Rename of Domain Controller

Hi,
We want to upgrade our Domain Controller from windows 2003 server to windows 2008 server. And our SAP servers are Local Domains(member servers) on windows 2003 server and we do not want to upgrade Operating System of the SAP servers. The SAP servers are the members of the Domain Control.
My Question is after rename and Upgrade of Our Domain Controller from Windows 2003 server to Windows 2008 server. Does it impact at Operating system level,SAP level and Oracle database level like Users, RFC and etc. And if it impacts then, How it impacts. What precautions have to be taken.
Our aims is after the Upgrade and rename of Domain Controller. The Business which is running on SAP servers should not impact.
Warm Regards,
MNA

> With rename do you mean changing HOSTNAME. If yes it do affect.
No.
SAP system don't run on domain controllers. Windows doesn't find its logon servers by hostname but by quering the DNS/LDAP of the domain. The procedure is described here:
http://support.microsoft.com/kb/247811
If the domain server changes (because the current server is shut down) the system queries for another one. Since there is no more hierachies in AD 2003 it does not impact at all as long as at least one DC is availalble to authenticate.
Markus

Similar Messages

Rename a Domain Controller

How do i rename Domain Controller name in Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 R2

Just be sure that all the applications you have installed in your domain can also work after a domain rename. I don't know if it is still the case (my guess is that it is), but it used to be that you could not rename a domain if Exchange was installed
in the domain. Renaming a domain is not like renaming a server. There are a lot of things tied into that domain and you need to ensure that everything you have installed in the domain will work properly after renaming the domain. In other
words, I hope you have a good lab that has your production environment replicated so you can test things there before actually renaming the production environment.
.:|:.:|:. tim

Rename Domain Controller Fails: resource in use

I have windows server 2012 64 bit. It's a domain controller. It's new, no clients are in this domain as of now.
I wish to rename the server.
I tried both way, by user interface and by netdom.
In both cases I get the error message: "The requested resource is in use".
http://technet.microsoft.com/es-es/library/cc816601%28v=ws.10%29.aspx

Hi,
Thank you for updating. I’m glad to hear that you have found the reason.
Best Regards,
Tina
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Renaming Windows Server 2012 Domain Controller with Exchange Server 2013

Is it possible to rename Windows Server 2012 Domain Controller, as we are using Exchange Server 2013 as a member server on Windows Server 2012 ?
We have some issues with the Domain Name, so want to rename..
Maybe somebody knows the best practices how to do this in best way???
Thanks.

Hello,
You should do the following:
1. Promote another DC.
2. Transfer FSMO roles to that server.
3. Decommission old DC.
4. Rename it.
5. Promote it again as DC.
Here is useful link:
http://technet.microsoft.com/en-us/library/cc782761(v=ws.10).aspx#bkmk_renamesingle.
Hope it helps,
Adam
www.codetwo.com
If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others
find the answer faster.

Can't delete defunct domain controller

I'm the admin of a software test lab. I had an Active Directory (Windows 2008 r2) domain set up mainly for DNS use on two Hyper-V VMs on separate hosts. I have had issues in the past after power outages (I don't have the budget for a UPS for
these hosts) where one or the other domain controller would become corrupt, and restoring from backup simply wouldn't work. So, I got used to rebuilding whichever one failed. I've had to do it about a dozen or so times, but when we had a power
outage last Thursday, circumstances changed.
The first DNS server came back up just fine, but the second got corrupted, again. (Pretty typical issue. It would only boot to the recovery console. Trying to use chkdsk /f would result in it telling me there were only 44 files on the C:
drive and nothing to fix.) I tried to restore it from backup, but, as usual, the host claimed it couldn't read the restore, so I deleted the VM and started over. I created a new VM and got the OS installed and updated, but I can't delete the old
DC account from the users and computer console or the config from the sites and services console. Everything tells me "directory object not found." I wound up renaming the VM and rejoining it that way, but I still can't get that old account
deleted.
What's worse is that this VM that failed was the global catalog, and AD won't let me reassign the GC role to another DC. It just doesn't do the role assignment, no error message or event log entry at all.
Anyone else run into this? Is there a fix?

