My New domain controller wont see the pdc
hi, i have a windows 2003 pdc that is the only one on the network, previous IT people did not have a BDC or system back up. Now the current domain controller is giving trouble, i tried to install a secondary 2003 domain controller (BDC) but it dose not see
the primary domain controller and it wants to be the pdc. The problem is how ever i want to keep all the previous user accounts and settings in the ad. I have tried using admt but it dose not recognise another dc how can i transfer all user info stored in
the active directory.
Hi scipiotechadmin,
Is the function level of your domain is Windows Server 2003? If so, you can use the Windows Server 2003 Active Directory Domain Rename Tools which can provide a security-enhanced and supported methodology to rename one or more domains (as well as application
directory partitions) in a deployed Active Directory forest:
Windows Server 2003 Active Directory Domain Rename Tools
For your information, please refer to the following articles to get more help:
What Is Domain Rename?
How Domain Rename Works
Regards,
Lany Zhang
Similar Messages
-
New Domain Controller does not show in our different site's Domain controller's Sites and Services
Hi,
we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
functional level is also 2003R2.
We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happeningJust noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 1/4/2014 8:11:40 AM
Event ID: 2042
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: NORDC1.vertrue.com
Description:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object
would be recreated in the local Active Directory Domain Services database.
Time of last successful replication:
2013-05-16 15:26:38
Invocation ID of source directory server:
9236ac56-d046-4632-b072-acbe823c5f6c
Name of source directory server:
accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
Tombstone lifetime (days):
90
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at
http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
<Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime
number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
<EventID Qualifiers="49152">2042</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
<EventRecordID>38018</EventRecordID>
<Correlation />
<Execution ProcessID="660" ThreadID="1596" />
<Channel>Directory Service</Channel>
<Computer>NORDC1.vertrue.com</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>2013-05-16 15:26:38</Data>
<Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
<Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
<Data>90</Data>
<Data>Allow Replication With Divergent and Corrupt Partner</Data>
<Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
</EventData>
</Event> -
Adding new domain controller under tree domain
i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
ThnxIf you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
the new dc. I am making the assumption that you are using AD integrated DNS.
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
New Domain controller, DNS client settings before FSMO transfer
I recently promoted a new domain controller. It is the fourth domain controller and third in the site. I plan to decommission the other two domain controllers in the site leaving just the new one. Right now the new domain controller points
its tcp\ip client to the other other domain controller\DNS servers as primary and itself at the bottom. The other domain controllers point to themselves as primary and the newest domain controller on the bottom of the list. Clients on the network
use the original domain controllers as DNS from DHCP first and then the new domain controller DNS. Is it okay to transfer all the FSMO roles to the new domain controller or should I make all the DNS clients point to it first?Hi,
It is possible to first change your FSMO roles and after this is done then point your DNS clients to the new DC. This should not be a problem.
some interesting information about assigning your FSMO Roles: http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
Hope this helps you out. -
I have an external network hard drive with a shared music folder (WD MyBookLive), which I can access from Home Sharing and play music on my Windows computers. On my new Mac, I can see the drive and the music in Home Sharing but the tracks will not play. All the other authorized computers in my home network show up in Home Sharing and I can play the content. What's the solution?
Troubleshooting Home Sharing - http://support.apple.com/kb/TS2972
-
Itunes wont see the music on ipod classic
itunes wont see the music on ipod classic
If you can see the songs but they are "greyed out" it's because you have the iPod set to transfer songs automatically. That is also why the padlock icon appears at the bottom of iTunes next to the space used/available.
If you want the songs to be bold and selectable/editable, then you need to change to manage the content manually. -
New Domain Controller DNS Issues
Hello,
We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
The new servers have a SYSVOL and NETLOGON share as they should.
The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
as normal.
I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
ROOTDOM MYDOM
2003RDC1 2003DC1
2003RDC2 2003DC2
2008RDC1 2003DC3
2008RDC2 2003DC4
2008DC1
2008DC2
2008DC3
2008DC4
The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
Any pointers greatly appreciated.
EDIT - DCDIAG results as follows:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2008DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Central-Site\2008DC1
Starting test: Connectivity
......................... 2008DC1 passed test Connectivity
Doing primary tests
Testing server: Central-Site\2008DC1
Starting test: Advertising
......................... 2008DC1 passed test Advertising
Starting test: FrsEvent
......................... 2008DC1 passed test FrsEvent
Starting test: DFSREvent
......................... 2008DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... 2008DC1 passed test SysVolCheck
Starting test: KccEvent
......................... 2008DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2008DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2008DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... 2008DC1 passed test NCSecDesc
Starting test: NetLogons
......................... 2008DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... 2008DC1 passed test ObjectsReplicated
Starting test: Replications
......................... 2008DC1 passed test Replications
Starting test: RidManager
......................... 2008DC1 passed test RidManager
Starting test: Services
......................... 2008DC1 passed test Services
Starting test: SystemLog
......................... 2008DC1 passed test SystemLog
Starting test: VerifyReferences
......................... 2008DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : MYDOM
Starting test: CheckSDRefDom
......................... MYDOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... MYDOM passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : ROOTDOM.mycompany.co.uk
Starting test: LocatorCheck
......................... ROOTDOM.mycompany.co.uk passed test
LocatorCheck
Starting test: Intersite
......................... ROOTDOM.mycompany.co.uk passed test
IntersiteHi Kev,
>>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
of DNS records.
