Global catalog problem

Similar Messages

• Cisco ISE with AD Problem: "Could not read groups data: Global catalog not found"

  Hi all,
  When I make the ActiveDirectory integration with Cisco ISE, I have complete with this integration. but when I try to read the Groups from Active Directory, ISE shows the message "Could not read groups data: Global catalog not found".
  My Domain has multiple sites and subnets, each contains GC for local logon. I have set ISE to the correct site and subnet. Forward and Reverse DNS are working with no error.
  Does anyone get this problem, please help.
  I have check into the ISE CLI Reference Guide 1.1.x
  You are about to configure Active Directory settings.
  Are you sure you want to proceed? y/n [n]: y
  Parameter Name: dns.servers
  Parameter Value: 10.77.122.135
  Active Directory internal setting modification should only be performed if approved by ISE
  support. Please confirm this change has been approved y/n [n]: y
  What shoud I set in the Parameter Name ? dns.servers or my dns hostname ?
  Please suggest for this too.
  Thanks and Regards,
  Pongsatorn M.

  Hi Pongsatorn,
  Thanks for the reply!
  I've attached the results of the ISE detailed AD test. As you can see, there is a fair number of domain controllers in the AD forest.
  It seems everything works correctly until it gets to testing the AD connectivity on port 3268. Then I get this:
    Testing Active Directory connectivity:
      Global Catalog: pdascdc02.xyz.com
        gc:       3268/tcp - refused
    Testing Active Directory connectivity:
      Global Catalog: pdascdc02.xyz.com
        gc:       3268/tcp - refused
  For some reason, the request to the controllers on port 3268 is being refused.
  Any thoughts you might have are greatly appreciated.
  Cheers,
  Greg

