I wanted to check to see what AD accounts i could delete.  Sometimes HR doesn't tell me when PT employees leave.  I found this script.

' List last logon times 
On Error Resume Next 
sEnterDCs = "DOMAINCONTROLLER" 
sObjects = Split(sEnterDCs, ",") 
Set oDomain = GetObject("WinNT://" & sObjects(0)) 
oDomain.Filter = Array("User") 
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine 
For Each oDomainItem In oDomain 
sUsrLogin = oDomainItem.LastLogin 
If UBound(sObjects) >= 1 Then 
For ii = 1 To UBound(sObjects) 
Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user") 
If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin 
Next 
End If 
WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin) 
Next

Well the issue is there are lastlogintimes on accounts in the past few weeks i know have not been accessed in a year or so.  What could be doing this? Is it my Backup or antivirus software?  is is Exchange?  We run W2k8 as our forest level and Exchange 2010. Thanks.

I'm sure AD and Server 2008 R2 gurus are all too familior with Event ID 2886 from ActiveDirectory_DomainService "The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. "

I would like to enforce signing to improve the security of the domain controller (we have 3 2008R2 DC's).  However if this is turned on it breaks a web based timeclock application and a wordpress intranet login page (to post to our intranet).  The intranet logon I am not too worried about as I have found other plugins that support LDAPs  TLS/SSL.  According to the vendor, the Timeclock application however does not support secure LDAP binds.  This is a deal breaker and we cannot secure LDAP because of one lousy (but VERY important) application.

I was wondering if there were any other alternatives to securing LDAP?  Could I use Windows Firewall on each domain controller to ONLY allow the IP address of the timeclock application to port 389?  Would other applications know to automatically try LDAPs port 636?  I mean we can't make it Domain Controller or Domain wide policy to reject cleartext binds entirely because of this one application.

We've enabled logging and corrected other applications that use LDAP to now use LDAPs.  One in particular was a Cisco ASA for VPN authentication.  That works great using LDAPS.  Too bad we have one application bringing down the whole security of our network.

I have a Server 2003 AD domain controller that I need to replace.  I'll be replacing it with a Server 2008 R2 machine.

I need to keep the same computer name and IP address on the new machine.

This is the only domain controller on the network.

Thanks for the help.

Hello,

My apologies if this has been covered, I have had no luck finding this information.

I am looking for a guide to performance counters for Active Directory that covers actual thresholds (numbers, not more definitions) as described in the following articles:

• http://technet.microsoft.com/en-us/library/cc961942.aspx
• http://www.windowsitpro.com/article/performance/jsi-tip-5454-how-do-i-monitor-performance-in-active-directory-

I am not looking for definitions or explanations of what these counters are - I have this information.  I am looking for specific or rough thresholds that should throw up a red flag, and perhaps which counters are the most important.  I have not had any luck finding this information, all the links I have found simply point to copies of the definitions.

Your insight would be greatly appreciated!

I've an existing W2008R2 domain, and I'm trying to create a new child domain using W2012 std. The new server is on a remote subnet, connected via Wan, without any firewall or security filter. It can connect to the existing domain controllers (ping, network share, and so on.. all works)

I start the wizard, and it confirms that environment is ok. Then it stalls when working on "active directory synchronizing". It reports a serie of 1963/1961/2839/1962/1125 event ID errors, then after a while it starts back reporting the same serie (it loops to check if problem are solved I think).

I cannot find any way to understand why it cannot complete the dcpromo.

Any idea?

Thanks

Is it possible for TS(RDP) to allow clients in DomainA to access an Application in DomainB without a trust?  Would it work with a one way trust?

Forest1 Domain A and Forest2 Domain B both run the same application server.  Application is accessible via sql authentication via odbc.  Assuming it is possible to install the application in two separate program directories with the configuration pointing to the separate sql dbs, is this possible to accomplish with one TS(RDP) Server that is a member of one of the domains? (the application uses its own security).

Is TS(RDP) allowed to function across forests? without a trust? Cross external forest trusts?  One way? How might this affect TS(RDP) licensing if it works?

