Hi,
I need to find out which user from the csv file has password never expires set in AD. I tried the below but no luck (I am not a scripting guy and I tried the below with my own in fact). Please help me.
import-csv "C:\accounts.csv" | ForEach-Object {Get-ADUser -properties passwordneverexpires} | select-object name,samaccountname,passwordneverexpires | Out-File c:\users_pwd_ne.txt
-Umesh.S.K
I have 3 sites. It seems that PC's that aren't at the HQ keep thinking they are in the HQ site.
I did the following from a remote site:
nltest /DSGETDC:<domain>
and within NSLOOKUP:
set q=SRV
_ldap._tcp.<site name>._sites.dc._msdcs.<domain name>
They all point to the HQ DC, not the local one.
Looking in DNS, there are SRV records for the local site.
Another thread says:
"That can happen when site-local DCs aren't available or there were no
site-local DCs and they got introduced later. AD has a site-autocoverage
mechanism that covers DC-less sites with DCs from other sites."
That might be the issue as the other two sites were added later. How do I fix?
Hello,
Which Domain Controller Audit Policy can help to capture an act of Active Directory Promotion or Demotion .
Thanks in anticipation for the help
Akinzo
I work in the tech dept of a school district. I'm not super familiar with active directory and group policy yet, but know the basics.
Physically, each school has a bunch of printers throughout the building.
In active directory, we have containers by school, then by room, and in each room we have the PCs. Each room has its own GP, assigning the PCs all printers and designating the default printer for that room.
So for example, say the middle school has 10 printers, and 10 rooms. There is a separate gpo for each room, and that gpo installs all 10 of the buildings printers and sets the default printer.
Ok, on to the question...I installed a new printer on the network. How can I add that printer to multiple gpo's? I don't want to import gpo settings bc that will overwrite the default printer setting for each room; and I don't particularly want to manually edit each gpo to add this new printer (though I believe that's how its been done in the past before I arrived).
Any suggestions on adding a single 'create printer' line to a selection of multiple group policy objects? Thanks!
We are moving from one domain to another.
Long story....my end goal is to have a made up Universal security group in the new domain to have the SIDHistory of "Domain Users" in the old domain. We have full 2 way trust, and everything is fine, accept, a share that permissions are revolving around "Domain Users"
I have tried
ADSIEDit, powershell, and took a look at the SIDCloner.
Please, anyone. Help!
Hello Experts,
I wanted to update certain files like Employee ID, Manager and office address of close to 500 users' property in AD. Is there any way to achieve this goal in a bulk like power shell script or something? I have a .CSV file which contains all required details of the users. Any help is appreciated.
Thanks,
Sim
I'm installing a 2008R2 DC on my network with 2 other existing 2003 servers. I set up AD on the 2008 server and ran DCDIAG /v /c /d /e on one of the 2003 machines.
The 2008 server only did the AUTH part of the DNS and it returned:
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
[Error details: 5 (Type: Win32 - Description: Access is denied.)]
Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.
Total WMI connection time:0 min. 0 sec. Total Netuse connection time:0 min. 0 sec.
We are not running BIND , the firewall is disabled on the 2008 server, there is no AV on the 2008 server but there is AV one of the 2003 servers but not the one that I ran the DCDIAG on.
We have an environment with a presence in AL and in FL. In each state we have about 14 physical sites in different cities. Currently we have one site in AD for each state. Then we have multiple subnets reflecting each branch office in each city within that state assigned to the respective site. A couple of the bigger offices in each state have a DC onsite and the smaller offices do not. So when users in the smaller offices log on to the network they will authenticate with servers in different cities sometimes regardless if there is a DC in their local site or not. I have since created a couple new "Sites" for a couple of the cities that have a DC on site, associated the respective subnet to that site and added the appropriate server to the site as well. Since then, when logging on to a computer in a specific site I am only authenticating to the LOCAL DC only. This would seem to me to be a more efficient way for users to authenticate and perhaps speed up logons for users. So my question is being the links between these different offices are not that fast is there any problem with me creating a site for each of the offices and put a DC in that office and creating a seperate site for it to make sure each users logs on using the DC in their respective site instead of using DNS servers and DC's in a different city from where they physically reside?
Thanks!