• A Global Catalog Server could not be located - All GC's are down SBS 2011

  I have been searching through these forums and manage to find similar errors but am struggling to find an answer that applies to this me.
  I seem to be having a number of issues with our SBS. I believe this was originally domain was previously on a SBS 2003 box before being moved to this SBS 2011 box last year, it has been running fine until yesterday. I cant see anything that has changed then
  though.
  Everything seems to point to DNS although I am struggling to pinpoint the actual cause. The most worrying is when I try to open something on the SBS such as AD sites and services.
  the error is
  Active Directory Domain Services - Naming information cannot be located because: The specified domain either does not exist or could not be contacted. Contact your system administrator to verify that your domain is properly configured and
  is currently online.
  Here is the IPconfig/all from the server
  v
  Host Name . . . . . . . . . . . . : SBS2012
  Primary Dns Suffix . . . . . . . : Contosso.local
  Node Type . . . . . . . . . . . . : Broadcast
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : Contosso.local
  Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Intel(R) 82575EB Gigabit Network Connecti
  on #2
  Physical Address. . . . . . . . . : 00-1E-67-39-23-14
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::8087:34f0:59f9:6a26%12(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.35.250(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.35.1
  DHCPv6 IAID . . . . . . . . . . . : 301997671
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-39-46-22-00-1E-67-39-23-15
  DNS Servers . . . . . . . . . . . : 192.168.35.250
  NetBIOS over Tcpip. . . . . . . . : Enabled
  PPP adapter RAS (Dial In) Interface:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : RAS (Dial In) Interface
  Physical Address. . . . . . . . . :
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.35.24(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . :
  NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.{A23E95B8-B5C2-4D88-BDE9-E9F1C2DD3902}:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  and here is the nltest
  nltest /server:sbs2012 /dsgetdc:contosso.local
  DC: \\SBS2012.contosso.local
  Address: \\192.168.35.250
  Dom Guid: c50b6df3-9d22-4c87-b2a7-adadc4fd5ec1
  Dom Name: contosso.local
  Forest Name: contosso.local
  Dc Site Name: Default-First-Site-Name
  Our Site Name: Default-First-Site-Name
  Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
  DNS_FOREST CLOSE_SITE FULL_SECRET WS
  The command completed successfully
  As far as I can see everything so far looks ok (highly possible I am missing something) but when I run a DCDIAG it gets messy
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = SBS2012
  * Identified AD Forest.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Default-First-Site-Name\SBS2012
  Starting test: Connectivity
  ......................... SBS2012 passed test Connectivity
  Doing primary tests
  Testing server: Default-First-Site-Name\SBS2012
  Starting test: Advertising
  Fatal Error:DsGetDcName (SBS2012) call failed, error 1355
  The Locator could not find the server.
  ......................... SBS2012 failed test Advertising
  Starting test: FrsEvent
  There are warning or error events within the last 24 hours after the
  SYSVOL has been shared. Failing SYSVOL replication problems may cause
  Group Policy problems.
  ......................... SBS2012 passed test FrsEvent
  Starting test: DFSREvent
  ......................... SBS2012 passed test DFSREvent
  Starting test: SysVolCheck
  ......................... SBS2012 passed test SysVolCheck
  Starting test: KccEvent
  ......................... SBS2012 passed test KccEvent
  Starting test: KnowsOfRoleHolders
  ......................... SBS2012 passed test KnowsOfRoleHolders
  Starting test: MachineAccount
  ......................... SBS2012 passed test MachineAccount
  Starting test: NCSecDesc
  Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
  Replicating Directory Changes In Filtered Set
  access rights for the naming context:
  DC=DomainDnsZones,DC=Contosso,DC=local
  Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
  Replicating Directory Changes In Filtered Set
  access rights for the naming context:
  DC=ForestDnsZones,DC=Contosso,DC=local
  ......................... SBS2012 failed test NCSecDesc
  Starting test: NetLogons
  Unable to connect to the NETLOGON share! (\\SBS2012\netlogon)
  [SBS2012] An net use or LsaPolicy operation failed with error 67,
  The network name cannot be found..
  ......................... SBS2012 failed test NetLogons
  Starting test: ObjectsReplicated
  ......................... SBS2012 passed test ObjectsReplicated
  Starting test: Replications
  [Replications Check,SBS2012] DsReplicaGetInfo(PENDING_OPS, NULL)
  failed, error 0x2105 "Replication access was denied."
  ......................... SBS2012 failed test Replications
  Starting test: RidManager
  ......................... SBS2012 passed test RidManager
  Starting test: Services
  Could not open NTDS Service on SBS2012, error 0x5
  "Access is denied."
  ......................... SBS2012 failed test Services
  Starting test: SystemLog
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:27:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:32:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:37:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:42:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:47:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:52:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x00000457
  Time Generated: 07/12/2013 08:54:09
  Event String:
  Driver EPSON WorkForce 645 Series required for printer EPSON WorkForce 645 Series is unknown. Contact the administrator to install the driver before you log in again.
  An error event occurred. EventID: 0x00000457
  Time Generated: 07/12/2013 08:54:10
  Event String:
  Driver FX DocuCentre-IV C2270 PCL 6 required for printer scanner - 212 Manukau Rd Epsom is unknown. Contact the administrator to install the driver before you log in again.
  An error event occurred. EventID: 0x00000457
  Time Generated: 07/12/2013 08:54:10
  Event String:
  Driver HP ePrint required for printer HP ePrint is unknown. Contact the administrator to install the driver before you log in again.
  An error event occurred. EventID: 0x00000457
  Time Generated: 07/12/2013 08:54:11
  Event String:
  Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to install the driver before you log in again.
  An error event occurred. EventID: 0x00000457
  Time Generated: 07/12/2013 08:54:14
  Event String:
  Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 08:57:32
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 09:02:33
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  A warning event occurred. EventID: 0x00002724
  Time Generated: 07/12/2013 09:03:32
  Event String:
  This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
  An error event occurred. EventID: 0x0000041A
  Time Generated: 07/12/2013 09:03:33
  Event String:
  The DHCP/BINL service on the local machine encountered a network error. The error was: 0x 2.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 09:03:33
  Event String:
  The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons.
  An error event occurred. EventID: 0xC0002720
  Time Generated: 07/12/2013 09:03:45
  Event String:
  The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  An error event occurred. EventID: 0xC0002720
  Time Generated: 07/12/2013 09:03:46
  Event String:
  The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  An error event occurred. EventID: 0xC0002720
  Time Generated: 07/12/2013 09:03:46
  Event String:
  The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  An error event occurred. EventID: 0xC0002720
  Time Generated: 07/12/2013 09:03:46
  Event String:
  The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  An error event occurred. EventID: 0xC0002720
  Time Generated: 07/12/2013 09:03:46
  Event String:
  The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
  An error event occurred. EventID: 0x00000406
  Time Generated: 07/12/2013 09:07:33
  Event String:
  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  An error event occurred. EventID: 0x00000406
  Time Generated: 07/12/2013 09:12:34
  Event String:
  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  An error event occurred. EventID: 0xC00038D6
  Time Generated: 07/12/2013 09:16:24
  Event String:
  The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 09:17:34
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  An error event occurred. EventID: 0x0000041E
  Time Generated: 07/12/2013 09:22:34
  Event String:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  ......................... SBS2012 failed test SystemLog
  Starting test: VerifyReferences
  ......................... SBS2012 passed test VerifyReferences
  Running partition tests on : DomainDnsZones
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test
  CrossRefValidation
  Running partition tests on : ForestDnsZones
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test
  CrossRefValidation
  Running partition tests on : Schema
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Running partition tests on : Configuration
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Running partition tests on : Contosso
  Starting test: CheckSDRefDom
  ......................... Contosso passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Contosso passed test CrossRefValidation
  Running enterprise tests on : Contosso.local
  Starting test: LocatorCheck
  Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
  A Global Catalog Server could not be located - All GC's are down.
  Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
  A Time Server could not be located.
  The server holding the PDC role is down.
  Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
  1355
  A Good Time Server could not be located.
  Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
  A KDC could not be located - All the KDCs are down.
  ......................... Contosso.local failed test LocatorCheck
  Starting test: Intersite
  ......................... Contosso.local passed test Intersite
  I found a few people who have had similar issues that was caused by the "netlogon" service being paused or stopped but in my case it is set to automatically start and is running.
  I have also posted this to serverfault  (cant post links yet serverfault.com/questions/522691/a-global-catalog-server-could-not-be-located-all-gcs-are-down) added as there may be info there that may help.
  Thanks for taking the time to read this, hopefully someone out there has come across this before or can offer something in regards to the next steps I should take.