Is this the link?
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
When you try with the GUI (possible since Windows 2008), is there an error message?
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

ISSUE: "This domain controller must register a DNS SRV resource record, which is required for replication to function correctly"

so we currently have three domain controllers set up, two of them on 2012r2 and one of them on 2008r2. prior to any of these domain controllers being added to the domain there was only one, running on 2003r2. the 2003r2 server was up and running when the
first 2012r2 was added and that's when running 'dcdiag /e /c /v' would yield an issue with "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local" in the DNS portion of the diagnostics, specifically:
TEST: Records registration (RReg)
Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
Error:
Missing SRV record at DNS server 192.168.22.4:
_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local
after adding the second 2012r2 to the domain, this issue is still there... adding the 2008r2 server to the domain and running BPA it gives the following:
Title:
This domain controller must register a DNS SRV resource record, which is required for replication to function correctly
Severity:
Error
Date:
7/3/2014 11:24:48 AM
Category:
Configuration
Issue:
The "DcByGuid" DNS service (SRV) resource record that advertises this server as an available domain controller in the domain and ensures correct replication is not registered. All domain controllers (but not RODCs) in the domain must register this record.
Impact:
Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
Resolution:
Ensure that "DcByGuid" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local", pointing to the local domain controller "CM-DC4-NY01.cmedia.local", is registered in DNS.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126968
I've tried scanning and then re-scanning every single entry in DNS Manager and do not see any reference to this specific GUID mentioned, nor do I see any other domain controllers referenced that should not be in there. The two 2012r2 and the 2008r2 domain
controllers are the only ones listed in DNS Manager... the 2003r2 mentioned earlier failed and was removed.

Just to chime in, I noticed that you said you have one 2008 R2 DC, and two 2012 DCs.
I also noticed in the ipconfig /all that all DCs are pointint to themselves for DNS. We usually like to see them point to a partner, then itslelf as the second entry, w hether loopback or by its own IP.
Based on that, what I suggest to level the playing field by choosing the WIndows 2008 R2 DC as the first DNS on all DCs and only administer DNS using that DC. The reason I chose that is because of the least common denominator is what we rather use so we
don't invoke any new features in the newer 2012 DNS console that 2008 R2 may not understand. After that's done, on each DC run (and you can use a PowerShell window to run this):
Rename the system32\config\netlogon.dns and netlogon.dnb files by suffixing ".old" to the file.
ipconfig /registerdns
net stop netlogon
net start netlogon
Then re-run the dcdiag /e /c /v.
Post your results, please.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I thought the DNS entries were supposed to be the other way around? point to themselves first and a partner as secondary? regardless, as requested, I've changed it to what you've prescribed where they point to the 2008r2 server as the primary with themselves
as the secondary. I've also followed the steps to what seems like refreshing the DNS? on each of the DCs. Here's the output from dcdiag /e /c /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine CM-DC1-NY01, is a Directory Server.
Home Server = CM-DC1-NY01
* Connecting to directory service on server CM-DC1-NY01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory
=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia
,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt
DSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC1-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC3-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC4-NY01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Advertising
The DC CM-DC1-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC1-NY01 is advertising as an LDAP server
The DC CM-DC1-NY01 is advertising as having a writeable directory
The DC CM-DC1-NY01 is advertising as a Key Distribution Center
The DC CM-DC1-NY01 is advertising as a time server
The DS CM-DC1-NY01 is advertising as a GC.
......................... CM-DC1-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
[CM-DC1-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC1-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC1-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC1-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC1-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC1-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
......................... CM-DC1-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC1-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC1-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC1-NY01\netlogon
Verified share \\CM-DC1-NY01\sysvol
......................... CM-DC1-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC1-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC1-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC1-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC1-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4609 to 5108
* rIDPreviousAllocationPool is 4609 to 5108
* rIDNextRID: 4629
......................... CM-DC1-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC1-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000002F
Time Generated: 07/08/2014 13:19:14
Event String:
Time Provider NtpClient: No valid response has been received from manually configured peer 0.ca.pool.ntp.org
after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a n
ew peer with this DNS name. The error was: The peer is unreachable.
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC1-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC1-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC1-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC1-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Advertising
The DC CM-DC3-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC3-NY01 is advertising as an LDAP server
The DC CM-DC3-NY01 is advertising as having a writeable directory
The DC CM-DC3-NY01 is advertising as a Key Distribution Center
The DC CM-DC3-NY01 is advertising as a time server
The DS CM-DC3-NY01 is advertising as a GC.
......................... CM-DC3-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC3-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC3-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC3-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC3-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC3-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC3-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC3-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC3-NY01 on DC CM-DC3-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
......................... CM-DC3-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC3-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC3-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC3-NY01\netlogon
Verified share \\CM-DC3-NY01\sysvol
......................... CM-DC3-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC3-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC3-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC3-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC3-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15109 to 15608
* rIDPreviousAllocationPool is 15109 to 15608
* rIDNextRID: 15110
......................... CM-DC3-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC3-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC3-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC3-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC3-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC3-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Advertising
The DC CM-DC4-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC4-NY01 is advertising as an LDAP server
The DC CM-DC4-NY01 is advertising as having a writeable directory
The DC CM-DC4-NY01 is advertising as a Key Distribution Center
The DC CM-DC4-NY01 is advertising as a time server
The DS CM-DC4-NY01 is advertising as a GC.
......................... CM-DC4-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC4-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC4-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC4-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC4-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC4-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC4-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC4-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC4-NY01 on DC CM-DC4-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
......................... CM-DC4-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC4-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC4-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC4-NY01\netlogon
Verified share \\CM-DC4-NY01\sysvol
......................... CM-DC4-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC4-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC4-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC4-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC4-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15609 to 16108
* rIDPreviousAllocationPool is 15609 to 16108
* rIDNextRID: 15609
......................... CM-DC4-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC4-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC4-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC4-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC4-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC4-NY01 passed test VerifyReplicas