Chad Guiney
Hi
how create a new user on (Active Directory Users and Computers) and set network access permission allow access on command line on windowsserver 2012
Run this command in cmd create a new user and Automatically set network access permission allow access
Forest trust Dom1.net and Dom2.net
Domain local group on DOm2.net called "Share01"
Global group in Dom2.net called "Manager"
There is user account called user01 that is member of the global group "Manager"
A GPO called user.<g class="gr_ gr_663 gr-alert gr_gramm gr_run_anim Grammar multiReplace" data-gr-id="663" id="663">default</g> map a network share using GPP Preference with <g class="gr_ gr_626 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="626" id="626">Item level</g> targeting. If user is member of group "Share01" than map the network share \\fileserver.dom2.net\share01
If the user User01 log on to a workstation joined to dom1.net domain, the network drive is NOT mapped.
If I change the group Share01 to universal, the network drive is mapped
If I remove the Item level targeting, the network drive is mapped.
Hereby an extract of the <g class="gr_ gr_1537 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="1537" id="1537">gpp</g> map drive logging and tracing:
"
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Set system security context.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ----- Parameters
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] CSE GUID : {5794DAFD-BE60-433f-88A2-1A31939AC01F}
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Flags : ( ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( X ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Token (computer or user SID): S-1-5-21-864503969-1329322538-1477909547-1115
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Abort Flag : Yes (0x00264140)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] HKey Root : Yes (0x00000240)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Deleted GPO List : No
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Changed GPO List : Yes
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Asynchronous Processing : Yes
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Status Callback : Yes (0xfa6525b0)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] WMI namespace : No (0x00000000)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] RSoP Status : Yes (0x0190ed58)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Planning Mode Site : (none)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Computer Target : No (0x00000000)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] User Target : No (0x00000000)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Calculated session relevance.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Completed CSE pre-processing.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Deleted GPO list is not relevant to the CSE.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Calculated list relevance.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Planning mode not detected.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Processing changed list.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Processing user policy.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Got WMI namespace for logging mode.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Completed get GPO list.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Initialized internal RSoP storage.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Completed GPO list pre-processing.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ----- Changed - 0
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Options (raw) : 0x00000000
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Version : 2424869 (0x00250025)
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] GPC : LDAP://CN=User,cn={128A20A7-D1FE-4583-B684-A474DE46E0A8},cn=policies,cn=system,DC=ulss5,DC=net
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] GPT : \\ulss5.net\SysVol\ulss5.net\Policies\{128A20A7-D1FE-4583-B684-A474DE46E0A8}\User
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] GPO Display Name : User.default
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] GPO Name : {128A20A7-D1FE-4583-B684-A474DE46E0A8}
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] GPO Link : ( ) GPLinkUnknown - No link information is available.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPLinkSite - The GPO is linked to a site.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GPLinkDomain - The GPO is linked to a domain.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] ( ) GP Link Error
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] lParam : 0x00000000
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Prev GPO : No
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Next GPO : No
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Extensions : [{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}]
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] lParam2 : 0x0028a2f8
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Link : LDAP://OU=Users,OU=_Site01,DC=ulss5,DC=net
2016-10-25 14:21:56.168 [pid=0x3f4,tid=0x998] Variable %GPHPATH% = "C:\ProgramData\Microsoft\Group Policy\History\{128A20A7-D1FE-4583-B684-A474DE46E0A8}\S-1-5-21-864503969-1329322538-1477909547-1115"
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed get GPH path.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed set extensions.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed get GPO is relevant.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Variable %GPTPATH% = "\\ulss5.net\SysVol\ulss5.net\Policies\{128A20A7-D1FE-4583-B684-A474DE46E0A8}\User"
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed get GPT path.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed RSoP init.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed get next GPO.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed check GPO license usage.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed GPO pre-processing.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Started removing policy.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Read GPH data file.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed parse of GPH XML.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed get tree root.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Deleted GPH data file.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Started package execution.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Set package timestamp variable (2016-10-25 12:21:56).
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Starting class <Drives>.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] RunOnce value created [SUCCEEDED(S_FALSE)]
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Handle Children.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] {935D1B74-9CB8-4e3c-9914-7DD559B7A417}
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Starting class <Drive> - I:.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Policy is not flagged for removal.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed class <Drive> - I:.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed class <Drives>.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed package execution.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed execution of removal package.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Completed remove GPH.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Started applying policy.
2016-10-25 14:21:56.184 [pid=0x3f4,tid=0x998] Set user security context.
2016-10-25 14:21:56.199 [pid=0x3f4,tid=0x998] Opened file.
2016-10-25 14:21:56.199 [pid=0x3f4,tid=0x998] Got file size.
2016-10-25 14:21:56.199 [pid=0x3f4,tid=0x998] Created file buffer.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed read file data.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Terminated file buffer.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Closed file handle.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Read GPE XML data file (833 bytes total).
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set system security context.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed parse of GPE XML data.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed loading of package.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed get tree root.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Started package execution.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set package timestamp variable (2016-10-25 12:21:56).
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Starting class <Drives>.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] RunOnce value created [SUCCEEDED(S_FALSE)]
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Handle Children.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] {935D1B74-9CB8-4e3c-9914-7DD559B7A417}
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Starting class <Drive> - I:.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Starting filter [OR FilterGroup].
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Adding child elements to RSOP.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set user security context.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set system security context.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Failed filter [FilterGroup].
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Starting filter [OR FilterGroup].
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Adding child elements to RSOP.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set user security context.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Set system security context.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Failed filter [FilterGroup].
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Filters not passed.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed class <Drive> - I:.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed class <Drives>.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed package execution.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed execution of apply package.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Update GPH : apmCreateFoldersEx
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Update GPH : xmlRemovalPackage
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Update GPH : apmWriteFile
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Updated GPH.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed apply GPO.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed GPO post-processing.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] RSoP namespace not initialized.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed GPO list post-processing.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed get GPO list. [SUCCEEDED(S_FALSE)]
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] Completed CSE post-processing.
2016-10-25 14:21:56.230 [pid=0x3f4,tid=0x998] User impersonation uninitialized.
2016-10-25 14:21:56.276 [pid=0x3f4,tid=0x998] Leaving ProcessGroupPolicyExDrives() returned 0x00000000
2016-10-25 14:21:56.276 [pid=0x3f4,tid=0x998]
"
The workstation is Win 7 SP1. Domain and forst functional level are W2008R2.
Any ideas?
Thank you
Enrico
Hi,
I have a root domain with 3 DC's. All DC's are windows 2012r2, forest and domain level are Windows 2003. All DC's ar GC, FSMO roels are situated on one DC. Everything is working fine except root share. If i browse to \\domain.local it asks for credentials. If i enter them, it still does not authenticate. After some time share becomes browsable, then again - not browsable. It happens on all DC's. If i browse \\Dc or \\domain.local\sysvol or \\domain.local\netlogon - everything is ok. No errors in event logs, everthing is replicating fine. From some servers on the same network i can browse \\domain.local share all the time, from some its not browsable at all. I looked through DNS - everything seems correct. All needed entries and zones are there. I also have 3 child domains with their own DC's and root share there works fine. Any ideas?
Hi,
I have 2 Windows serve 2016 DC + GC with functional level 2012 R2, I backup both with Symantec System Recovery (full image - the HDD is one single partition, no separate system partition), then I raised the forest functional level to 2016. After that I faced some authentication problems with other servers and workstations. I restored the 2 DC from their backup images.
Now it give this error: You cannot modify domain or trust information because a Primary Domain Controller (PDC) emulator cannot be contacted. Please verify that the PDC emulator for the current domain and the network are both online and functioning properly.
Please, any help is appreciated.
TIA
We are developing a LDAP authentication against Active Directory, we met the follow errors, although the username and password are correct.
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
The user detail is: CN=Peter\, Lia\ ,OU=DEV,OU=HK_U,OU=cita,OU=US,DC=achtest,DC=local
As you may saw, the last name of this user has a backslash, plus a space in CN, we guess it may be the problem, since other users don't have this problem if the last name of users don't have a backslash and a space.
However we don't know how we can add a new user to duplicate this issue, since it's not way to add a new user with space in the end of name, the Active Directory will auto trim the space when system save the new user to database.
My questions are:
1. Do you have this kind of experience? Any idea to resolve?
2. How we can add a new user with a space in the end of last name? and then we can replicate this issue again?
Thanks in advance!
Bright.
Dear Support,
We have 3 domain controller and dc02 shutdown.
dc03 and dc04 is active domain controller but when we runn the command dcdiag /fix getting this alert and unable to create the policy in group policy replication issue
The File Replication Service is having trouble enabling replication from DC02 to DC04 for c:\windows\sysvol\domain using the DNS name DC02.domain.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC02.domain.com from this computer.
[2] FRS is not running on DC02.domain.com.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
Regards
Support Request
My domain has a trust setup via a VPN connection with a outside vendor that host a database\IIS app. We have two DCs on their side that users are are auth against. Lately we have been seeing auth failures. In looking to the problem I found our secure channel is broken. Could this cause user authentication problems?
nltest cmd ran on my PDC
nltest /sc_verify:mydomain.com
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERSnltest /sc_query:mydomain.com
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Jason
Hello,
We have 3 sites and each site we have 2 DC's
All are GC's and in 3 groups in sites and services:
Camden
svr-dc-01
svr-dc-02
Tolocity
svr-dc-03 (all FSMO roles)
svr-dc-04
Hillburn
Lacon-dc-01
Lacon-dc-02
Hillburn is the new site and AD and DNS are not synchronising properly. If I create a new user or DNS record on the DC's in Hillburn they only the only DC there gets it. When I run DC diag on Lacon-DC-01 and svr-dc-03 I get the below results, the other DC's don't really show any errors. All firewalls are off and not hardware firewalls are between these DC.s
Dcdiags
svr-dc-03
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = svr-dc-03
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Tolocity\SVR-DC-03
Starting test: Connectivity
......................... SVR-DC-03 passed test Connectivity
Doing primary tests
Testing server: Tolocity\SVR-DC-03
Starting test: Advertising
......................... SVR-DC-03 passed test Advertising
Starting test: FrsEvent
......................... SVR-DC-03 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SVR-DC-03 failed test DFSREvent
Starting test: SysVolCheck
......................... SVR-DC-03 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:23:06
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:23:06
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:23:06
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:23:06
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:23:06
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:23:06
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x80000785
Time Generated: 10/28/2016 20:23:35
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 10/28/2016 20:24:05
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 10/28/2016 20:24:34
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 10/28/2016 20:25:12
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 10/28/2016 20:25:41
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
......................... SVR-DC-03 failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SVR-DC-03 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SVR-DC-03 passed test MachineAccount
Starting test: NCSecDesc
......................... SVR-DC-03 passed test NCSecDesc
Starting test: NetLogons
......................... SVR-DC-03 passed test NetLogons
Starting test: ObjectsReplicated
......................... SVR-DC-03 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
SVR-DC-03: Current time is 2016-10-28 20:27:51.
CN=Schema,CN=Configuration,DC=gb,DC=vo,DC=local
Last replication received from LACON-DC-01 at
2016-10-25 13:46:36
DC=gb,DC=vo,DC=local
Last replication received from LACON-DC-01 at
2016-10-25 13:46:48
......................... SVR-DC-03 passed test Replications
Starting test: RidManager
......................... SVR-DC-03 passed test RidManager
Starting test: Services
......................... SVR-DC-03 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000016AF
Time Generated: 10/28/2016 19:53:00
Event String:
During the past 4.01 hours there have been 108 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined
sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please
consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log'
and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
An error event occurred. EventID: 0x0000165B
Time Generated: 10/28/2016 19:54:21
Event String:
The session setup from computer 'SVR-DC-04' failed because the security database does not contain a trust account 'SVR-DC-04$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 10/28/2016 20:08:00
Event String:
The session setup from the computer SVR-DC-04 failed to authenticate. The following error occurred:
A warning event occurred. EventID: 0x00000458
Time Generated: 10/28/2016 20:26:25
Event String:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing
to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
......................... SVR-DC-03 failed test SystemLog
Starting test: VerifyReferences
......................... SVR-DC-03 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : gb
Starting test: CheckSDRefDom
......................... gb passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... gb passed test CrossRefValidation
Running enterprise tests on : gb.vo.local
Starting test: LocatorCheck
......................... gb.vo.local passed test LocatorCheck
Starting test: Intersite
......................... gb.vo.local passed test Intersite
Lacon-DC-01
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Lacon-DC-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Hillborn\LACON-DC-01
Starting test: Connectivity
......................... LACON-DC-01 passed test Connectivity
Doing primary tests
Testing server: Hillborn\LACON-DC-01
Starting test: Advertising
......................... LACON-DC-01 passed test Advertising
Starting test: FrsEvent
......................... LACON-DC-01 passed test FrsEvent
Starting test: DFSREvent
......................... LACON-DC-01 passed test DFSREvent
Starting test: SysVolCheck
......................... LACON-DC-01 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:26:57
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:26:57
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:26:57
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
A warning event occurred. EventID: 0x8000061E
Time Generated: 10/28/2016 20:26:57
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC000051F
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 10/28/2016 20:26:57
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
An error event occurred. EventID: 0xC0000620
Time Generated: 10/28/2016 20:26:57
Event String:
None of the directory servers in the following site that replicate the following directory partition are configured to use the following transport, even though the site itself is configured to allow replication over
this transport.
......................... LACON-DC-01 failed test KccEvent
Starting test: KnowsOfRoleHolders
[SVR-DC-03] LDAP bind failed with error 58,
The specified server cannot perform the requested operation..
Warning: SVR-DC-03 is the Schema Owner, but is not responding to LDAP
Bind.
Warning: SVR-DC-03 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: SVR-DC-03 is the PDC Owner, but is not responding to LDAP
Bind.
Warning: SVR-DC-03 is the Rid Owner, but is not responding to LDAP
Bind.
Warning: SVR-DC-03 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... LACON-DC-01 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... LACON-DC-01 passed test MachineAccount
Starting test: NCSecDesc
......................... LACON-DC-01 passed test NCSecDesc
Starting test: NetLogons
......................... LACON-DC-01 passed test NetLogons
Starting test: ObjectsReplicated
......................... LACON-DC-01 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,LACON-DC-01] A recent replication attempt failed:
From SVR-DC-03 to LACON-DC-01
Naming Context: DC=ForestDnsZones,DC=gb,DC=vo,DC=local
The replication generated an error (1726):
The remote procedure call failed.
The failure occurred at 2016-10-28 20:23:40.
The last success occurred at (never).
38 failures have occurred since the last success.
The replication RPC call executed for too long at the server and
was cancelled.
Check load and resource usage on SVR-DC-03.
[Replications Check,LACON-DC-01] A recent replication attempt failed:
From SVR-DC-03 to LACON-DC-01
Naming Context: DC=DomainDnsZones,DC=gb,DC=vo,DC=local
The replication generated an error (1726):
The remote procedure call failed.
The failure occurred at 2016-10-28 20:23:22.
The last success occurred at (never).
38 failures have occurred since the last success.
The replication RPC call executed for too long at the server and
was cancelled.
Check load and resource usage on SVR-DC-03.
[Replications Check,LACON-DC-01] A recent replication attempt failed:
From SVR-DC-03 to LACON-DC-01
Naming Context: CN=Schema,CN=Configuration,DC=gb,DC=vo,DC=local
The replication generated an error (1726):
The remote procedure call failed.
The failure occurred at 2016-10-28 20:22:45.
The last success occurred at (never).
39 failures have occurred since the last success.
The replication RPC call executed for too long at the server and
was cancelled.
Check load and resource usage on SVR-DC-03.
[Replications Check,LACON-DC-01] A recent replication attempt failed:
From SVR-DC-03 to LACON-DC-01
Naming Context: CN=Configuration,DC=gb,DC=vo,DC=local
The replication generated an error (1726):
The remote procedure call failed.
The failure occurred at 2016-10-28 20:22:18.
The last success occurred at (never).
39 failures have occurred since the last success.
The replication RPC call executed for too long at the server and
was cancelled.
Check load and resource usage on SVR-DC-03.
[Replications Check,LACON-DC-01] A recent replication attempt failed:
From SVR-DC-03 to LACON-DC-01
Naming Context: DC=gb,DC=vo,DC=local
The replication generated an error (1726):
The remote procedure call failed.
The failure occurred at 2016-10-28 20:23:03.
The last success occurred at (never).
38 failures have occurred since the last success.
The replication RPC call executed for too long at the server and
was cancelled.
Check load and resource usage on SVR-DC-03.
......................... LACON-DC-01 failed test Replications
Starting test: RidManager
......................... LACON-DC-01 passed test RidManager
Starting test: Services
......................... LACON-DC-01 passed test Services
Starting test: SystemLog
......................... LACON-DC-01 passed test SystemLog
Starting test: VerifyReferences
......................... LACON-DC-01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : gb
Starting test: CheckSDRefDom
......................... gb passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... gb passed test CrossRefValidation
Running enterprise tests on : gb.vo.local
Starting test: LocatorCheck
......................... gb.vo.local passed test LocatorCheck
Starting test: Intersite
......................... gb.vo.local passed test Intersite
Not sure where to start on troubleshooting this issue, please help.
Dear all,
I use windows 2012 R2 standard version, the AD server protect by the firewall.
Which ports should I open for the firewall policy to add the the server/PC to domain controller and the domain controlller push the policy to its member.
thanks
john
Hello
I want my self to clear on few things.
I knew we can login to the domain joined computers in our office connecting to LAN cable or wireless at home we use VPN.
I knew from home with out VPN we can login to laptop using domain credentials, But 1. How many times we can able to login ?
2. where the cache stored, if there is cache stored in our laptop, what if I delete the cache,
3. Is there any policy which controlled by Admins for this kind of logins, if so what policy ?
Regards,
Bixam Boda