http://support.microsoft.com/kb/259277 SUMMARY One or more error messages may be logged in the System event log if the Netlogon service registration or deregistration process does not succeed. This article describes these error messages and offers some troubleshooting considerations. MORE INFORMATION...
When you start a Windows 2000-based domain controller, you may receive the following Lsass.exe error message: Directory Services could not start because of the following error: The system cannot find the file specified. Error Status: 0xc000000f. Please click OK to...
http://support.microsoft.com/kb/258062 "Directory Services cannot start" error message when you start your Windows Server based or Windows SBS Server based domain controller SUMMARY This article leads you through a series of steps that may help you diagnose the...
Created : 09/18/2006 TITLE: NAT Netlogon and Kerberos Primer [ ] Problem Description # Issue: Common Knowledge appears to state that is Network Address Translation (NAT) is in place then trusts, logons, and Kerberos will not...
http://support.microsoft.com/kb/824449 SUMMARY This article describes an action plan for administrators and for support professionals to follow when domain controllers that are running Microsoft Windows 2000 or Microsoft Windows Server 2003 cannot replicate Active Directory because of DNS lookup failures....
http://support.microsoft.com/kb/321046 SUMMARY This article describes how to use the DNSLint utility to troubleshoot Active Directory replication issues. The Active Directory is a distributed database. It is used to store information about objects on a network and to...
Ldifde and csvde commands with Examples LDIFDE and CSVDE are quite similar. Both utilities can be used to import and export objects into active directory. The syntax for CSVDE and LDIFDE is the same. The main difference is that CSVDE...
Restricting Active Directory replication traffic and client RPC traffic to a specific port http://support.microsoft.com/kb/224196 Restricting Active Directory replication traffic and client RPC traffic to a specific port SUMMARY By default, Active Directory replication remote procedure calls (RPC) occur dynamically over...
How Dcpromo.exe Adds Display Specifiers to Active Directory Forests http://support.microsoft.com/kb/308592 How Dcpromo.exe Adds Display Specifiers to Active Directory Forests SUMMARY You use Active Directory promotion (Dcpromo.exe) to add domain controllers to Windows 2000 server forests. This article describes the role...
Active Directory Installation and Removal Issues http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbi_add_fvhd.mspx?mfr=true Active Directory Installation and Removal Issues To install and remove Active Directory, the Active Directory Installation Wizard (Dcpromo) is used. It is important that certain requirements are met to prevent an unsuccessful installation...
Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder http://support.microsoft.com/kb/254933 Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder SUMMARY The domain naming master...
Ports for Domains and Trusts - How to configure a firewall for domains and trusts http://support.microsoft.com/kb/179442 How to configure a firewall for domains and trusts SUMMARY This article describes how to configure a firewall for domains and trusts. Note: Not...
Replication fails with access denied and getting FRS event 13562 - crashonauditfail TITLE: Replication fails with access denied and getting FRS event 13562 Problem Windows 2000 Server Problem Description One Domain Controller fails to replicate getting access denied error. FRS...
How to Troubleshoot Black Hole Router Issues http://support.microsoft.com/kb/314825 How to Troubleshoot Black Hole Router Issues SUMMARY This article defines the term "black hole" router, describes a method of locating black hole routers, and suggests three ways to avoid the data...
AD replication not working after schema update. ISSUE: AD replication not working after schema update. + The customer did an adprep /forest prep on the Windows 2003 DC (having all FSMO roles). + The Schema Update was unsuccessful. + Active...
How to optimize Active Directory replication in a large network http://support.microsoft.com/kb/244368 How to optimize Active Directory replication in a large network SUMMARY This article describes how to optimize Active Directory replication in large network configurations. MORE INFORMATION...
Active Directory Replication in Depth - USN How to find USN of an Object from Active Directory: C:\>repadmin /showobjmeta * [DN path of object] > obj_delhi.txt * = All Dc's [DN path of object] = Object whose...