  Some troubleshooting ideas:
  0. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration
  -- you need to fix that first.
  1. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each
  other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
  2. Check if dynamic updates are "turned on" on the DNS server.
  3. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following
  command: 
       nltest.exe /dsregdns

• Global Catalog and Searching Child Domains

  Hi Everyone,
  I'm attempting to sync events from a parent domain and I want to include all child domains as well. The forest contains a parent domain with 2 child domains. In my adapter I have the following configuration specified:
  Container: DC=parent,DC=company,DC=com
  Search Filter: DC=parent,DC=company,DC=com
  Search Child Domain: Checked
  Global Catalog: DC1.parent.company.com (Domain Controller of the parent domain is configured as Global Catalog)
  When I attempt to sync domains from the child domain I recieve the following error:
  dn attribute not found in search result
  Does anyone have insight into what might be occuring. I can query the gc and can retrieve the events with no problem from other tools but IDM seems to always have an error for these child domain events. All comments or suggestions welcome. Thanks

  This is the actual error from the AS log if that helps:
  2009-10-09T13:26:13.840-0500: com.waveset.util.WavesetException: Unable to find dn attribute for object returned from search.
       at com.waveset.adapter.AgentResourceAdapter.loadUsersFromResponse(AgentResourceAdapter.java:573)
       at com.waveset.adapter.AgentResourceAdapter$AgentAccountSupplier.call(AgentResourceAdapter.java:2937)
       at com.waveset.util.BufferedSupplier.getNextBlock(BufferedSupplier.java:70)
       at com.waveset.util.BufferedSupplier.run(BufferedSupplier.java:86)
       at java.lang.Thread.run(Thread.java:619)

• Can't reach global catalog server.....that I am actively pinging....

  Hello.
  Background
  I have a Window server 2008 r2 installation that I fell in on. I removed all roles and features. Renamed, and gave a new ip address
  I ran DCpromo and installed AD and DNS. this server was to be the first in a new domain.
  After successfully creating the domain, I added my workstation (laptop) to the domain successfully and logged on with a created domain administrator account.
  I installed the remote administrator pack for windows 7 onto my workstation 
  Problem
  I ran AD Users and Computers (from my workstation) and proceeded to create a user... only to be told:
  "Windows cannot verify that the user name is unique because the following error occurred while contacting the global catalog: The server is not operational."
  Troubleshooting steps taken so far:
  I have ensured that my workstation and server times match (to the second)
  I have ensure they are in the same time zone, date, etc.
  I am actively pinging the domain controller from my workstation WHILE I attempt to create the user, so network connectivity is ruled out. they are in the same subdomain, there is no router in between. it is workstation > switch > switch > switch
  > server
  I checked sites and services, to find only 1 server listed for the sole domain, and it IS checked as the global catalog server
  My workstation when added to the domain registered in DNS appropriately. As is the domain controller itself.
  DCDIAG /fix reports no errors, everything passes
  metadata.cleanup cannot be used because there are not other domains or sites, or servers listed beside the one I created.
  Please help....Thank you.

