How to Check Domain Controller Syncronization
Check replication summary
[TEST-DC02]: PS C:\Users\testadmin\Documents> Repadmin /replsummary
Replication Summary Start Time: 1998-02-30 14:00:48
Beginning data collection for replication summary, this may take awhile:
........................
Source DSA largest delta fails/total %% error
LAX-CORPDC03 08m:36s 0 / 10 0
LAX-CORPDC04 11m:36s 0 / 5 0
CA-CORPDC01 13m:32s 0 / 60 0
CA-CORPDC02 13m:32s 0 / 65 0
CA-CORPDC03 13m:32s 0 / 50 0
IRV-CORPDC04 08m:36s 0 / 5 0
AZ-CORPDC01 06m:27s 0 / 10 0
AZ-CORPDC02 09m:32s 0 / 15 0
FLA-CORPDC04 01h:53m:35s 5 / 5 100 (1727) The remote procedure call failed and did not execute.
TEST-DC01 13m:26s 0 / 15 0
bbc-CORPDC01 07m:47s 0 / 5 0
CONG-BRK-DC01 08m:34s 0 / 5 0
CONG-PLS-DC01 13m:29s 0 / 10 0
MON-CORPDC01 08m:35s 0 / 5 0
MO-CORPDC01 15m:04s 0 / 20 0
MO-CORPDC02 13m:28s 0 / 15 0
Destination DSA largest delta fails/total %% error
LAX-CORPDC03 13m:13s 0 / 15 0
LAX-CORPDC04 09m:48s 0 / 15 0
CA-CORPDC01 13m:29s 0 / 40 0
CA-CORPDC02 01m:57s 0 / 40 0
CA-CORPDC03 01h:53m:41s 5 / 45 11 (1727) The remote procedure call failed and did not execute.
IRV-CORPDC04 10m:12s 0 / 10 0
AZ-CORPDC01 10m:44s 0 / 25 0
AZ-CORPDC02 07m:40s 0 / 25 0
TEST-DC02 10m:26s 0 / 20 0
MON-CORPDC01 12m:39s 0 / 15 0
MO-CORPDC01 14m:03s 0 / 20 0
MO-CORPDC02 15m:09s 0 / 20 0
Check replication health
TEST-DC02]: PS C:\Users\testadmin\Documents> Repadmin /Showrepl
Repadmin: running command /Showrepl against full DC localhost
Phoenix\TEST-DC02
DSA Options: IS_GC
Site Options: (none)
DSA object GUID:
DSA invocationID:
==== INBOUND NEIGHBORS ======================================
DC=hooli,DC=net
Phoenix\TEST-DC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:36 was successful.
Brazil\CA-CORPDC02 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC03 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
CN=Configuration,DC=hooli,DC=net
Phoenix\TEST-DC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:36 was successful.
Brazil\CA-CORPDC02 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:37 was successful.
Brazil\CA-CORPDC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:38 was successful.
Brazil\CA-CORPDC03 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
CN=Schema,CN=Configuration,DC=hooli,DC=net
Phoenix\TEST-DC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:36 was successful.
Brazil\CA-CORPDC02 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC03 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
DC=DomainDnsZones,DC=hooli,DC=net
Phoenix\TEST-DC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:36 was successful.
Brazil\CA-CORPDC02 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC03 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
DC=ForestDnsZones,DC=hooli,DC=net
Phoenix\TEST-DC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:36 was successful.
Brazil\CA-CORPDC02 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:39 was successful.
Brazil\CA-CORPDC01 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:40 was successful.
Brazil\CA-CORPDC03 via RPC
DSA object GUID:
Last attempt @ 1998-02-30 13:51:40 was successful.
Attempt to Trigger a Replication
[TEST-DC02]: PS C:\Users\testadmin\Documents> Repadmin /syncall
CALLBACK MESSAGE: Error contacting server ._msdcs.hooli.net (network error): 1722 (0x6ba):
The RPC server is unavailable.
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error contacting server ._msdcs.hooli.net (network error): 1722 (0x6ba):
The RPC server is unavailable.