How does the Active Directory Replication Model Works http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx How does the Active Directory Replication Model Works Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows...
Error Message "Target Principal Name is Incorrect" When Manually Replicating Data between Domain Controllers For resetting secure channel on a DC, use this:--> netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password http://support.microsoft.com/kb/288167 Error Message "Target Principal Name is Incorrect" When Manually Replicating Data...
Article ID : 285172 Schema Update requires Write access to schema in Active Directory http://support.microsoft.com/kb/285172 Schema Updates Require Write Access to Schema in Active Directory SUMMARY This article discusses schema updates. IMPORTANT: This article contains information about modifying the Active...
Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx Restartable AD DS Step-by-Step Guide Applies To: Windows Server 2008, Windows Server 2008 R2 You can use Microsoft Management Console (MMC) snap-ins, or the Net.exe command-line tool, to stop or restart Active...
Restartable AD DS Restartable Active Directory Domain Service As taken from: Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx You can change the default by modifying the DsrmAdminLogonBehavior registry entry. By modifying the value for that registry entry, you can log on...
Password Change and its Replication Extract of one webcast by Mike Resnick, I hope this will make things clear about password change replication: http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Fwc022703%2Fwct022703.asp Microsoft Corporation Microsoft Windows 2000 Server and Windows Server 2003: Password and Account...
To delegate control of the group priority attribute CN=Group-Priority,CN=Schema,CN=Configuration,DC=tsged,DC=com Assessment: ================= <Suggestions for troubleshooting, data collection, etc> 1. Open up ADSIEdit.msc. 2. Right click on the domain name, and select Properties 3. Click on the "Security" tab. 4. Click the...
Common Metadata Cleanup Issues Metadata cleanup:- If you try to connect to the same server that you want to delete, when you try to delete the server, you may receive the following error message: Error 2094. The DSA Object cannot...
How to detect Stale Accounts from AD Stale Account Detection Stale account detection is required so that unused computer and user accounts can be removed from Active Directory. On domain controllers running Windows Server 2003 and Windows Server...
How to use the Showmeta command Showmeta is a switch of the Repadmin Support tools utility. You can use the showmeta command to find data related to a particular Object. It helps in finding the originating write for the deletion...
Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003 http://support.microsoft.com/kb/837932 SYMPTOMS When inbound replication of the Active Directory directory service occurs, a destination domain controller...
How to restore deleted user accounts and their group memberships in Active Directory How to restore deleted user accounts and their group memberships in Active Directory http://support.microsoft.com/kb/840001/en-us?spid=12925&sid=1614 + LDP + Adrestore : Need to run it multiple times You can...
USN Rollback Complete Article This article describes what is USN Rollback and what issues does it cause and how to Troubleshoot USN Rollback Issue What is USN Rollback? To under this issue you should first read the following two articles:...
The Active Directory database garbage collection process APPLIES TO · Microsoft Windows Server 2003, Standard Edition (32-bit x86) · Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) · Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) · Microsoft Windows 2000...
Monitoring Active Directory Health http://technet.microsoft.com/en-us/library/cc180912.aspx Monitoring Active Directory Health Active Directory Management Pack (ADMP) monitors Active Directory — and the external components that are related to Active Directory — to ensure that their ongoing behavior falls within the bounds of...
Scecli 1202 http://support.microsoft.com/kb/324383 Troubleshooting SCECLI 1202 Events Article ID : 324383 Troubleshooting SCECLI 1202 Events This article describes ways to troubleshoot and to resolve SCECLI 1202 events. MORE INFORMATION The first step in troubleshooting these events is to identify the...
Directory Services Debug Logging Primer http://blogs.technet.com/b/askds/archive/2008/04/02/directory-services-debug-logging-primer.aspx Bhaskar here. In Directory Services we support a whole bunch of components which each have their own debug logging. A while back I pulled together all the information from various KB and TechNet articles...
