windows server 2008 r2

when I restart any of my dns services on any of my integrated secure dns servers on my DC's I get this error 4010 errors:

I am running DCDiag on the domain controller (windows server 2012) "dcdiag /c /q" and getting some errors. At one time there were 2 DC's but I removed the secondary using remove features. Apparently it has left some information around. I have used various editing tools to clean up DNS, AD etc. but apparently have not gotten all traces removed. DFS Replication log has the following error.

Lee

Can anyone point me to the righ place?

I have a Wndows 2003 Active directory with an Exchange 2003 server, i want to upgrade to Active directory 2012 and Exchange 2010.

Is there any migration path?

Thx!

During a Project for my college, where I will use multiple Microsoft Servers, I found out a problem that I could replicate from scratch.

Environment: VMware Workstation 9.0.1
-Server 1-
Site: Site1
SO: Windows Server 2012 with a GUI
Name: DC-GUI-01
IP: 10.10.5.100/24
DNS: 10.10.5.100

-Server 2-
Site: Site2
SO: Windows Server 2012 Server Core
Name: DC-CORE-02
IP: 10.10.6.200/24
DNS: 10.10.6.200

Configuration: Both servers with same hardware and connected to different virtual networks correctly configured (as I have fully communication between both site).

Procedures:

1 - Install both servers normally, with all the updates;
2 - On Server 1 Install Role Domain Services and create a domain called contoso.local, pretty straight forward (next, next, finish), and after confirm that it is working correctly (event logs, DNS, sysvol, etc);
3 - On Server 1 configure Sites and Services (Site, Subnet, IP connectivity, etc);
4 - On Server 2 disable windows firewall by running "netsh advfirewall set allprofiles state off" (just in case) and confirm bi-direccional communication;
5 - Add Server 2 to the contoso.local domain using sconfig;
6 - Logon with the Domain Administrator user in Server 2;

- At this stage everything is working just fine. I can create users in Active Directory and give them permissions on shared folders created on Server 2, etc. No problem at all. -

(Sorry I cannot post images...) dl.dropbox.com/u/13587974/Pic1.jpg

7 - On Server 2 install Domain Services by running "get-windowsfeature AD-Domain-Services | install-windowsfeature" in Powershell;
8 - On Server 2 promote to Domain Controller by running "Install-ADDSDomainController –DomainName contoso.local";
(I have tried also installing and promoting remotely through Server 1 Server Manager, it didn't helped);
9 - Confirm DNS Records (SRV), Sites and Services, etc, that everything is correctly done.

Problem:
From now on, with both GUI and Core as Domain Controllers, on different Sites, I can't no longer give permissions to any AD User as it simply doesn't show up when searching for Users:

dl.dropbox.com/u/13587974/Pic2.jpg

Note that you can't see anymore the _Technet User that I have created in AD.

Also, in Active Directory Users and Computers, if I right Click, go to Change Domain Controller and select the DC-CORE-02, I get the "Server is not Operational" message:

dl.dropbox.com/u/13587974/Pic3.jpg

In DC-CORE-02 Event Viewer the only error I have that I think could be related is this one:

"Log Name:      System
Source:        LsaSrv
Date:          12/02/2013 14:07:29
Event ID:      6038
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC-CORE-02.contoso.local
Description:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.

NTLM is a weaker authentication mechanism. Please check:

      Which applications are using NTLM authentication?
      Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
      If NTLM must be supported, is Extended Protection configured?

Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
    <EventID Qualifiers="0">6038</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-12T14:07:29.000000000Z" />
    <EventRecordID>1564</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>DC-CORE-02.contoso.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>"

All my searches about this problem turned out to not have any solution for my case.

If I put this Server Core in the same Site (Site1) as the DC-GUI-01, this problem doesn't happen.

Can someone help?

Domain info:

MS Server 2008 R2

Domain members are XP/Win7/Server 2003/Server 2008 R2

I had a Forest domain.com with 4 child domains that we will call child1.domain.com, etc all pointing to the same parent.