Perform Diagnostics
[TEST-DC02]: PS C:\Users\testadmin\Documents> DCDIAG /TEST:DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = TEST-DC02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Phoenix\TEST-DC02
Starting test: Connectivity
......................... TEST-DC02 passed test Connectivity
Doing primary tests
Testing server: Phoenix\TEST-DC02
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... TEST-DC02 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : hooli
Running enterprise tests on : hooli.net
Starting test: DNS
Test results for domain controllers:
DC: TEST-DC02.hooli.net
Domain: hooli.net
TEST: Basic (Basc)
Warning: Adapter has dynamic IP address
(can be a misconfiguration)
Warning: adapter [00000012] Microsoft Hyper-V Network Adapter
has invalid DNS server: 10.100.500.200 (TEST-DC02)
TEST: Delegations (Del)
Error: DNS server: corpdc02.hooli.net. IP:<Unavailable>
[Missing glue A record]
Error: DNS server: corpdc03.hooli.net. IP:<Unavailable>
[Missing glue A record]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone hooli.net
TEST: Records registration (RReg)
Network Adapter [00000012] Microsoft Hyper-V Network Adapter:
Warning:
Missing SRV record at DNS server 10.100.500.007:
_ldap._tcp.hooli.net
Warning:
Missing SRV record at DNS server 10.100.500.007:
_ldap._tcp.domains._msdcs.hooli.net
Warning:
Missing SRV record at DNS server 10.100.500.007:
_kerberos._tcp.dc._msdcs.hooli.net
Warning:
Missing SRV record at DNS server 10.100.500.007:
_ldap._tcp.dc._msdcs.hooli.net
Warning:
Missing SRV record at DNS server 10.100.500.007:
_kpasswd._tcp.hooli.net
Warning:
Missing A record at DNS server 10.100.500.007:
gc._msdcs.hooli.net
Error: Record registrations cannot be found for all the network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.100.500.200 (TEST-DC02)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.100.500.200 Name resolution is not functional. _ldap._tcp.hooli.net. failed on the DNS server 10.100.500.200
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: hooli.net
TEST-DC02 PASS WARN PASS FAIL WARN FAIL n/a
......................... hooli.net failed test DNS
Correct the IP Address of Domain Controller
# Query for network cards
[TEST-DC02]: PS C:\Users\testadmin\Documents> Get-NetAdapter
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
---- -------------------- ------- ------ ---------- ---------
Ethernet 2 Microsoft Hyper-V Network Adapter #2 15 Up 10 Gbps
# Set Static IP while login as console session, not RDP
$ipParams = @{
InterfaceIndex = 15
IPAddress = '10.100.500.200'
PrefixLength = 22
DefaultGateway = '10.100.500.1'
AddressFamily = 'IPv4'
}
New-NetIPAddress @ipParams
Set-NetIPInterface -InterfaceAlias 'Ethernet 2' -Dhcp Disabled
$dnsParams = @{
InterfaceIndex = 8
ServerAddresses = ("8.8.8.8","8.8.4.4")
}
Set-DnsClientServerAddress @dnsParams
Clear-DnsClientCache
Register-DnsClient # Trigger IP to hostname registration update toward DNS Server
Reconnect to Domain Controller from a Client PC to Validate Successful Configuration
# Clear cache and reconnect
ipconfig /flushdns
enter-pssession TEST-DC02
# Retrigger replication
[TEST-DC02]: PS C:\Users\testadmin\Documents> Repadmin /syncall
CALLBACK MESSAGE: The following replication is in progress:
From: ._msdcs.hooli.net
To : ._msdcs.hooli.net
CALLBACK MESSAGE: The following replication completed successfully:
From: ._msdcs.hooli.net
To : ._msdcs.hooli.net
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
Fix Issue with Active Directory Users and Computers Management Console
# Error message when running ADUC from a member server
---------------------------
Active Directory Domain Services
---------------------------
Naming information cannot be located because:
The system cannot contact a domain controller to service the authentication request. Please try again later.
Contact your system administrator to verify that your domain is properly configured and is currently online.
---------------------------
OK
---------------------------
# Test connectivity toward DC on a known Lightweight LDAP port
PS C:\Windows\system32> test-netconnection 10.100.500.007 -port 389 -informationlevel quiet
False
# Querying for domain controllers from the member server to validate problem
PS C:\Windows\system32> netdom query fsmo
The RPC server is unavailable.
The command failed to complete successfully.
# Disable TCP/IP filtering - not the solution
# $securityFilterHive='REGISTRY::HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters'
# $securityFilterKey='EnableSecurityFilters'
# reg add $securityFilterHive /v $securityFilterKey /t REG_DWORD /d 0
# Solution:
Ensure that the domain controller IP addresses are setup correctly. It may not be obvious, but mistaking a netmask of /24 for a /22 as specified by networking configs in AD will cause Lightweight LDAP to break.
Categories: