Since shutting down one DNS Server on our secondary site in domain 1 users in Domain 2 are being prompted for a login and password when trying to access file shares in Domain 1 in our primary site. However if they enter the credentials they are logged in with into the login prompt it allows them through, if we try connecting by IP address rather than FQDN we can connect without being prompted. I can't turn the DNS Server back on as it is being relocated, However our Primary site does have two secondary DNS servers.<o:p></o:p>

DNS is still resolving from the workstations correctly in Domain 2 and is also appears to be resolving correctly from the File server in Domain 1, we have tested this by running a nslookup on the File server in domain 1 and it lists the correct DNS servers and can resolve.<o:p></o:p>

Hello,

While researching one problem, I managed to create another problem.

For some time I have issues with my WinXp workstations, they were not always able to 

locate the logon script. See error in document marked sta3.txt. I thought the problems 

was do to the workstations not being able to see the all of the mounts, i.e. \SYSVOL\staging\domain.

The domain was missing in this mount so I copied the domain.com into staging.

Now I can no longer edit my logon scripts and now I am finding that the scope of the read only rights exists for

my entire domain. I running active directory on Win2003 server. I have 5 winxp as workstations.

Files

I've tried to dcpromo a new Windows 2008 server installation to be a Domain Controller, running in an existing domain. I am informed that, first, I must run adprep/forestprep ("To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the Windows\sources\adprep folder".

Trouble is that adprep/forestprep says that:

Adprep cannot run on this platform because it is not an Active Directory Domain Controller.
[Status/Consequence]
Adprep stopped without making any changes.
[User Action]
Run Adprep on a Active Directory Domain Controller.

So, which needs to be installed first (they cannot really be dependent upon each other), and how do I go about completing this?!

Thanks

Stephen Simpson

When we are copy a user from dsa.msc for creating a new user. Some attrs are copied and some attrs are not copied.

What is the reasons behind that & can I have a list for those attrs(can copy & can not copy)?

There is a reason for that, forward & backwardlink but need the details.

Thanks in advance & so far.

Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

Hi There,

We are transitioning our 2008R2 DC to 2012.

For a start I will explain our setup.

1 x 2008 R2 DC/DNS/DHCP in the Central Office ( Server 01 )

6 x mixture of 2008 and 2008 R2 DC/DNS/DHCP in Branches ( lets say Server 03 to server 08 )

All sites are connected via VPN and can resolve each other.

------------------------------------------------------------------------

We added a Windows 2012 to the Central office as an additional DC with DNS and DHCP names Server 02 ( DHCP currently disabled as 2008 DC is giving addresses)
When the setup ask to replicate for the first time we chose Server 01. After reboot, we saw that changes wasn't replicating from server 01 to server 02.

In our inter site replication, Server 01 replicate to and from Server 03 - 09.

In the new server 2012, We had errors saying that dfs couldn't replicate the system volume as no connection were found. We then added a manual connection from server 01 to server 02 and it fixed the problem. ( is that customary that intra site connection need to be created manually? )

Tested some user and dns creation and changes replicate across all DCS. ( Server 01 replicate to and from Server 02 - 09 and Server 02 replicate to Server 01)

Now if I need to get rid of the 2008 Server ( Server 01 ) do I just need to move the fsmo roles to the 2012 Server, unauthorized DHCP from Server 01, Configure DHCP on Server 02, Configure clients to point to Server 02 for DNS, demote Server 01 and then change the intersite replication to go to Server 02 or is there something I missed?