We condensed these down to a single domain in order to eliminate the child domains. Now all we have is domain.com. child2.domain.com was shutdown and reloaded improperly and required metadata cleanup to eliminate the old data. This was completed successfully. We only want the domain.com to exist

Current status is:

Active Directory Domains and Trusts shows ONLY domain.com

Active Directory Sites and Services shows ONLY domain.com

Active Directory Users and Computers shows ONLY domain.com

DNS shows ONLY pointers and records for domain.com

Problem

When I go to edit a folder and add permissions to a folder or file and the normal box shows up and I hit the "locations" button, I still see child2.domain.com and and older forest that existed before I worked here. If I try to expand child2.domain.com it lets me but there is nothing in there. Same thing for that ancient single domain forest. These are orphaned objects and need to be removed. When I open metadata cleanup I can only see 1 domain, 1 naming context, and 1 site just like the GUI shows. I want this to populate over to  this selection screen. Also of note my XP machines still show these old domains as well on the logon screen. We are NOT running WINS of any kind.

Help? Thoughts?

Hi,

I have a forest setup similar to the following (apologies for the poor diagram)

I have been trying to query the entire Forest Structure using 3268, pointing it to a global catalog on contoso.com but it keeps failing with invalid credentials or lookup referal errors. Is what I am trying to do here even possible or is there another best practice method for doing this?

Thanks in advance

Regards

Chris 

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine syd-dc-pri, is a DC.
   * Connecting to directory service on server syd-dc-pri.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 91 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
  
   Testing server: Sydney\SYD-DC-PRI
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SYD-DC-PRI passed test Connectivity

Doing primary tests
  
   Testing server: Sydney\SYD-DC-PRI
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         REPLICATION-RECEIVED LATENCY WARNING
         SYD-DC-PRI:  Current time is 2013-02-11 14:06:32.
            DC=ForestDnsZones,DC=zimmer,DC=com
               Last replication recieved from BEI-DC-PRI at 2013-01-07 20:58:36.
               Latency information for 43 entries in the vector were ignored.
                  43 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            CN=Schema,CN=Configuration,DC=zimmer,DC=com
               Last replication recieved from BEI-DC-PRI at 2013-01-07 20:58:24.
               Latency information for 209 entries in the vector were ignored.
                  209 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            CN=Configuration,DC=zimmer,DC=com
               Last replication recieved from BEI-DC-PRI at 2013-01-07 20:58:11.
               Latency information for 209 entries in the vector were ignored.
                  209 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=zimmer,DC=com
               Latency information for 87 entries in the vector were ignored.
                  6 were retired Invocations.  81 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=nam,DC=zimmer,DC=com
               Latency information for 115 entries in the vector were ignored.
                  43 were retired Invocations.  72 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=eur,DC=zimmer,DC=com
               Last replication recieved from BEI-DC-PRI at 2013-01-07 20:58:28.
               Latency information for 117 entries in the vector were ignored.
                  62 were retired Invocations.  55 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=DomainDnsZones,DC=pac,DC=zimmer,DC=com
               Latency information for 8 entries in the vector were ignored.
                  8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=pac,DC=zimmer,DC=com
               Latency information for 73 entries in the vector were ignored.
                  73 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=jpn,DC=zimmer,DC=com
               Latency information for 104 entries in the vector were ignored.
                  18 were retired Invocations.  86 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=zmr,DC=zimmer,DC=com
               Latency information for 86 entries in the vector were ignored.
                  3 were retired Invocations.  83 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
         ......................... SYD-DC-PRI passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SYD-DC-PRI.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=zimmer,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=pac,DC=zimmer,DC=com
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=pac,DC=zimmer,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=zimmer,DC=com
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=zimmer,DC=com
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=zmr,DC=zimmer,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=jpn,DC=zimmer,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=nam,DC=zimmer,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=eur,DC=zimmer,DC=com
            (Domain,Version 2)
         * Security Permissions Check for
           DC=zimmer,DC=com
            (Domain,Version 2)
         ......................... SYD-DC-PRI passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SYD-DC-PRI\netlogon
         Verified share \\SYD-DC-PRI\sysvol
         ......................... SYD-DC-PRI passed test NetLogons
      Starting test: Advertising
         The DC SYD-DC-PRI is advertising itself as a DC and having a DS.
         The DC SYD-DC-PRI is advertising as an LDAP server
         The DC SYD-DC-PRI is advertising as having a writeable directory
         The DC SYD-DC-PRI is advertising as a Key Distribution Center
         The DC SYD-DC-PRI is advertising as a time server
         The DS SYD-DC-PRI is advertising as a GC.
         ......................... SYD-DC-PRI passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SB-DC-ROOT,CN=Servers,CN=ZimmerRoot,CN=Sites,CN=Configuration,DC=zimmer,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=SB-DC-ROOT,CN=Servers,CN=ZimmerRoot,CN=Sites,CN=Configuration,DC=zimmer,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=SYD-DC-PRI,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=SYD-DC-PRI,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SYD-DC-SEC2,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com
         ......................... SYD-DC-PRI passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 60112 to 1073741823
         * syd-dc-pri.pac.zimmer.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 58612 to 59111
         * rIDPreviousAllocationPool is 57612 to 58111
         * rIDNextRID: 58007
         ......................... SYD-DC-PRI passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SYD-DC-PRI on DC SYD-DC-PRI.
         * SPN found :LDAP/syd-dc-pri.pac.zimmer.com/pac.zimmer.com
         * SPN found :LDAP/syd-dc-pri.pac.zimmer.com
         * SPN found :LDAP/SYD-DC-PRI
         * SPN found :LDAP/syd-dc-pri.pac.zimmer.com/PAC
         * SPN found :LDAP/5a1135e4-c04d-46d4-8154-46c53e30ca30._msdcs.zimmer.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5a1135e4-c04d-46d4-8154-46c53e30ca30/pac.zimmer.com
         * SPN found :HOST/syd-dc-pri.pac.zimmer.com/pac.zimmer.com
         * SPN found :HOST/syd-dc-pri.pac.zimmer.com
         * SPN found :HOST/SYD-DC-PRI
         * SPN found :HOST/syd-dc-pri.pac.zimmer.com/PAC
         * SPN found :GC/syd-dc-pri.pac.zimmer.com/zimmer.com
         ......................... SYD-DC-PRI passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SYD-DC-PRI passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         SYD-DC-PRI is in domain DC=pac,DC=zimmer,DC=com
         Checking for CN=SYD-DC-PRI,OU=Domain Controllers,DC=pac,DC=zimmer,DC=com in domain DC=pac,DC=zimmer,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SYD-DC-PRI,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com in domain CN=Configuration,DC=zimmer,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... SYD-DC-PRI passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SYD-DC-PRI passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... SYD-DC-PRI passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SYD-DC-PRI passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00003006
            Time Generated: 02/11/2013   13:51:49
            (Event String could not be retrieved)
         ......................... SYD-DC-PRI failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=SYD-DC-PRI,OU=Domain Controllers,DC=pac,DC=zimmer,DC=com and