Hi All,

I am starting a project of building a ded. server which will host Hyper-V. I am planning to place one DC as a VM inside Hyper-V (with the option set to start automatically). The other DC will sit outside as a physical server (1-2gb ram, small server). This is a dev environment only. 

Are there any issues with this?

Of course, I won't sync the time with Hyper-V etc. I am looking at posts such as this: http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/08/13/active-directory-in-hyper-v-environments-part-1.aspx  There are also plenty of threads about this sort of topic which I am looking at.

Thanks

Users are unable to connect to Wifi, when verificated in RADIUS server (Domain Controller as well) found the below logs;

Authentication Details:
                Connection Request Policy Name:  Use Windows authentication for all users
                Network Policy Name:                   CORPWIFI
                Authentication Server:                  DCWIFI101.corporateroot.net
                Authentication Type:                     PEAP
                EAP Type:                                    Microsoft: Smart Card or other certificate
                Account Session Identifier:             -
                Logging Results:                           Accounting information was written to the local log file.
                Reason Code:                               259
                Reason:                                       The revocation function was unable to check revocation because the revocation server was offline.

If its problem with Certificates could you please help solving the same and how to check the validity of CRL and make sure its published to AD?

Mahesh

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = NTEDC01

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Paris\NTEDC01

      Starting test: Connectivity

         ......................... NTEDC01 passed test Connectivity



Doing primary tests

   
   Testing server: Paris\NTEDC01

      Starting test: Advertising

         ......................... NTEDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... NTEDC01 passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... NTEDC01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... NTEDC01 passed test SysVolCheck

      Starting test: KccEvent

         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         A warning event occurred.  EventID: 0x8000082D

            Time Generated: 01/03/2013   15:18:53

            Event String: 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         An error event occurred.  EventID: 0xC0000748

            Time Generated: 01/03/2013   15:18:53

            Event String:

            This is the replication status for the following directory partition on this directory server. 


         A warning event occurred.  EventID: 0x8000061E

            Time Generated: 01/03/2013   15:23:58

            Event String:

            All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable. 


         An error event occurred.  EventID: 0xC000051F

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 


         A warning event occurred.  EventID: 0x80000749

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. 


         A warning event occurred.  EventID: 0x8000061E

            Time Generated: 01/03/2013   15:23:58

            Event String:

            All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable. 


         An error event occurred.  EventID: 0xC000051F

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 


         A warning event occurred.  EventID: 0x80000749

            Time Generated: 01/03/2013   15:23:58

            Event String:

            The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. 



         ......................... NTEDC01 failed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... NTEDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... NTEDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... NTEDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... NTEDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... NTEDC01 passed test ObjectsReplicated

      Starting test: Replications

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=EUROPE,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:49:22.

            The last success occurred at 2012-12-22 02:47:54.

            300 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=EUROPE,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 15:06:06.

            The last success occurred at 2012-12-22 02:47:54.

            301 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:49:49.

            The last success occurred at 2012-12-18 07:47:58.

            391 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc


            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:49:58.

            The last success occurred at (never).

            42 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:02.

            The last success occurred at (never).

            24 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC03 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:04.

            The last success occurred at (never).

            8 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC02 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:25.

            The last success occurred at (never).

            4 failures have occurred since the last success.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AMERICADC01 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 14:50:28.

            The last success occurred at (never).

            2 failures have occurred since the last success.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=AFRICA,DC=loc

            The replication generated an error (8606):

            Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.

            

            The failure occurred at 2013-01-03 15:06:13.

            The last success occurred at (never).

            385 failures have occurred since the last success.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:49:53.

            The last success occurred at 2012-12-18 08:47:59.

            390 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:36.

            The last success occurred at (never).

            42 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:39.

            The last success occurred at (never).

            24 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From ROOTDC03 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:42.

            The last success occurred at (never).

            8 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AFRDC02 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:49.

            The last success occurred at (never).

            4 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From AMERICADC01 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 14:50:52.

            The last success occurred at (never).

            2 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         [Replications Check,NTEDC01] A recent replication attempt failed:

            From GVADC02 to NTEDC01

            Naming Context: DC=Asia,DC=loc

            The replication generated an error (8451):

            The replication operation encountered a database error.

            The failure occurred at 2013-01-03 15:06:20.