Below some repadmin commands from 2012 Server:

repadmin /replsummary

Source DSA          largest delta    fails/total %%   error

 Server 01                 24m:37s    0 /  40    0 

 Server 02                05m:11s    0 /   5    0 

 Server  03                  50m:11s    0 /   5    0 

 Server 04                 50m:10s    0 /   5    0 

 Server  05             32m:31s    0 /   5    0 

Server  06             50m:09s    0 /   5    0 

Server 07                 50m:07s    0 /   5    0 

 Server  08                 50m:06s    0 /   5    0 

Server 09                  50m:05s    0 /   5    0 

 Destination DSA     largest delta    fails/total %%   error

 Server 01                 50m:11s    0 /  40    0 

 Server 02                08m:58s    0 /   5    0 

 Server 03                  24m:41s    0 /   5    0 

 Server 04                  24m:43s    0 /   5    0 

 Server 05                 24m:38s    0 /   5    0 

 Server 06               24m:42s    0 /   5    0 

Server 07                     :46s    0 /   5    0 

Server 08                  08m:59s    0 /   5    0 

Server 09                  24m:40s    0 /   5    0 

 ------------------------------------------------------------

Repadmin /Syncall /A /e /P

Syncing all NC's held on SERVER02.

Syncing partition: DC=DomainDnsZones,DC=test,DC=local

CALLBACK MESSAGE: The following replication is in progress:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

Syncing partition: DC=ForestDnsZones,DC=test,DC=local

CALLBACK MESSAGE: The following replication is in progress:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

Syncing partition: CN=Schema,CN=Configuration,DC=test,DC=local

CALLBACK MESSAGE: The following replication is in progress:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

Syncing partition: CN=Configuration,DC=test,DC=local

CALLBACK MESSAGE: The following replication is in progress:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

Syncing partition: DC=test,DC=local

CALLBACK MESSAGE: The following replication is in progress:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: a9cd3b13-503d-42d8-8b6b-7e77804dccc0._msdcs.test.local

    To  : 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 1cbb1e44-92fb-4957-a8b3-8dff670df71a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c78e08b1-22c1-4197-972f-0006c8ab1894._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : c53d5eb9-3739-4dff-8f76-ef89a2d5d084._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 8f147a7c-ff28-414e-8594-df4a036a72fe._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 29a78542-2c13-498a-add3-b192e5051aa7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 3a5a0b65-357c-4b90-8e7e-7072a2514e7a._msdcs.test.local

CALLBACK MESSAGE: The following replication is in progress:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: The following replication completed successfully:

    From: 5e409b5b-eb2e-4b29-961e-9d8205aab8d6._msdcs.test.local

    To  : 6d99b98f-7d1a-4944-8073-e96717ace2d7._msdcs.test.local

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

 Thank you for your time reading and don't hesitate to ask any questions, I will try to answer them to the best of my knowledge.

David

OK...I've read the articles and the consensus is that it's OK to use the loopback OR the actual IP address on the DNS settings for the IP properties of the DC's network connection as long as the loopback isn't at the top of the list. But what about putting the actual IP address of the DC you're configuring at the top of the list? I've inherited a couple of Windows 2008 R2 servers that are both DCs and the guy who set them up is using each DC's IP address at the top of the list of DNS servers in the TCP/IP properties and the IP of the other DC as secondary.

If it's not OK to list the loopback first, why would it be OK to list it's own actual IP address first?

TIA

Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP

Your company has a main office and a branch office. The branch office has an Active Directory site that
contains a readonly
domain controller (RODC).
A user from the branch office reports that his account is locked out. From a writable domain controller in
the main office, you discover that the user's account is not locked out.
You need to ensure that the user can log on to the domain.
What should you do?
A. Modify the Password Replication Policy.
B. Reset the password of the user account.
C. Run the Knowledge Consistency Checker (KCC) on the RODC.
D. Restore network communication between the branch office and the main office.
Answer: D

i think the answer is A 

I am in the process of planning on setting up a couple of servers at a remote location (starting with Data Protection Manager 2012) that require access to AD and DNS.  As the remote servers and my current DCs and DNS servers will be on separate subnets, do I need to create a new site within my current AD setup? At present we only have the default site and all DCs are located within that.

The operation failed because:The path chosen for the system volume is not accessible. Please either manually delete the contents of the path or choose another location for the system volume."The directory is not empty."