Besides, we can check DNS event logs to see if some related events were logged.
Best regards,
Frank Shen -
Right after I download pictures into a new album and can go to that album and see the photos, why don't they show up when I try to attach photos from that album to an email? This has happened twice before and after a week or more they finally show up as a source for an attachment to email.
Try restarting the computer
LN -
New router does not see the Internet
I replaced my MI424WR Rev. D with a new MI424WR Rev. I. The old version D work very well put I wanted the WPA2 sercuity of the the new router. I follow the instructions that came with the router and hooked up the router as instructed. Lights on the router started to light up and turn green except on: The Intnet light. After waiting ~15 minutes, I went through the usual procedure of checking the cable, unplug the router and replugging it in and resetting the router. I even reset the ONT. I was wondering is there something else I can do before having to clean out the closet and call in a tech to see if he or she can fix it.
Solved!
Go to Solution.You need to release the IP address from the old router. You can also plug in the new router and call Verizon and have them do it.
-
Client (in another domain) is not seeing the updates....
ConfigMgr 2012 SP1 is the SCCM version
It is installed on a domain called domain A. I applied a SUG to Domain A and another domain (Domain B) clients successfully. (100 % success).
However, the nodes on Domain C are not seeing the applied updates in the software centre. Of course the 'nodes' are showin in SCCM console as 'active'. I even manually added a boundary for the subnet the servers are in . But it makes
no different. I noticed that the SCEP is also not pulling AV updates. However, if I gogo -control panel-configuration manager -site-and clicked on 'Find site', them I get the message "Configuration manager has successfully found a site to manage this
client. This client is already assigned to the sire that was found".
How can I apply the SUG to the computers?Thanks guys. The problem solved.. From the above info I made a solid guess that WSUS is interfering. Then I noticed it is affecting windows 2003 (ouch) servers only. Found that there is a 'windows 2003 SCCM' policy in another domain and it is not applied
to this domain. Copied (technically exported ) it and linked it to servers OU.
All good now.
(I had to mark 3 replies as answers since each contributed).. -
How come with the new itunes, I cannot see the entire screen in itunes store?
Now in itunes store, the bottom goes into my bottom windows bar. The View - Options does nothing in Itunes store.
Minmize does not helpAs far as I know it should work like it always has. Can you see the sidebar in iTunes? If not, go to View>Show Sidebar from the iTunes menu, then click on your iPad on the left sidebar, then click on the Movies tab in the window on the right.
-
i need a help. I am new in company and have to solve this problem.
My colleague did a migration from Small Business server 2003 to Foundation 2008, about 1 year ago. After few days, he got this error message in title. Server turn off about once a month. He worked following:
joined new server Foundation to the Domain
dcpromo on new Server
migration (he said that he worked step-by-step with tutorial)
demote on old Server SBS 2003
disconnect old server from domain. This old is not in function now.
New server have just 3 computer accounts. The Forest functional level is Server 2003.
I've did dcdiag:
C:\Users\Administrator>slmgr.vbs /dli
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 03/08/2012 09:59:45
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0xC0001B61
Time Generated: 03/08/2012 10:09:56
Event String:
A timeout was reached (30000 milliseconds) while waiting for the Liv
eUpdate service to connect.
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/08/2012 10:09:56
Event String:
The LiveUpdate service failed to start due to the following error:
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : BREG
Starting test: CheckSDRefDom
......................... BREG passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... BREG passed test CrossRefValidation
Running enterprise tests on : BREG.local
Starting test: LocatorCheck
......................... BREG.local passed test LocatorCheck
Starting test: Intersite
......................... BREG.local passed test Intersite
C:\Users\Administrator>
I did nslookup:
C:\Users\Administrator>nslookup
Default Server: UnKnown
Address: ::1
and this:
C:\Users\Administrator>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server2008
Binding to server2008 ...
Connected to server2008 using credentials of locally logged on user.
server connections: q
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server "server2008" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=BREG,DC=local
Naming Master - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
PDC - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=BREG,DC=local
RID - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=BREG,DC=local
Infrastructure - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
select operation target:
Did also slmgr.vbs /dli and got:
name:Windows Server(R) ServerWinFoundation edition
Description: Windows operating System - Windows Server(R),
OEM_COA_NSLP channel
Partial product key:.......
License Status:Licensed
thanks for help, in advanceI forgot to say that it is the only DC in the domain.
and this is DNS test
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine server2008, is a Directory Server.
