Clearapps network inventory
software.

AD & DC

2008 R2 domain migration with Exchange 2003 SP2

AD communication, including replication, fails on multihomed domain controllers
Active Directory Migration Question

Can't I install Exchange on a DC
Can I rename Windows 2003 DC
Clear Domain Cached Credentials On a local computer
Common Active Directory Issues
Decommissioning a server
Microsoft DFS Issues
Failed to modify the necessary properties for the machine account
How to Add Another Domain Controller in an Exiting Domain
How to check AD DNS Registration
How to check Active Directory Health
How to check DC replication status
How to temporarily disable a DC without turn off it
How to Enable or Disable a Global Catalog (GC)
How to install/remove AD/DC
How to configure AD Replication over Firewalls
How to repopulate AD DNS entries
How to remove unused domain from My Network Places
How to remove a non existing additional DC from domain
How to transfer FSMO in Windows 2008 DC
How to use ADSIEdit to remove failed Domain Controller
How to verify AD replication is functioning
How to verify an Active Directory installation
How to verify Global Catalog Readiness
How to verify that SRV DNS records have been created for a DC
How do I restore Shares ??
it is not recommended to use DC as router
Migration from 32-bit Windows 2003 to 64-bit Windows 2008
Move the FSMO roles from failed DC to a new DC
Move old 2003 Domain Controller to new 2008 Server
Multiple Domain setup in Server 2003
Should laptops join the domain
Remove original 2003 server from domain
This domain controller holds the last replica of the following application directory partitions
Transfer DC to new server
Upgrade Windows 2000 Domain Controllers to 2003
Upgrade Windows 2003 Standard DC to Windows 2008 R2
What will happen when demoting a DC
What is DFS for?
Windows/wins1.htm
Windows 2003 multi-domain to 2008 single-domain migration
Windows Domain Redundancy
Why does my network crash when 1 DC goes down?

Post your questions, comments, feedbacks and suggestions

Contact a consultant

[ads/yahoobanner240.htm]

AD communication, including replication, fails on multihomed domain controllers

Cause: network adapters on the multihomed domain controllers are registering both the inside and outside Internet Protocol (IP) addresses with the DNS server. Replication operations require multiple lookup requests of SRV records. In this case, half of the DNS lookup requests return an IP address that cannot be contacted, and the replication operation fails.

Can I rename Windows 2003 DC

If you have a Windows 2003 DC, you can use the Netdom tool to rename the DC. The Netdom provide a secure and supported methodology to rename one or more domains. You can find the tool from the Windows 2003 installation CD-ROM

Common Active Directory Issues

1. Incorrect DNS configuration.
2. Incorrect network configuration.
3. Difficulties when you upgrade from Microsoft Windows NT.

Failed to modify the necessary properties for the machine account

Symptom: When you run Dcpromo to create a replica domain controller, you may receive the following error message: Failed to modify the necessary properties for the machine account. Access is denied.

Cause: 1. The account that is used for the promotion operation may not been assigned the "Delegation Privilege" right.
2. One of the operations that takes place during the promotion of a replica domain controller is the modification of the UserAccountControl attribute for the computer you are promoting.
3. When one or more domain controllers are on a Windows 2000 server that is using NAT; and it can be caused by the H.323/Lightweight LDAP proxy service.

For consultants, please refer to case 110804RL

How to check AD DNS Registration

You should have four folders with the following names under DNS forward lookup zones are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp

How to check DC replication status

To check DC replication status, go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.

How to Enable or Disable a Global Catalog (GC)

Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.

How to install/remove AD/DC

To install/remove AD/DC, use dcpromo command.

How to repopulate AD DNS entries

Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

This domain controller holds the last replica of the following application directory partitions

Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com

Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.

What will happen when demoting a DC

When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.