         backlink on

         CN=SYD-DC-PRI,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=SYD-DC-PRI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=pac,DC=zimmer,DC=com

         and backlink on

         CN=SYD-DC-PRI,OU=Domain Controllers,DC=pac,DC=zimmer,DC=com are

         correct.
         The system object reference (serverReferenceBL)

         CN=SYD-DC-PRI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=pac,DC=zimmer,DC=com

         and backlink on

         CN=NTDS Settings,CN=SYD-DC-PRI,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=zimmer,DC=com

         are correct.
         ......................... SYD-DC-PRI passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
  
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
  
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
  
   Running partition tests on : pac
      Starting test: CrossRefValidation
         ......................... pac passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... pac passed test CheckSDRefDom
  
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
  
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
  
   Running enterprise tests on : zimmer.com
      Starting test: Intersite
         Skipping site Nishi-Nihon, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Canberra, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Malaysia, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Paris, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Cedar-Knolls, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Hong-Kong, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Bangkok, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Memphis, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Ponce, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Parsippany, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site ZimmerRoot, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Dover, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Montreal, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Statesville, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Carlsbad, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Biologics, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Shannon, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site WarsawEUR, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Shanghai, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site WarsawJPN, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Vittorio, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Rennes, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Freiburg, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Utrecht, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Catania, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Singapore, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Austin, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Eschbach, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Mississauga, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Prague, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Seoul, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Johannesburg, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Beijing, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Chengdu, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Guangzhou, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Etupes, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Shanghai-Warehouse, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site WarsawPAC, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Russia, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site India, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Lyon, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Taipei, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Swindon, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Beirut, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Melbourne, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Perth, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Spain, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Warsaw, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Belgium, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Munsingen, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Bordeaux, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Milan, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Auckland, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Lisbon, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Adelaide, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Gothenburg, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Helsinki, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Brisbane, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Ankara, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site India-ZBS, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Austria, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Geneva, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site London, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Winterthur, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Rungis, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Singapore-DC, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Gotemba, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Minneapolis, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Kamiyacho, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Sydney, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Beijing-Montagne, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site Shanghai-TCS, this site is outside the scope provided by

