event String could not be retrieved)
         ......................... SVAUAD02 failed test systemlog
      Starting test: VerifyReplicas
         ......................... SVAUAD02 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com and backlink

         on

         CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com

         are correct.
         Some objects relating to the DC SVAUAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            The system object reference (serverReferenceBL)

            CN=SVAUAD02,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=spendvision,DC=com

            and backlink on

            CN=NTDS Settings,CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com

            are correct.
         ......................... SVAUAD02 failed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN

         references.  Note, that  these problems can be reported because of

         latency in replication.  So follow up to resolve the following

         problems, only if the same problem is reported on all DCs for a given

         domain or if  the problem persists after replication has had

         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [2] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [3] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [4] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            LDAP Error 0x5e (94) - No result present in message.
         ......................... SVAUAD02 failed test VerifyEnterpriseReferences

On top of this, there are "n" number of DFSR warning messages in Administrative Events on 3 DCs. The warning message - “DFS Replication service is stopping communication with partner SVAUAD01/AD02 for replication group domain system volume due to an error”. Event id - 5014

The above warning message also appears in SVUSAD01.

Please let me know how to resolve these issues.

Thanks,

Saravana