            The last success occurred at (never).

            385 failures have occurred since the last success.

            A serious error is preventing replication from continuing.

            Consult the error log for further information.

            If a particular object is named, it may be necessary to manually

            modify or delete the object.

            If the condition persists, contact Microsoft Support.

         REPLICATION LATENCY WARNING

         NTEDC01: This replication path was preempted by higher priority work.

            from ROOTDC02 to NTEDC01

            Reason: The operation completed successfully.

            The last success occurred at (never).

            Replication of new changes along this path will be delayed.

         ......................... NTEDC01 failed test Replications

      Starting test: RidManager

         ......................... NTEDC01 passed test RidManager

      Starting test: Services

         ......................... NTEDC01 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0xC0001B77

            Time Generated: 01/03/2013   15:20:37

            Event String:

            The SNMP Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

         ......................... NTEDC01 failed test SystemLog

      Starting test: VerifyReferences

         ......................... NTEDC01 passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : EUROPE

      Starting test: CheckSDRefDom

         ......................... EUROPE passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... EUROPE passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running enterprise tests on : mydomain.loc

      Starting test: LocatorCheck

         ......................... mydomain.loc passed test LocatorCheck

      Starting test: Intersite

         ......................... mydomain.loc passed test Intersite

Dear all,

Im facieng a replication issues bettwen difrent servers on the ADDS tomology and I need your help in order to solve it, please find attached copy of dcdiag output from the server where replication errors accured.

Thansk in advance for your help

I am trying to extend the AD LDS schema with LDIFDE and it is giving me a syntax error:

Connecting to "localhost"
Logging in as current user using SSPI
Importing directory from file "Test.ldif"
Loading entries.
There is a syntax error in the input file
Failed on line 1. The last token starts with 'ï'.
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please specify the log file path via the -j option.

I have looked at the LDIF file and I can't find anything obvious.  The error message is not that useful either.

dn: CN=Password-Question,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.124.113556.1.8000.2554.12372.15750.62716.18567.40207.13088528.6608499.1.1
adminDisplayName: Password-Question
adminDescription: One part of the reminder for the user when resetting their password
lDAPDisplayName: passwordQuestion
attributeSyntax: 2.5.5.12
oMSyntax: 64
rangeLower: 1
rangeUpper: 256
isSingleValued: TRUE
searchFlags: 0
systemOnly: FALSE

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

Any thoughts as to what is going on?

We have Hundreds of customers, many separated across several companies and OUs.

What I need is a Power Shell script to export existing user information (User Name, E-mail, Mailbox Size, Number of e-mails, Real Name, Creation Date, etc.) to a CSV sheet, Based on OU, Or Company name, or Domain.

Is this at all possible?

I am very new to Windows Power Shell and I have no idea where to start, especially considering of the potential of breaking something critical.

I asked in another thread about using ADMT to conduct a move from Windows 2003 domain to Windows 2008 R2

What about the option of just NOT migrating anything and manually recreating all new users in a brand new domain? 

Let's suppose I create a brand new domain, manually recreating all the usernames from the old domain (knowing they are all different) and going from there?  Are there any advantages/disadvantages to doing that?  I also have a file server and an Exchange 2003 server in the old domain as well.

"The Lightweight Directory Access Protocol (LDAP) can be used to provide information about users, groups, etc.
The LDAP service on this system allows anonymous connections. Access to this information by malicious users may assist them in launching further attacks."

please help me on this issue.

Regards,

Ananda

Cal Miyatake

Hi, i am trying to use Excel 2007 to open Active Directory - showing users / computers / groups in Excel.
I would like to open Actice Directory via "Get external data". If i try to connect to Active Directory i cant find the right driver (ODBC) for Active Directory.
Is there a way to use Excel 2007 (or newer) as a frontend to show up all active directory content (users / computers / groups / printers) directly ?

Kind regards,
Thoralf

Hi,

I've few problems in my domain environment. Please help me to resolve this issue.

The domain setup as follows - One forest and One domain. Within a domain 4 DCs running with WS08 R2 SP1.