  Please use dcdiag /v and repadmin /showreps
  to check the DCs health status and AD replication.
  Please also refer to the recommendations mentioned here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Certain users unable to send email internaly by typing adress ; only work when they use global catalog

  Certain users unable to send email internaly by typing adress ; only work when they use global catalog
  got Office 2010 sp1 and win7  

  Remove the outlook cache, Guess its the cache that's causing the problem, whereas when you pull the address from GAL it works fine.
  refer to the article
  http://support.microsoft.com/default.aspx?kbid=287623

• When exchange Domain Controller or Global Catalog servers?

  I have a few questions want to get your help.
  1,which situation exchange would contact with the Domain Controller, and which situation  exchange would contact with the Global Catalog servers?what's the difference?
  2,for the mailbox replication service, besides moving the mailbox ,and  DAD relevant operations, which situation mailbox replication service also contact with Dc?
  Please click the Mark as Answer button if a post solves your problem!

  Hi,
  About Question 1:
  For Exchange, GC is mainly for Address Book lookups. Exchange server access to the global catalog for address information.
  About DC, every domain controller contains the following three directory partitions.
  1. Configuration: Contains the Configuration container, which stores configuration objects for the entire forest in cn=configuration,dc= forestRootDomain.
  2. Schema: Contains the Schema container, which stores class and attribute definitions for all existing and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain.
  3. Domain: Contains a < domain > container, which stores users, computers, groups, and other objects for a specific domain.
  For example, each Exchange Server object has the attribute Boolean messageTrackingEnabled. The Exchange server processes will turn on or off message tracking depending on the value of this attribute in the directory. This is an example of configuration data.
  Configuration data is stored in the Configuration partition of Active Directory, and this partition is replicated to every DC in the Forest. Therefore Exchange can potentially go to any DC to access this information.
  About Question 2:
  The Mailbox Replication Service is responsible for moving mailboxes, importing and exporting .pst files, and restoring disabled and soft-deleted mailboxes. All these options need to contact with DC.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support
  Thank you so much
  Please click the Mark as Answer button if a post solves your problem!

• Could not find any available Global Catalog in forest when running RemoteMailbox cmdlet

  My current Exchange environment is a hybrid configuration of Office 365, Exchange 2013 hybrid, and Exchange 2007 on-premise.
  I have a script responsible for enabling remote mailboxes and assigning O365 licenses to a list of users; essentially provisioning users an O365 mailbox. This script runs every hour through a defined scheduled task in the Task Scheduler.
  The script is proven to work but will intermittently throw an error on some days: "Could not find any available Global Catalog in forest root.xyz.com"
  Here are the nuances of the error when it does occur:
  It will only throw the error when the script is run via scheduled task - the script will work fine if executed from the command line
  The error occurs when "Enable-RemoteMailbox" or "Get-RemoteMailbox" is called.
  The same error will occur with ANY script that calls "Enable-RemoteMailbox" or "Get-RemoteMailbox" and is ran via scheduled task - even when the RemoteMailbox cmdlet was the only line in the script
  Here is the output and error when Get-RemoteMailbox -verbose is ran:
  VERBOSE: [15:49:52.474 GMT] Get-RemoteMailbox : Active Directory session
  settings for 'Get-RemoteMailbox' are: View Entire Forest: 'True',
  VERBOSE: [15:49:52.489 GMT] 
  Get-RemoteMailbox : Runspace context: Executing
  user: , 
  Executing user organization: , 
  Current organization: , 
  RBAC-enabled:Disabled.
  VERBOSE: [15:49:52.489 GMT] Get-RemoteMailbox : Beginning processing
  VERBOSE: [15:49:52.521 GMT] Get-RemoteMailbox : Current ScopeSet is: {
  Recipient Read Scope: {{, }}, 
  Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, 
  Configuration Write Scope(s): {{, }, }, 
  Exclusive Recipient Scope(s): {}, 
  Exclusive Configuration Scope(s): {} }
  VERBOSE: [15:49:52.521 GMT] Get-RemoteMailbox : Resolved current organization: .
  VERBOSE: [15:49:52.521 GMT] Get-RemoteMailbox : Searching objects "abose" of type "ADUser" under the root "$null".
  VERBOSE: [15:49:52.536 GMT] Get-RemoteMailbox : Previous operation run on global catalog server 'evw-xyzdc-p02.ad.xyz.com'.
  Get-RemoteMailbox : Could not find any available Global Catalog in forest root.xyz.com.
  At C:\IDM_In\Scripts\MinimalTest.ps1:42 char:14
  + $abose = Get-RemoteMailbox 'abose' -verbose
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : NotSpecified: (:) [Get-RemoteMailbox], ADTransientException
  + FullyQualifiedErrorId : E421EF0B,Microsoft.Exchange.Management.RecipientTasks.GetRemoteMailbox
  VERBOSE: [15:49:52.567 GMT] Get-RemoteMailbox : Ending processing
  What could be the cause of this intermittent error?
  Thanks for any help