Home Server = server2008
* Connecting to directory service on server server2008.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=BREG,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=BREG,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2008
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER2008 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : BREG
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : BREG.local
Starting test: DNS
Test results for domain controllers:
DC: server2008.BREG.local
Domain: BREG.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Foundation (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Intel(R) 82566DM-2 Gigabit Network Connection:
MAC address is 00:19:99:86:E9:62
IP Address is static
IP address: 192.168.1.250
DNS servers:
192.168.1.250 (server2008.breg.local.) [Valid]
127.0.0.1 (server2008.breg.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: BREG.local.
Delegated domain name: _msdcs.BREG.local.
DNS server: server2008.breg.local. IP:192.168.1.250 [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone BREG.local
[Error details: 9017 (Type: Win32 - Description: DNS bad key.)]
Test record dcdiag-test-record deleted successfully in zone BREG.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) 82566DM-2 Gigabit Network Connection:
Matching CNAME record found at DNS server 192.168.1.250:
cb30439d-35e0-4add-ae6c-e7f281295520._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
server2008.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.221dc40b-9d51-48cf-a3a3-e3daf251197f.domains._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._udp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kpasswd._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.gc._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_gc._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.pdc._msdcs.BREG.local
Matching CNAME record found at DNS server 192.168.1.250:
cb30439d-35e0-4add-ae6c-e7f281295520._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
server2008.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.221dc40b-9d51-48cf-a3a3-e3daf251197f.domains._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._udp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kpasswd._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.gc._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_gc._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.pdc._msdcs.BREG.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.250 (server2008.breg.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.BREG.local. is operational on IP 192.168.1.250
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: BREG.local
server2008 PASS PASS PASS PASS WARN PASS n/a
......................... BREG.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite -
Best practise to add new domain controller 2008r2 and de-promote 2003 x86
Depending on the size of the environment and the complexity determines where the roles should be held.The PDCe role should be held on a machine that has the better hardware. It will resolve any password conflicts and account lockouts. It also keeps the time clocks synchronized across the domain.The other roles are responsible for kind of basic housekeeping across the domain and forest. Such as the Domain Naming master it is responsible for name changes across the domain.The Schema Master which is responsible for updates to the directory and the RID master which issues pools of IDs for DCs to issue for new users or computers.The infrastructure master is responsible for keeping multiple domains and forests in sync. The infrastructure master does not do a lot in a single forest single domain environment and can be placed on any DC....
Also if you are upgrading why not go right to 2012.
Might save a few years on having to upgrade again.
Here is a great guide from MS
http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-201...
-
trying to move PSE 6.0 from my old laptop to my new one. Tried the help section and no deactivate button. Where should I look?
If your in the photoshop elements 6 editor (not organizer) and don't see Help>Deactivate, then your version probably doesn't have activation.
Not all versions of pse 6 had activation.
Do you have the original media so you can install pse 6 on your new laptop? -
DNS Host (A) Rec. is Static for new Domain Controller
I was just questioned by my boss on why there are Static Host (A) records for Domain Controllers since I started and not before. The only conclusion that I can come up with is that they are new Server 2008 R2 systems. We are about to do an IP
Renumber here at the Corporate Office and this is how it was found that there are these Host (A) records.
Can someone explain to me why they are static and not dynamic now? I would also like to be pointed to some documentation so that I can present it to her if possible?This is by design.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/afd3c338-1706-4898-b269-550c018073c0/dns-entry-for-dc-not-dynamically-updating-server-2008-r2?forum=winserverDS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed97a286-d884-43d6-87e2-5cd5e59cfe9a/windows-2008-r2-domain-controllers-and-static-dns-entries?forum=winserverNIS
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.
Maybe you are looking for
-
All documents are getting modified automatically in a Doc-Lib if one doc is modified
Hi, I have an issue with my document library, if I modify one document , it affects modified date for all documents in that library. Not sure what is the issue. Did any one face this type of problem? please let me know.
-
Prevent submit if required field is empty
HI. I have input text fields that has "Required" property set to true and indeed I can see "*" sign near the field. I also have a button on he page . How do I prevent the page from being submitted if required field is empty?
-
Material Type for an import - export company
Hi all, i have this business scenario: an import-export company in Italy that does only service of import and export of goods without purchase and sales of materials. These materials enter in company's storage locations (but they're not of company's
-
Does anyone know what the technique is to stopping spam when producing: 1/ form to mail contact pages 2/ mailto links? is there a technique? other than that of using image random character way - ie : https://www.fasthosts.co.uk/login/ thanks
-
Makignone column in jtable NOT sortable
hi i am using a TAbleSorter that sun provides to sort my table JTable importsTable=new JTable(); MyTableModel model = new MyTableModel(handler.getImportableObjects()); MyTableSorter sorter = new MyTableSorter(model, 0); sorter.setTableHeader(importsT