2 DCs in Australia and 2 DCs in US. PDCe located in Australia.

Output of dcdiag /e /q as follows -

            NtFrs Service is stopped on [SVAUAD01]
         ......................... SVAUAD01 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVAUAD01 failed test frsevent
         Some objects relating to the DC SVAUAD01 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVAUAD01 failed test VerifyReferences
            NtFrs Service is stopped on [SVAUAD02]
         ......................... SVAUAD02 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVAUAD02 failed test frsevent
         Some objects relating to the DC SVAUAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVAUAD02 failed test VerifyReferences
            NtFrs Service is stopped on [SVUSAD01]
         ......................... SVUSAD01 failed test Services
         Some objects relating to the DC SVUSAD01 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVUSAD01 failed test VerifyReferences
            NtFrs Service is stopped on [SVUSAD02]
         ......................... SVUSAD02 failed test Services
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SVUSAD02 failed test frsevent
         Some objects relating to the DC SVUSAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
         ......................... SVUSAD02 failed test VerifyReferences

Output of dcdiag /v /c /d /s:DC_Name (Copying only error messages & see if that helps)

Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   14:40:10
            (Event String could not be retrieved)
         ......................... SVAUAD01 failed test frsevent

Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
            NtFrs Service is stopped on [SVAUAD02]
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SVAUAD02 failed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SVAUAD02 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SVAUAD02 is in domain DC=spendvision,DC=com
         Checking for CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com in domain DC=spendvision,DC=com on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com in domain CN=Configuration,DC=spendvision,DC=com on 4 servers
            Object is up-to-date on all servers.
         ......................... SVAUAD02 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SVAUAD02 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Error Event occured.  EventID: 0x00001057
            Time Generated: 01/02/2013   10:00:23
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:05:44
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:06:15
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:19:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x000003E8
            Time Generated: 01/02/2013   10:20:32
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:12:39
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:41:38
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x000005FA
            Time Generated: 01/02/2013   11:57:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/02/2013   14:26:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/02/2013   14:55:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x0000100B
            Time Generated: 01/03/2013   06:19:47
            (Event String could not be retrieved)
         ......................... SVAUAD02 failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SVAUAD02 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:23:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:24:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:24:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:25:20
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 01/03/2013   06:25:58
            (Event String could not be retrieved)
         ......................... SVAUAD02 failed test systemlog
      Starting test: VerifyReplicas
         ......................... SVAUAD02 passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com and backlink

         on

         CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com

         are correct.
         Some objects relating to the DC SVAUAD02 have problems:
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            The system object reference (serverReferenceBL)

            CN=SVAUAD02,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=spendvision,DC=com

            and backlink on

            CN=NTDS Settings,CN=SVAUAD02,CN=Servers,CN=Sydney-AD,CN=Sites,CN=Configuration,DC=spendvision,DC=com

            are correct.
         ......................... SVAUAD02 failed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN

         references.  Note, that  these problems can be reported because of

         latency in replication.  So follow up to resolve the following

         problems, only if the same problem is reported on all DCs for a given

         domain or if  the problem persists after replication has had

         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [2] Problem: Missing Expected Value

             Base Object:

            CN=SVAUAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [3] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD01,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            [4] Problem: Missing Expected Value

             Base Object:

            CN=SVUSAD02,OU=Domain Controllers,DC=spendvision,DC=com

             Base Object Description: "DC Account Object"

             Value Object Attribute Name: frsComputerReferenceBL

             Value Object Description: "SYSVOL FRS Member Object"

             Recommended Action: See Knowledge Base Article: Q312862

             
            LDAP Error 0x5e (94) - No result present in message.
         ......................... SVAUAD02 failed test VerifyEnterpriseReferences

On top of this, there are "n" number of DFSR warning messages in Administrative Events on 3 DCs. The warning message - “DFS Replication service is stopping communication with partner SVAUAD01/AD02 for replication group domain system volume due to an error”. Event id - 5014

The above warning message also appears in SVUSAD01.

Please let me know how to resolve these issues.

Thanks,

Saravana

Hello, guys!

We got some strange behavior in our AD 2003.

We lost second account today, it was deleted and we found in Security Audit that it was deleted by machine account of Exchange 2010 CAS Server.

Any ideas?