  looks to me permission error as when you are running it via a schedule task is is not able to call exchange shell/ commands {confirm this} where as when you running this manually looks to me you open exchange shell, may be as admin also and then running
  the script.
  schedule task process is not able to get the permission..
  MARK AS USEFUL/ANSWER IF IT DID
  Thanks
  Happiness Always
  Jatin

• How to replicate 'memberOf' attribute to global catalog server

  Hi,
  I am trying to replicate 'member of' attribute to global catalog server, to get the data from child domain where trust is enabled.
  i did a little reserach and found that 'isMemberOfPartialAttributeSet' should be true to get it replicated to global catalog server.
  in schema, i am trying set 'isMemberOfPartialAttributeSet' true for "is-member-of-DL" attribute and getting illegal modification.
  is there any other way, where i can modify (or with help of Microsoft).
  OS: windows 2003 R2 (SP2) - MSDN
  Thanks!
  Karthik
  Thanks, Karthikeyan R

  Hi Karthik,
  Based on my tests, the right way to modify attributes that replicate to the Global Catalog is:
  Open Active Directory schema snap-in.
  Then locate the attribute which you wish to modify.
  Right click on it, and select Properties.
  Tick the check box “Replicate this attribute to the Global Catalog”.
  Here is a screenshot for you:
  More references below:
  Install the Active Directory Schema snap-in
  http://technet.microsoft.com/en-us/library/cc755885(v=WS.10).aspx
  How to Modify Attributes That Replicate to the Global Catalog
  http://support.microsoft.com/kb/248717
  Best Regards,
  Amy

• OID and Active Directory(global catalog) synchronization issues

  We have a large network with 7 domains within the AD forest.....The OID server profile
  points to a single domain controller/gc in 1 of these 7 domains. It is able to synchronize when a change occured
  from this domain but not the others in the forest by quering port 3268/GC. We reloaded
  the bootstrap which reduced the "highest committed usn" last read attribute value in
  OID....and the synch started working again with another domain but not consistently(a change in AD gets pulled into OID)...
  It seems as if OID cannot read the highest committed usn value for all domains
  within one forest by quering a single global catalog domain controller in one
  domain....any ideas on best practice to have a consistent synch from OID to all
  domains in AD?
  Message was edited by:
  marcvip

  Each AD server in the Forest will maintain his own highestCommittedHSN. The AD GC should maintain a consistent HSN but knows and keeps all the AD servers in sync. So if the GC does not maintain a consistent HSN you should contact Microsoft as well (besides this forum :-)
  regards,
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Exchange Management Shell Cannot Find Global Catalog Servers

  Hello,
  I have a client with a single Exchange 2013 RU2 multi role server.  Exchange works fine with no issues.  However, when I open EMS and try to do anything (example get-mailbox) it returns the following error.  It was working up until about a
  week ago.
  "Could not find any available Global Catalog in forest domain.com"
  I haven't tried rebooting the server yet because Exchange is running fine, it's just PowerShell is jacked up.  I have even tried Remote PowerShell from another server and same results.  Has anyone ever seen this?
  Thanks,
  John

  can you check what  your nslookup returns you... are you able to connect to your DNS without any error.
  the above error is generally towards network connectivity issues.
  guess you have two lan cards on exchange. what is the DNS on both lan cards. i guess should b same.
  MARK AS USEFUL/ANSWER IF IT DID
  Thanks
  Happiness Always
  Jatin

• Help, error connection Cisco Identity Services Engine with AD, global catalog port status error

  Dear all,
  I have Cisco Indentity Services Engine, that  connected to Active Directory. When I test connection detailed,
  the result is error, said:
  Test Connection Results
  This dialog shows the detailed logs for the operation for: idsv0018.
  Status: FAILED: Global Catalog port status error.
  Can anyone help?
  I believe,  because this error, I can't search group of AD, at Cisco ISE.
  FYI: the connection from Cisco ISE to AD, joined with successful result.
  Thanks,
  Jerri

  It's clears that when ISE tries to  find the GC using the _gc._tcp. DNS query. It doesn't find that  information on the Domain controller. The GC information is missing on  the DC.
  gc._tcp.DnsForestName
  Allows a client to locate a Global Catalog (gc) server for this domain.
  Jatin Katyal
  - Do rate helpful posts -

• A Global Catalog Server could not be located - All GC's are down server 2003 dc

  Im all out of ideas.  I have two 2003 server DC's that both fail DCDIAG with the following adn my exchange services wont come online due to this. please help!
  dc1-server dcdiag
        Starting test: FsmoCheck
           Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
           A Global Catalog Server could not be located - All GC's are down.
           PDC Name: \\dc1-server.silistra-bg.net
           Locator Flags: 0xe00003dd
           Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
           A Time Server could not be located.
           The server holding the PDC role is down.
           Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
           A Good Time Server could not be located.
           Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
           A KDC could not be located - All the KDCs are down.
           ......................... silistra-bg.net failed test FsmoCheck     
  dc2-server dcdiag:
        Starting test: FsmoCheck
           Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
           A Global Catalog Server could not be located - All GC's are down.
           Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
           A Primary Domain Controller could not be located.
           The server holding the PDC role is down.
           Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
           A Time Server could not be located.
           The server holding the PDC role is down.
           Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
           A Good Time Server could not be located.
           Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
           A KDC could not be located - All the KDCs are down.
           ......................... silistra-bg.net failed test FsmoCheck

  Some troubleshooting ideas:
  0. Check if the DCs can resolve each other using their DNSHostName. If not, this indicates some DNS misconfiguration
  -- you need to fix that first.
  1. Check if the both the DCs are pointing to the same DNS server (or DNS servers that are replica of each
  other). Run: "ipconfig /all" and check its output. If not, correct the DNS client settings and run dcdiag after sometime.
  2. Check if dynamic updates are "turned on" on the DNS server.
  3. Try re-registering the DCs SRV records by either restarting netlogon service or by running the following
  command: 
       nltest.exe /dsregdns

• Global Catalog Server?

  I am upgrading three domain controllers by replacing old '03 DCs with new '12 DCs. The set is a parent domain with two sub domains for child organizations. No users in the sub domains should be able to log into the other domains or see the GAL for the exchange servers in the other orgs. Each of the three has their own exchange server. The same IT team manages all three, so we want to have them in the same forest. (correct term?)Should any of the domain controllers be a Global Catalog server? That is an option when upgrading the DC server from '03 to '12."Servers running Microsoft Exchange Server rely on access to the global catalog for address information. Users use global catalog (GC) servers to access the global address list (GAL).Because a domain controller that acts as a global catalog server stores objects for all domains in the...
  This topic first appeared in the Spiceworks Community

  CFLDAP requires a domain controller to be specified. It can't
  use find the root dsn of the domain and start from there.
  The best workaround is to "know" every domain controller on
  your domain. Then, run a very simple LDAP query using the first
  domain controller. If an error occurs, then try the LDAP query with
  the second domain controller. Keep this up until you run out of
  domain controllers. If this happens, then you are in worse trouble
  because your domain will start to fall apart.
  Use CFTRY/CFCATCH to test for any LDAP errors when a domain
  controller is not responding. You can even wrap this into a simple
  CFLOOP that loops over a list of domain controllers.
  All it has to do is return a simple query that should take
  very little time to process. All you are doing is testing to make
  the sure domain controller is responding.

• Organizer/catalog problem

  getting: "a problem accessing Organizer catalog. It may be in use by another process or a disk error occurred".  Can you help? Sorry - I'm using Elements 5...

  From: photodrawken
    Sent: Thursday, May 17, 2012 2:39 PM
    To: Ermineglen
    Subject: Organizer/catalog problem
          Re: Organizer/catalog problem
          created by photodrawken in Photoshop Elements - View the full discussion Much thanks to you - appreciate it. Glen...