Home | Site Map | How To | Windows Vista | Case Studies | Articles | Forums | Services | Donations | Careers | About Us | Contact Us|

AD & DC

Fixed: Adprep did not attempt to run this operation...
AD communication, including replication, fails on multihomed domain controllers
Solved: A Schema validation check failed...
Can I rename Windows 2003 DC
Can't access Active directory from member server
Can't join the domain because of name resolution
Can't join domain - DNS name does not exist
Can't join domain - error code 0x0000232B RCODE_NAME_ERROR
Unable to logon after changing the domain name
Causes of Active Directory replication issues
Connected to domain not verified
Common Active Directory Issues
Domain cached credentials issue
Failed to modify the necessary properties for the machine account
How to check AD DNS Registration
How to check DC  replication status
How to Enable or Disable a Global Catalog (GC)
How to install/remove AD/DC
How to repopulate AD DNS entries
Logon scripts don’t synchronize between two domain controllers
Logon Server is in remote location - should been local
Problem joining computer to domain
Solved: The requested FSMO Operation failed...
Two same print server names in one Domain.
This domain controller holds the last replica of the following application directory partitions
Troubleshoot the File Replication Service
Troubleshooting File Replication Service Issues
Trust relationship between workstation and domain failed
What will happen when demoting a DC
Windows 2003 and SBS 2003 installed on multihomed computer
Why does my network crash when 1 DC goes down?

Perform a non-authoritative restore of the data

How to Repadmin.exe Tool to diagnose Replication Status

Fixed: Adprep did not attempt to run this operation...

AD communication, including replication, fails on multihomed domain controllers

Cause: network adapters on the multihomed domain controllers are registering both the inside and outside Internet Protocol (IP) addresses with the DNS server. Replication operations require multiple lookup requests of SRV records. In this case, half of the DNS lookup requests return an IP address that cannot be contacted, and the replication operation fails.

Solved: A Schema validation check failed...

Can I rename Windows 2003 DC

If you have a Windows 2003 DC, you can use the Netdom tool to rename the DC. The Netdom provide a secure and supported methodology to rename one or more domains. You can find the tool from the Windows 2003 installation CD-ROM

Common Active Directory Issues

1. Incorrect DNS configuration.
2. Incorrect network configuration.
3. Difficulties when you upgrade from Microsoft Windows NT.

Failed to modify the necessary properties for the machine account

Symptom: When you run Dcpromo to create a replica domain controller, you may receive the following error message: Failed to modify the necessary properties for the machine account. Access is denied.

Cause: 1. The account that is used for the promotion operation may not been assigned the "Delegation Privilege" right.
2. One of the operations that takes place during the promotion of a replica domain controller is the modification of the UserAccountControl attribute for the computer you are promoting.
3. When one or more domain controllers are on a Windows 2000 server that is using NAT; and it can be caused by the H.323/Lightweight LDAP proxy service.

For consultants, please refer to case 110804RL

How to check AD DNS Registration

You should have four folders with the following names under DNS forward lookup zones are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp

How to check DC  replication status

To check DC replication status, go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.

How to Enable or Disable a Global Catalog (GC)

Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.

How to install/remove AD/DC

To install/remove AD/DC, use Promote and Demote command.

How to repopulate AD DNS entries

Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

Solved: The requested FSMO Operation failed...

This domain controller holds the last replica of the following application directory partitions

Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com

Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.

What will happen when demoting a DC

When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.