DFSR Replication Event ID 1202 The DFS Replication service failed to contact domain controller Additional Information: Error: 160 (One or more arguments are not correct.)

Hi,
hummmm...
The client had 1 Server with AD and All Apps, IIS, Terminal Servers (30 device Cal), File Server, SQL2008R2 on it
Task: Install new AD server promote it to DC, bring in 2nd server, Replicate the File Server (DFSR) on these 2 servers, and demote it to standard server.
1) Old AD with name "Server" with OS-2008R2 SP1 and is a DC.
2) Brought in a new server "PrimaryAD", Installed 2008R2, done DC Promo, and added it as Additional Domain controller
3) Transferred roles from old server "Server" to "PrimaryAD"
4) Brought in a new File Server replicating server "Backup-Server"
5) Copied all the data from Server to Backup-server as DFS initial file sync with robocopy
6) here the problem started, after the copy finished, next morning the "Server" server crashed.....
7) thank god the data was backed up on Backup-server. but we didnt get the time to Demote the server "Server" and remove AD from it.
8) Since AD was replicated so "PrimaryAD" was are DC, brought 2nd Server "SecondaryDC" as additional domain controller.
9) we cleaned up the metadata and used ASIEDIT to clean the remaining stuff.
10) the "Server" server was formatted and renamed as "Primary-Server" and OS2008R2 SP1 was installed with rest of required apps
11) so now the PrimaryAD the DC, SecondaryAD the Additional Domain controller, Primary-Server the mail server and File server, the Backup-server, the replicated server.
Now configured DFS Replication from Primary-Server to Backup-server and receive following Event ID 1202
If i Configure DFS Replication as follows
PrimaryAD <<>> SecondaryAD -= Works... no errors...
PrimaryAD <<>> Backup-Server = Creates but Dosent works Event ID 5012, error The DFS Replication service failed to communicate with partner BACKUP-SERVER, Additional Information: Error: 9026 (The connection is invalid)
PrimaryAD <<>> Primary-Server = Dosent creates replication job just hangs,
on primaryad continious Eveni ID 10009, DCOM was unable to communicate with the computer "SERVER" using any of the configured protocols
......something on PrimaryAD is still trying to connect to old corrupt AD server "Server"
No errors with AD replication, SYSVOL & Netlogon shares also working fine and accessible.
DFS Diagnose report says
DNS name: backup-server.mydomain.com
Domain name: mydomain.COM
Reference domain controller: -- (HERE there is NO DOMAIN CONTROLLER mentioned)
IP address: 192.168.1.248,192.168.1.251,::1
Site: Default-First-Site-Name
Forgot to mention, gave full rights with ADSIEDIT to DFSR-LocalSettings for all server to Administrator and read permissions to "Authenticated Users"
DFSRDIAG POLLAD throws following error
c:\Dfsrdiag pollad /verbose
[INFO] Computer Name: BACKUP-SERVER
[INFO] Computer DNS: Backup-Server.mydomain.COM
[INFO] Domain Name: mydomain
[INFO] Domain DNS: mydomain.COM
[INFO] Site Name: Default-First-Site-Name
[INFO] Connected to WMI services on computer: Backup-Server.mydomain.COM
[INFO] Invoke PollDsNow() method on Backup-Server.mydomain.COM
[ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
[ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
Can anyone point me to any direction which can lead to resolution of this ERROR and make DFS_R work..
Thanks
bikram

Hi,
It seems that DCPROMO did its work without complaints, still the DFSR references remained in AD. You could refer to the article below to clean up the DFS Replication object.
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498
In additional, please refer to the following thread to troubleshoot the issue:
DFS is not working anymore.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Promote this server to a domain controller still appears

Hi All, I've change one DC 2003 with a new DC 2012 in my forest (I've 4 DC e 3 sites) following these steps:
1 - Demote DC 2003
2 - Remove DNS 2003 Role
3 - Rename e change IP on Server 2003
4 - Waiting and verify replica
5 - Give the same Hostname and IP of Server 2003 to New DC 2012
5 - Add Role AD Directory Service and when finished I use the notification "promote this server to a domain controller" to promote it to a member domain controller.
6 - After reboot the notification STILL APPEARS, but it result as a DC and all work fine.
Any help me?
Thanks

Hi Federico,
Can you please confirm, whether you are seeing the notification as given in the below screenshot,
This notification implies that “Active Directory Domain Services” role binaries have been installed and now it is time to promote the server to a Domain Controller.
Checkout the below link on Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller,
http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
Regards,
Gopi
www.jijitechnologies.com

My New domain controller wont see the pdc

hi, i have a windows 2003 pdc that is the only one on the network, previous IT people did not have a BDC or system back up. Now the current domain controller is giving trouble, i tried to install a secondary 2003 domain controller (BDC) but it dose not see
the primary domain controller and it wants to be the pdc. The problem is how ever i want to keep all the previous user accounts and settings in the ad. I have tried using admt but it dose not recognise another dc how can i transfer all user info stored in
the active directory.

Hi scipiotechadmin,
Is the function level of your domain is Windows Server 2003? If so, you can use the Windows Server 2003 Active Directory Domain Rename Tools which can provide a security-enhanced and supported methodology to rename one or more domains (as well as application
directory partitions) in a deployed Active Directory forest:
Windows Server 2003 Active Directory Domain Rename Tools
For your information, please refer to the following articles to get more help:
What Is Domain Rename?
How Domain Rename Works
Regards,
Lany Zhang

Sharepoint 2010 Can't be accessed after becoming a domain controller

Hi! I have installed Sharepoint 2010 on Windows server 2008 R2, which is was working fine until I became a domain controller. My computer name was changed to "originalname.mydomain.com" . Then,
I also renamed my original name to something else. So, the full name is completely new!
I used all sort of available solutions, such as:
Rename-SPServer [-Identity] <OriginalServerName> -Name <NewServerName>
AND
stsadm -o renameserver -oldservername <oldServerName> -newservername -<newServerName>
using Powershell, but both are giving me this error:
The '<' operator is reserved for future use.
At line:1 char:40 + stsadm -o renameserver -newservername < <<<< DC.DAVOKA.COM> -oldservername <w
in-eli768388rh> + CategoryInfo : ParserError: (<:OperatorToken) [], ParentContain
sErrorRecordException + FullyQualifiedErrorId : RedirectionNotSupported
Moreover, all my SQL services are running.
Thanks in advance!

I would have though that running IIS on a domain controller is going to be full of problems, IIS by it's nature allows anonymous access, not something you want on a domain controller. Unless you are seriously limited on hardware, I would keep them
separate.
Renaming SharePoint servers after installation also brings up a handle of problems, there are resources on Technet on how to do it as well as various posts in this forum, the over-riding recommendation is decide on the server names before you install and
then stick to them.
Check out these resources regarding installing SharePoint on a domain controller, looks like there are a few things to consider.
Issues to consider when you install SharePoint Foundation 2010 or SharePoint Server 2010 on a Domain Controller
Installing SharePoint 2010 on a Domain Controller

Upgrading Domain Controller Questions

Hello, we currently have 2 domain controllers in our environment, both with Server 2003 R2. We are looking to upgrade them one at a time to 2008 R2 but I have some questions.
Here's the environment:
Server 1 (the one we are going to upgrade first):
Server 2003 R2
Domain Controller
DHCP Server
DNS Server
Server 2 (we will be upgrading this in the near future but not just yet):
Server 2003 R2
Domain Controller
DHCP Server
DNS Server
File Server with most of the company data
We also have DNS replication set up between the two servers.
My questions:
Will we run into any issues having two domain controllers with different Operating Systems?
We would like for the domain controllers to keep the same names and IP's. Any issues with that?
How will we stop, then re-setup DNS replication between the two servers?
Any other 'gotcha's' we should be aware of?
Dan Chandler-Klein

I don't see any reason why not keeping old name and IP.
Before upgrading make sure AD has no issues:
look at the event viewer, run DCDiag, replication runs clean (repadmin /showrepl) etc.
OS has no warning/errors.
Not must but I would move the FSMO roles to another DC before demote.
Make sure applications installed on the new DC's (AV\Backup agents etc.) support Windows 2008 R2 OS.
Make sure all your network applications in your environment support working with Windows 2008 R2 DC - I recommend test it in lab first.
Make sure that the DC you are about to demote not holding CA role.
Most important:
Make sure you successfully demote the old DC and no records left in DNS.
I'm not agree with evrimicelli about DC's naming and I wouldn't go for CNAME record - this can get you in many troubles in the future.
after demote the old DC, I would rename it or remove it from the domain, than you can rename the new server with old Dc name and promote it to DC with old DCs' IP address.
I didn't understand the question about DNS replication.
What kind of DNS zone do host? if its AD integrated (and thats what you should have), you don't need to configure any replication, AD integrated DNS zone replicate as part of AD replication between your two DC's.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

Rename PC - global controller

hi there,
need help please.
we have cloned server which act as Global controller. since we need to run those server together, we need to rename one of those.
the problem is, we can't just rename it like ordinary pc. we tried, but then the server can't be logged in.
how to rename this kind of server (PC)?
the server specification:
windows server 2008 enterprise SP2, 32 bit.
the server role is forest domain.
thanks in advance

Hello,
hopefully this doesn't mean Domain controller "we have cloned server which act as Global controller"???
A domain controller CAN NEVER be cloned and use just with renaming again!!!
Every machine in a Windows domain MUST have a unique SID, which requires that SYSPREP is used to clone/image machines for easier installation.
So if you have cloned a domain controller do NEVER start this one on the same network as the original installed machine and delete that server immediately.
YOU WILL RUN INTO MULTIPLE PROBLEMS working this way!!!
To have the recommended 2 DC/DNS/GC per domain install a second server, join it to the domain and then promote it to DC in an existing domain. Also make it DNS/GC during installation. Assure to use ONLY the existing DC/DNS server on the NIC as preferred
DNS server and NONE else. That can be changed later on after the new server has replicated from the existing DC.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Change Account name on my domain controller without losing my data

Hello every one
I need to ask an important Question for me
On my domain controller i create a new user on my active directory " EX : Hashem Hamdy and account is : Hashem " after that i make some modification on my network and i need to rename this user and change log in account from " Hashem
to Hashem_Hamdy " without losing data on my desktop , email configuration
can any one help me please

Hi,
You can rename the AD account the SID will till rename the same, so the logon profile will be kept. The logon profile folder on the local machine will still remain with the old username and everything within the profile will be there.
Below is a link with some of the implications here. Pay attention on the profile path and home folder in case you have these populated at user properties, you'll have top update as well.
http://blog.foreignkid.net/2010/07/rename-ad-account-what-about-the-windows-profile/
Regards,
Calin

Os x lion keeps dropping connection to domain controller

What is the story with OS X Lion. It keeps losing connection to a Windows domain controller after a restart. Ive come back to my lab after the weekend and nealry 30 out of the 50 imacs that were on the domain are saying domain controller not responding resulting in network accounts unavailble. Meaning NO-ONE CAN LOG ON.......!!!!!!!!
ITS A JOKE.....
I hold out no hope for an official reponse from someone from apple to address this issue. In the meantime Ill just keep unbinding them, deleting the computer object from AD, force replication on all DCs', repair permission on the HD of the iMAC, rename it and rebind it to the domain. Then I will do that for all the other 29 iMACs that have lost connection to the domain....BECAUSE I HAVE NOTHING BETTER TO DO WITH MY DAY.....!!!!!!!!!!!!!!!!!!!!!!!

Hello fellow Mac users,
The root cause of this issue will be different for everyone as it’s usually some rogue app or process that isn’t working properly. In my case it was a Symantec utility called ‘SymUIAgent.app’.
Follow these steps to identify what specifically is causing the issue on your computer
Save the code on this file to your desktop using the filename id_issue.py: https://gist.github.com/iMerica/8928556/raw/73832a509de4dc5394cf1747b997ea1bd1b0 ff4e/identify_focus_issue.py
Open Terminal.app (Located in /Applications/Utilities)
In Terminal, cd to your Desktop using cd ~/Desktop
Run python id_issue.py and just let your computer sit for a few minutes (assuming the issue is happening within a few minutes/seconds).
Basically this code gets the current active window every three seconds and prints it as standard output which you can view in Terminal. Once you find the offending app, search on Google for specific steps on removing it.
I hope that helps!
Michael

Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information.
I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is.
The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
setup.)
For 6+ months everyone had access to the shared files and databases on each workstation without issue.
In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already.
Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
no logon servers available to service the logon request”. While access is rejected I’m still able to ping the DC both via its name and IPV4 address.
(Pinging via its name results in an IPv6 address in the response.)
Other network connectivity appears intact (able to browse the web, perform network discovery.)
Things that ‘seem’ to allow access on this computer until the next failure:
Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username.
Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
Most Problematic Computer:
Event ID 8016: System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.)
Event ID 131: NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’
‘No such host is known.”
Event ID 5719: NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
Event 1030: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
Ipconfig/all from the server:
   Connection-specific DNS Suffix
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
   Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
10.1.10.1
   DHCPv6 IAID . . . . . . . . . . . : 234638804
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
   DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ipconfig/all from the problematic computer:
Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix
. : wp.comcast.net
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
   Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
rred)
   Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
   Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
   Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
10.1.10.1
   DHCP Server . . . . . . . . . . . : 10.1.10.1
   DHCPv6 IAID . . . . . . . . . . . : 54535618
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
                10.1.10.42
   NetBIOS over Tcpip. . . . . . . . : Enabled
Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next. Could a failing piece of hardware be the culprit?
Thanks,
-JT

Hi,
According to the error you have posted.
A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
Netlogon 5719 and the Disappearing Domain [Controller]
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
Did you refer to this KB article?
Event ID 5719 is logged when you start a Domain Member
http://support.microsoft.com/kb/938449
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Rename of Domain Controller

Similar Messages

Maybe you are looking for