Regards Sayan

I am really at my wits end here. Im wanting to completely restart (create new) our domain from scratch. It has been patched and patched again before I started here and a lot of issues have been resolved improperly (again, before I started here). But I need to get communication working for now and worry about a real solution later.

Our current problems:
Some shares can be accessed using \\servername others I have to use the IP address (\\192.168.10.1).
Some cannot be accessed using the IP address
None can access using the servers FQDN
Can ping server name and it will resolve to the correct IP address.

Our DC that does DNS has been riddled with errors since yesterday morning. 
Event IDs:

4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
4004
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
4013
The DNS server was unable to open the Active Directory.  This DNS server is configured to use directory service information and can not operate without access to the directory.  The DNS server will wait for the directory to start.  If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.
4000
The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Restarting the service, server, etc, has had no effect. This server's share can only be access via IP address. Forward and Reverse Lookup Zones are empty. I cannot add zone as I get the follow error: 
The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required directory partition does not exist. Only Enterprise Administrators have the appropriate permissions to create an application directory partition. 

I am going to be jumping all over the place here because I believe these issues are related.

On the above server, in AD Users and Computers, this server is the RID, PDC, and Infrastructure masters. But when I am looking at the operations masters from another DC, it lists itself as the mentioned operations masters. Our 3rd and 4th DCs just have the operations managers listed as 'ERROR'.

The first DC has the following Event ID listed in event viewer -> Directory Services: Event 1925

The attempt to establish a replication link for the following writable directory partition failed. 

Directory partition: 
DC=xxdomain,DC=og 
Source domain controller: 
CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxdomain,DC=og 
Source domain controller address: 
ca789808-5ab3-4aa8-aed9-ff16d5cea65b._msdcs.xxdomain.og 
Intersite transport (if any): 


This domain controller will be unable to replicate with the source domain controller until this problem is corrected.  

User Action 
Verify if the source domain controller is accessible or network connectivity is available. 

Additional Data 
Error value: 
5 Access is denied.

Also NTDS replication errors 2089, 2092, and 1864.

It seems like the 2 main DCs cannot communicate to each other. DC1 seized FSMO roles in the past. 

When I attempt to ad the DC2 to dnsmgmt of DC1, it says 'Access was denied'. But I was able to add DC1 to DC2 and I can view its details.

So frustrated, my brain is scrambled. Need to get this working today as I will be gone all the coming work week and there will be no one to work on it in my absence. Please let me know what logs I need to provide you. Thanks in advance.

Hello,

Our domain Windows 2008 domain function level.

I checked DFRS state, it’s ‘eliminated’ state with no error.

dfrsmig tool has never  been run before to change the state or migration from FRS to DFSR.

We have just two Windows 2008 DCs from the begining. 

But sysvol  folder is not syncronized. And we have several GPO update problems.

According to ‘DFSR  Management console diagnostic report’ DFSR services is  running properly.

According to dcdiag tool AD replication working properly.

Do you have any idea or have you ever met with a problem that?

Thanks...

Bosde 

Strange one here that I can't figure out.

We have a domain with just over 40 DC's in it.  This is due to having remote sites that each have a DC in them.

Replication is working fine according Sonar and FRSDiag.

The issue I have is that there is one file that we need to remove from SYSVOL that will not go from just 2 of the DC's.  All other DC's have removed the file but thses two will not delete it.  If I delete the file from one of them it comes staight back under a F5 refresh.  This happens on each of the two DC's.

Strange thing is this file is not getting replicated to all the other DC's even though replication is working.  I have tested this by creating a new file on a DC and watching as it is replicated to all the other DC's with no problems.  I can also delete this test file with no problems.

Anyone got any idea why this one particular file will not delete of just two of the DC's in the domain??

I am lost with this one now!

Rob

I wanted to check to see what AD accounts i could delete.  Sometimes HR doesn't tell me when PT employees leave.  I found this script.

