Category Archives: Active Directory Troubleshooting

Microsoft August 2020 Patch issues and unanswered questions: No Netlogon events in Domain Controller logs after August 2020 Patches

August 2020 Patch (CVE-2020-1472) is fixing Netlogon Elevation of Privilege Vulnerability, we have to patch all the Domain Controllers to secure our environment from this Vulnerability and its two-part rollout stars on August 2020 and Feb 2021, we have many unanswered questions like, is the August 2020 patch will affect the non-secure clients? is there… Read More »

DCDIAG and Repadmin shows decommissioned domain controller

DCDIAG output return out of sync error for a decommissioned DC or repadmin /replsum (repadmin /replsummary) shows high delta value which is not pointing to any source/destination DC, then it’s quit difficult to identify the affected connection objects Domain Controller detail, will discuss how to work on this issue Also Read: Force active directory replication How to… Read More »

Planning safe Decommission of Domain Controller (Decommission of Active Directory site) Without Impacting Users

Best practice for decommissioning a Domain Controller Server: In general Decommission of Domain Controller is straightforward procedure and not required a much planning as we always have a redundant Domain Controller in a same site, so the client authentication will be handled by the other DC’s, if you want to find is any application hard-coded(“hard path”… Read More »

Windows Server 2012 Active Directory Trust Relationship Problem

You use to get the error message “The security Database on the server does not have a computer account for this workstation trust relationship.” or shows “Login ID or password incorrect” while the time of logon on Windows Server 2012 R2, most recommended solution is re-join toActive Directory Domains or rebuild the server to fix… Read More »

How to troubleshoot workstation Trust relationship issues on Domain

How Trust relationships affect the Computers? Domain joined workstations and member servers are had a Trust relationship with Domain in order to authenticate, and reset the computer account password every 30 days by default, you will get the below error if any mismatch between computer password on workstation and on Domain controller Also Read: Active Directory Replication… Read More »

Monitor NTLM authentication delays and issues on Windows 2008 and 2012

Events to track authentication delays and issues: Finally we have new event log entries that can track NTLM authentication delays and issues in Windows Server 2008 R2, in a complex environment with multiple Forests and multiple Domains NTLM authentication request will be more and it’s difficult to monitor and track the Bottlenecks Also Read: AD… Read More »

Replsummary showing unknown for largest delta on AD replication checks

Largest delta would report as unknown on Source DC while running Repadmin /replsummary for your Domain and Forest, since it’s showing unknown and didn’t see the replication delta value and unable to find the affected Destination DC, will describe how to find the Destination DC Also Read: Force active directory replication Why it’s reporting unknown? Let’s say if the… Read More »

Active Directory real time issues and solutions

As an Windows AD Administrator I have many Active Directory real time issues and solutions, we have seen the questions like, Tel me about 2 real time issues which you have faced in your current Active Directory environment, share one or two challenging issues which you have worked and resolved, Tel me most challenging issues… Read More »