Active Directory Database Mounting Active Directory Database Mounting and Snapshot creation is a technique where in you can store instances of the whole Active Directory by taking its snapshot, and then you can mount these snapshots to activate that instance...
Active Directory Replication Active Directory Replication is process of replicating Active Directory data from one Domain Controller to another. It is an automated process which has its own schedule; which when occurs replicates initial data, data changes and new data...
Csvde http://technet.microsoft.com/hi-in/library/cc771621(en-us,WS.10).aspx Csvde Applies To: Windows Server 2008 Csvde Imports and exports data from Active Directory Lightweight Directory Services (AD LDS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on...
How Domain Controllers Are Located in Windows http://support.microsoft.com/kb/247811 This article describes the mechanism used by Windows to locate a domain controller in a Windows-based domain. This article details the process of locating a domain by its DNS-style name and its...
AdPrep Infrastructure master - The Infrastructure master role is domain-wide and there is one for each domain. This role is required for domain controllers to run the adprep /forestprep command successfully and to update SID attributes and distinguished name...
Lingering objects Troubleshooting What is a Lingering Object by the way? • If an object is deleted and the changes are not replicated due to some reason. Then the Domain Controller on which the object deletion occurred does not have...
It was yesterday when i was working with one of my customers on an issue of AD replication not working what we found was that one of the dc's have lingering objects: when we tried to remove them we got...
Basic Troubleshooting Steps These are the basic troubleshooting steps that will come in handy for almost all of the relevant issues with in an Active Directory Domain Environment where in it needs troubleshooting. These are some basics that need to...
Permission on Domain / Configuration / Schema Check Default Permission: /they must have { + Enterprise Domain Controllers + Administrators Schema Partition: + Schema Admin + Enterprise Admins }...
To reset a machine A/C pwd for (A)DC :→ a) Stop the KDC Service, and then set it to manual Start-up. b) Run the command: netdom resetpwd /server: r-p-s-n /userd: domain\admin /passwordd:* c) Restart the computer, start the KDC &...
DNS on the NIC card Binding Order of the NIC Cards DNS Event ID's DNS Snap In - Zones getting Loaded MaxPacketSize and EnablePMTUBHDetect Duplicate SPN - ldifde { Kerberos 4 /Target A/C Incorrect. } Access this computer from...
How to troubleshoot error message "Access is Denied" SMB {Default DC, not @ Default Domain} Time Sync { +/- 5 Min. } KB 257187 A script to report time from multiple domain controllers is documented in SOX030529700138 GP: { Access...
describe with an essay here.....the following; > DNS ( Tcp/Ip Stack, Binding Order ), Network Connectivity Issues, GUID incorrect, DNS Port Blocked > Kerberos Authentication errors > RPC errors * We donot suggest keeping two network adapters enabled on a...
• To find the replication status of forest:→ repadmin /showreps • repadmin /showrepl * ....
Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 1988 Date: 6/13/2008 Time: 11:09:55 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ATLASDC01 Description: Active Directory Replication encountered the existence of objects in the following partition that have...
Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 1944 Date: 6/13/2008 Time: 11:05:47 AM User: LUWA_NT\vtback Computer: ATLASDC01 Description: Active Directory was unable to verify the existence of all lingering objects on the local domain...
Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 1864 Date: 7/24/2008 Time: 3:28:02 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ZDC2 Description: This is the replication status for the following directory partition on the local domain...
Event Type: Error Event Source: NTDS Replication Event Category: Replication Event ID: 2042 Date: 7/24/2008 Time: 3:58:02 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ZDC2 Description: It has been too long since this machine last replicated with the named source machine....
Static RPC port for Active Directory Replication via Registry HKEY_LOCAL_MACHINE \CurrentControlSet \Services \NTDS \Parameters \TCP/IP Port You can set this to 1349 (decimal), for example, to make 1349 the IP port, then find all replication-related packets by filtering on that...