' List last logon times 
On Error Resume Next 
sEnterDCs = "DOMAINCONTROLLER" 
sObjects = Split(sEnterDCs, ",") 
Set oDomain = GetObject("WinNT://" & sObjects(0)) 
oDomain.Filter = Array("User") 
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine 
For Each oDomainItem In oDomain 
sUsrLogin = oDomainItem.LastLogin 
If UBound(sObjects) >= 1 Then 
For ii = 1 To UBound(sObjects) 
Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user") 
If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin 
Next 
End If 
WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin) 
Next

Well the issue is there are lastlogintimes on accounts in the past few weeks i know have not been accessed in a year or so.  What could be doing this? Is it my Backup or antivirus software?  is is Exchange?  We run W2k8 as our forest level and Exchange 2010. Thanks.

Hi Sir/Mdm,

           I will like to know if it is possible to migrate users in one domain to another domain without trusting the domain.  kindly advise.

           Thanks.

Regards

Lee Tong

I have all windows server 2008 r2 sp1 ent servers for my domain controllers, 2 in two different sites and 2 in my main site. Forest and domain functional levels are both "windows server 2008 r2". In DNS I have Forward lookup Zones scavenging set to 7 days the default and in my Reverse lookup zones i have scavenging set to 3 or 7 days on a few subnets.

Here is my issue that DNS isn't scavenging stale records, I'm finding that when we decommission a computer its dns record stays and is never deleted. 

What can I look at to ensure that stale records are removed after 7 days in DNS?

Thanks,

While restarting ntfrs service getting event id : 13568 and below event details.

Event Type:Error

Event Source:NtFrs

Event Category:None

Event ID:13568

Date:1/18/2012

Time:6:41:28 PM

User:N/A

Computer:MDC

Description:

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR. 

 Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" 

 Replica root path is   : "c:\windows\sysvol\domain" 

 Replica root volume is : "\\.\C:" 

 A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons. 

 [1] Volume "\\.\C:" has been formatted. 

 [2] The NTFS USN journal on volume "\\.\C:" has been deleted. 

 [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal. 

 [4] File Replication Service was not running on this computer for a long time. 

 [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:". 

 Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state. 

 [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service. 

 [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set. 

WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again. 

To change this registry parameter, run regedit. 

Click on Start, Run and type regedit. 

Expand HKEY_LOCAL_MACHINE. 

Click down the key path: 

   "System\CurrentControlSet\Services\NtFrs\Parameters" 

Double click on the value name 

   "Enable Journal Wrap Automatic Restore" 

and update the value. 

If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hello All,

After installing some updates (12th December) we noticed that one of our AD servers was running out of storage space and RAM utilisation had reached 90% - on investigation we found that the NTDS database was 49GB in size!

Environment:
- 2x Windows Server 2008 R2 running as Virtual Machines; only two domain/DNS servers in the architecture
- Each has 12GB RAM and 8 cores
- 200 AD users, nothing special...
- Tombstone lifetime 180 Day default

So Far:
I have cloned the VMWare servers into an isolated network to play with - I have now spent 6 days on it to no avail (well; I got it down to 16GB with some serious hacks...). Here are some of the key things I have tried in many combinations:
- When the server reboots the RAM utilisation slowly creeps back up to 90% utilisation for lsass.exe
- I have tried offline defrag; this actually makes the database bigger by 2GB...
- Tried 'Semantic Database Analysis' which outputs the following (from this it looks like there are a lot of objects which are deleted but not removed):

Summary:
Active Objects: 5930
Phantoms: 4580
Security descriptor summary:
SD count: 181
Total SD size before single-instancing: 20715440 Kb
Total SD size after single-instancing: 182 Kb

- Tried lowering the 'tombstone lifetime' to 2 days; obviously didn’t change the size after online defrag - after offline defrag the file size reduced to 16GB (on one occasion) and 30GB (on another occasion). So there are definitely a lot of dead objects...

- Running 'esentutl /ms c:\windows\ntds\ntds.dit' reveals:

------------------------------------------------------------------------------------------------
C:\Users\Administrator.server>esentutl /ms c:\Windows\NTDS\ntds.dit

Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.1
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating FILE DUMP mode...
         Database: c:\Windows\NTDS\ntds.dit

******************************** MSysDefrag DUMP ***********************************
            ObjidFDP: 2
           OLDStatus: NULL
   PassStartDateTime: 05/01/2013 01:19 (0x1cdeae2b91886e3)
  PassElapsedSeconds: 3324
     PassInvocations: 1
    PassPagesVisited: 3986066
      PassPagesFreed: 372
   PassPartialMerges: 90
         TotalPasses: 1204
 TotalElapsedSeconds: 7387
    TotalInvocations: 1210
     TotalDefragDays: 1204
   TotalPagesVisited: 199486704
     TotalPagesFreed: 2774
  TotalPartialMerges: 38345

******************************** SPACE DUMP *****************************************
Name                    Type    Owned(MB)     %OfDb  %OfTable    Avail(MB) Avail
%Tbl
=====================================================================================
c:\Windows\NTDS\ntds.di  Db     47998.876   100.00%              16405.461

  datatable              Pri    31589.336    65.81%   100.00%      348.227     1.10%
    Ancestors_index      Idx      790.329     1.65%     2.50%        0.180     0.00%
    DRA_USN_CREATED_ind  Idx      386.055     0.80%     1.22%        0.711     0.00%
    INDEX_00000000       Idx      475.383     0.99%     1.50%        1.376     0.00%
    INDEX_00020013       Idx      259.149     0.54%     0.82%       11.899     0.04%
    INDEX_00020078       Idx      256.446     0.53%     0.81%        4.110     0.01%
    INDEX_00090001       Idx     3057.274     6.37%     9.68%        1.422     0.00%
    INDEX_00090002       Idx     1092.477     2.28%     3.46%       85.141     0.27%
    nc_guid_Index        Idx     1097.086     2.29%     3.47%        4.469     0.01%
    PDNT_index           Idx     3059.055     6.37%     9.68%        1.329     0.00%
Note: Some small tables/indices were not printed (use /v option to see those smaller than 0.5% of the database).
-------------------------------------------------------------------------------------

    Enumerated 12 Tables ( 108 Internal Trees, 2 Long Value Trees, 156 Secondary Indices )

    Pages 6143856 ( 3981829 Used (64.8%), 2162027 Available (35.2%) )

    Note: This database is over 20% empty, an offline defragmentation can be used to shrink the file.

Operation completed successfully in 1.498 seconds.

------------------------------------------------------------------------------------------------

Although a production system; I am happy to try anything on a cloned VM - if successful I am willing to schedule downtime to fix.

Any help would be greatly appreciated

Thanks

Matthew

Hi,

i m getting bellow error under "Directory Service" events on my every domain controller...

pls. help me to sort this out.

-------

This is the replication status for the following directory partition on this directory server. Directory partition:CN=Configuration,DC=Domain ,DC=com This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals.

More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
0

---------------------

repadmin /showvector /latency DC=domain,DC=Com  shows bellows..

2851c3ac-1108-4aac-9608-a07d32c879e7 @ USN     41591 @ Time (unknown)
1223c1fc-1402-4b30-833f-c24ba17841b8 @ USN    185138 @ Time (unknown)
1e5c730d-eddc-4492-b909-b4a27fae2db7 @ USN      6619 @ Time 2005-10-31 12:58:30
7a922154-dc44-4efd-b4c4-6ca7d5644371 @ USN     22134 @ Time 2007-01-05 11:05:20
90ef3ee7-54ec-4696-881b-368368ea4f47 @ USN     16591 @ Time 2007-02-20 17:25:02
fa3c588b-6865-45e6-92d1-854767942944 @ USN   3621800 @ Time 2007-08-29 15:26:18
e66046a1-4a70-4538-9cc2-b50d50396825 @ USN    973525 @ Time 2007-11-23 10:52:12
308b9a54-bb7f-4f08-90b6-105365974da9 @ USN     51581 @ Time 2008-03-05 11:05:58
7e12d19d-6407-4546-920a-97346d2fe4a5 @ USN   1453417 @ Time 2008-05-12 18:26:23
0044325e-eb34-4067-9ddb-d76d8e926be2 @ USN  10195260 @ Time 2008-05-12 19:07:57
948c7c7d-c535-42dc-8f03-bd17548242c8 @ USN   1432178 @ Time 2008-05-26 18:20:24
e3b0b895-9ebe-438b-a95a-af917286995b @ USN  10580025 @ Time 2008-05-27 17:22:15
d2b7e144-e1f8-4983-85d2-509227bca11d @ USN  10752012 @ Time 2008-06-02 22:22:15
283f3bea-a49f-4e23-b293-edbb4e801afc @ USN     41031 @ Time 2008-07-04 07:00:12
ee9a214a-7cb7-4493-9962-2e12032768d7 @ USN     53589 @ Time 2008-07-04 12:50:09
f998f4f5-5088-47ac-b425-8437550076a4 @ USN  10842471 @ Time 2008-07-08 15:15:13
7240d8dd-5230-4825-b2ac-f62505d5e678 @ USN   1630669 @ Time 2008-09-26 15:50:38
fd29e05f-d068-48e7-b391-512e5f91feb3 @ USN  20359052 @ Time 2009-06-15 09:04:42
626aed3b-6ab6-47c2-bbe1-6948d543a439 @ USN   6675257 @ Time 2009-06-15 09:06:02
aecb0b51-b38f-4e8d-a1d4-3c8409b3c2a6 @ USN   2669438 @ Time 2009-08-31 07:31:35
d47a4101-688f-4467-91ef-dca4ffacdf34 @ USN   3333066 @ Time 2009-12-11 09:20:25
25a579f2-e9db-4a65-9c87-4b9ef0c33538 @ USN   1776084 @ Time 2010-03-19 18:43:38
13caf359-e384-4f10-85bb-18a9645545b9 @ USN  12084560 @ Time 2010-03-24 17:41:13
15d09514-1108-44d0-85a5-8c8f05442d7d @ USN   1724423 @ Time 2010-04-07 15:52:43
9aac8154-4bd7-4942-9eee-cdada4ee13b9 @ USN     57349 @ Time 2010-10-28 10:29:44
c1638603-067d-4b56-99db-8c951dee801d @ USN  19403280 @ Time 2011-01-06 18:58:50
a1b069a1-355d-4018-97e0-72cfdb69e6c7 @ USN  11165974 @ Time 2011-01-12 15:39:08
7a7ce435-2f93-4dd1-95d9-67d623f9a666 @ USN    823756 @ Time 2011-01-27 15:15:27
b0214bbd-503a-4771-9736-ff436f4fd5dc @ USN     90285 @ Time 2011-01-31 16:13:29
558a28f3-e4b8-455c-a9d2-dda8ea32a77a @ USN   5220516 @ Time 2012-08-21 11:07:09
LofacBranch\TECHMAIN                 @ USN   1457345 @ Time 2012-12-21 11:58:20
Cotta-Road\LCRMAIN                   @ USN   1724284 @ Time 2012-12-21 11:58:23
CLC-Head-Office\CLCMAIN              @ USN   8042487 @ Time 2012-12-21 11:58:23
XXXX-Head-Office\ROOTDC          @ USN  57482205 @ Time 2012-12-21 11:59:54
XXXX-Head-Office\ADC             @ USN  41784326 @ Time 2012-12-21 11:59:58
XXXX-Head-Office\PDC             @ USN  49975130 @ Time 2012-12-21 12:00:02

-------------------------------

Event Details:

----------------------------