Category Archives: Active Directory Troubleshooting

DCDIAG and Repadmin shows decommissioned domain controller

DCDIAG output return out of sync error for a decommissioned DC or repadmin /replsum (repadmin /replsummary) shows high delta value which is not pointing to any source/destination DC, then it’s quit difficult to identify the affected connection objects Domain Controller detail, will discuss how to work on this issue

Also Read: Force active [Continue reading]

Planning safe Decommission of Domain Controller (Decommission of Active Directory site) Without Impacting Users

Best practice for decommissioning a Domain Controller Server: In general Decommission of Domain Controller is straightforward procedure and not required a much planning as we always have a redundant Domain Controller in a same site, so the client authentication will be handled by the other DC’s, if you want to find is any application hard-coded(“hard path” setting) the DC’s, … [Continue reading]

Windows Server 2012 Active Directory Trust Relationship Problem

You use to get the error message “The security Database on the server does not have a computer account for this workstation trust relationship.” or shows “Login ID or password incorrect” while the time of logon on Windows Server 2012 R2, most recommended solution is re-join toActive Directory Domains or rebuild the server to fix the issue, before … [Continue reading]

How to troubleshoot workstation Trust relationship issues on Domain

How Trust relationships affect the Computers?

Domain joined workstations and member servers are had a Trust relationship with Domain in order to authenticate, and reset the computer account password every 30 days by default, you will get the below error if any mismatch between computer password on workstation and on Domain controller

Also Read: Active Directory Replication failed with “Target [Continue reading]

Monitor NTLM authentication delays and issues on Windows 2008 and 2012

Events to track authentication delays and issues: Finally we have new event log entries that can track NTLM authentication delays and issues in Windows Server 2008 R2, in a complex environment with multiple Forests and multiple Domains NTLM authentication request will be more and it’s difficult to monitor and track the Bottlenecks

Also Read: AD Slow Authentication and prompting for [Continue reading]

Replsummary showing unknown for largest delta on AD replication checks

Largest delta would report as unknown on Source DC while running Repadmin /replsummary for your Domain and Forest, since it’s showing unknown and didn’t see the replication delta value and unable to find the affected Destination DC, will describe how to find the Destination DC

Also Read: Force active directory replication

Why it’s reporting unknown?

Let’s say if the new … [Continue reading]

Active Directory real time issues and solutions

As an Windows AD Administrator I have many Active Directory real time issues and solutions, we have seen the questions like, Tel me about 2 real time issues which you have faced in your current Active Directory environment, share one or two challenging issues which you have worked and resolved, Tel me most challenging issues you recently involved

Many of … [Continue reading]

DNS Entry of Domain Controller are Resolving to Incorrect value

One of the Domain Controller DNS entries pointing to wrong IP Address (resolving with the wrong IP address) which is affected Active Directory authentication and other services. This is a unique issue which I have come across

It’s a single forest with multiple child domains as the architecture, when try to resolve one of the child Domain’s Domain Controller from … [Continue reading]