         the command line arguments provided.
         Skipping site Malaysia-ZPWH, this site is outside the scope provided

         by the command line arguments provided.
         Skipping site FreiburgDental, this site is outside the scope provided

         by the command line arguments provided.
         Skipping site Budapest, this site is outside the scope provided by the

         command line arguments provided.
         Skipping site Cardedeu, this site is outside the scope provided by the

         command line arguments provided.
         ......................... zimmer.com passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\syd-dc-pri.pac.zimmer.com
         Locator Flags: 0xe00001fd
         PDC Name: \\syd-dc-pri.pac.zimmer.com
         Locator Flags: 0xe00001fd
         Time Server Name: \\syd-dc-pri.pac.zimmer.com
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\syd-dc-pri.pac.zimmer.com
         Locator Flags: 0xe00001fd
         KDC Name: \\ syd-dc-pri.pac.zimmer.com
         Locator Flags: 0xe00001fd
         ......................... zimmer.com passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS

No replication issue noticed in Replmon or repadmin....Is something i have to worry about how can i check what it is for

Note: we have multiple domains in forest and seeing the same on all DC's

I'm installing a 2008R2 DC on my network with 2 other existing 2003 servers.  I set up AD on the 2008 server and ran DCDIAG /v /c /d /e on one of the 2003 machines.

The 2008 server only did the AUTH part of the DNS and it returned:

Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

                  [Error details: 5 (Type: Win32 - Description: Access is denied.)]

               Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.

               Total WMI connection time:0 min. 0 sec. Total Netuse connection time:0 min. 0 sec.

We are not running BIND , the firewall is disabled on the 2008 server, there is no AV on the 2008 server but there is AV one of the 2003 servers but not the one that I ran the DCDIAG on.

Greetings,

     I have multiple pelco IP cameras in a stand alone domain and would like to make them accessible from select computers within a separate domain.  The "pelco domain" was previously accessed by a stand alone computer with no outside access.  All of the Digital Video Recorders and cameras have IP addresses separate from the other "work domain"

Here's the pieces involved: Pelco 8100 DVRs, Cisco POE48 switches, windows Server 2003 R2 (work domain), Windows 7 and xp client computers, Sonic wall NSA 250 firewall

Can I just plug the "pelco domain" into the switch and configure the stand alone computer to address both domains?  Or would I have to configure the "work domain" controller to address the "pelco domain".

Security of the "pelco domain" and tightly controlled access to the cameras and recordings on it would be a major factor.  VPN access through the firewall is desirable.

Any suggestions you experts may have would be greatly appreciated. 

Thanks in advance,

Jeff

Pretty new domain, and domain controller, running server 2012 as a Hyper-V VM.

Getting this error when it reboots.  I have done a chkdsk, thinking maybe the vhdx file is corrupt in some way.  Have also checked the system log for events talking about file corruption.  Nothing.

The disk in question has 10+ GB free, so disk space is not an issue.  I ran dcdiag /q /a & it told me that DFSR has logged events in the last 24 hours, but nothing else.  AD seems to think everything is cool.

Not sure what to look at next...  Thanks for any pointers/help.

Hello,

I have 2 forests:

- Forest 1(AD 2008): composed of root domain (domain A) and child domain (domain B).

- Forest 2 (AD 2003): composed of one domain (domain C).

Each domain is located on different VLAN. which Kerberos, RPC, NetBIOS, LDAP, SMB network ports are open

                  - between domain A and domain B.

                  - between domain B and domain C

I want to create a forest trust between domain A and domain C without opening the network port (Kerberos, RPC, NetBIOS, LDAP, SMB) from Domain A to domain C.

- I failed to create it when using AD domain and trust management console on domain A PDC.

- I succeded to create it when using AD domain and trust management console on domain B PDC. (i selected the root domain and create the trust)

Questions:

- How we can explain this ability to create a trust relationship between two domains which the PDCs are not able to communicate together directly.

- Is Forest trust stored on configuration partition rathen than domain partition ?

- do have any problems in the future ?

Thanks

I have successfully created a one-way trust between two forests of separate organizations.  Unfortunately, I cannot configure Selective Authentication in the Trusting domain, nor assign permissions for user groups in the trusted domain without providing account credentials for the trusted domain.  Does this mean a domain for a separate organization has to create an administrator account for the Trusting domain?  No matter which way I do this, I get the same results.  I am prompted for an account in the other domain.  Shouldn't I be able to pull Global Group over the trust without having to provide admin credentials?  Isn't that what the trust is for?

Jason Yates

Hello people,

I'm struggling with this issue from about an year.

A long time ago we had an improper decommissioned DC from a sub zone of our domain. In this case: lig.contoso.com

After the unclean removal some traces of that domain still persists in my AD and I can't remove it.

Theres an user named: CN=$LIG owned by the SAM Account, that does no show up in ADUC but show in ADSI.

When I try to remove it using ADSIEdit, I always got:

Thanks in advance,

Regards, Nidhin.CK

Dear All,

This is regrading FSMO role transfer when DC has gone done and details are as below:

We are assuming that we  have 2 Server, one is Domain Controller and Second is Additional Domain Controller and everything is going on properly but suddenly DC has stuck after restarting, DC OS has been crashed in the mean time how will transfer FSMO roles (SCHEMA,DOMAIN NAMING MASTER) to the ADC. What will planning for Roll back?

Pradip Sisodiya

A single Windows 2003 DC (so no replication as there is only one DC) is reporting problems in DCDIAG.

Before I add references as suggested in Knowledge Base Article: Q312862 I want to understand why a domain with one DC is trying to replicate.

I do not have the whole history of the domain, but there may have been other DCs in the past. There was also a WINS server which I have got rid of and there were some network issues which are also resolved. It as and SLD and I need to sort this all out before either trying to rename it or using ADMT to move to a properly named domain. This DC has had forestprep run on it for promoting to 2008, but domainprep failed, and that is where I got involved.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
  
   Testing server: Default-First-Site-Name\MY-SERVER
      Starting test: Connectivity
         ......................... MY-SERVER passed test Connectivity

Doing primary tests
  
   Testing server: Default-First-Site-Name\MY-SERVER
      Starting test: Replications
         ......................... MY-SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... MY-SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... MY-SERVER passed test NetLogons
      Starting test: Advertising
         ......................... MY-SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MY-SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MY-SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... MY-SERVER passed test MachineAccount
      Starting test: Services
         ......................... MY-SERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... MY-SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MY-SERVER passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... MY-SERVER failed test frsevent
      Starting test: kccevent
         ......................... MY-SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:06
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   21:25:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 02/13/2013   21:56:37
            Event String: The Security Account Manager failed a KDC request

         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 02/13/2013   21:56:37
            Event String: The Security Account Manager failed a KDC request

         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:02:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/13/2013   22:13:15
            (Event String could not be retrieved)
         ......................... MY-SERVER failed test systemlog
      Starting test: VerifyReferences
         Some objects relating to the DC MY-SERVER have problems:
            [1] Problem: Missing Expected Value

             Base Object: CN=MY-SERVER,OU=Domain Controllers,DC=MYDOM

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

            
            [1] Problem: Missing Expected Value

             Base Object:

            CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOM

             Base Object Description: "DSA Object"

             Value Object Attribute Name: serverReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

            
         ......................... MY-SERVER failed test VerifyReferences
  
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
  
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
  
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
  
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
  
   Running partition tests on : MYDOM
      Starting test: CrossRefValidation
         ......................... MYDOM passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... MYDOM passed test CheckSDRefDom
  
   Running enterprise tests on : MYDOM
      Starting test: Intersite
         ......................... MYDOM passed test Intersite
      Starting test: FsmoCheck
         ......................... MYDOM passed test FsmoCheck

CarolChi

Dear All,

I have a question regarding Active Directory Dynamic DNS update.

In our network , AD is isolated from other server network, a firewall is in between DC and all servers.

All communications are possible other than the client Dynamic DNS  update, we have different services like SQL cluster, EXchange etc.

every time we have to manually add the servers in the DNS, now network team asking for why the Dynamic DNS need to enable for clients and other servers.

Is it ok to leave the dynamic DNS disabled and add all systems manually in the DNS, any one can help me by providing the advantages of dynamic DNS update.

regards,

sarma