expected DCDIAG.EXE behaviors. This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors I had never known existed. While we have documented the version of DCDIAG that shipped with Windows Server 2008 – sometimes with excellent specificity, like Justin Hall’s article about the DNS tests – mostly it’s a black box and you only find out what it tests when the test fails. Oh, we have help of course: just run DCDIAG /? to see it. But it’s help written by developers. Meaning you get wording like this: AdvertisingChecks whether each DSA is advertising itself,…

Complete command: C:\Repadmin /replsingleobj SourceDC DestinationDC ObjectDN Object Distinguish Name follows the LDAP DN rules. Example is User Name JamesBovik created in HR OU of Corp.Customer.com Domain will be DN: CN=JamesBovik,OU=HR,DC=Corp,DC=Customer,DC=com.Note if the DN has any spaces in it, please include usual quotes.Example with the syntax:repadmin /replsingleobj DC1.corp.customer.com DC2.pugazh.in CN=Jame,OU=HR,DC=Corp,DC=Customer,DC=com.

This article describes the symptoms and cause of an issue in which Active Directory replication is unsuccessful and generates error 8606: “Insufficient attributes were given to create an object. This object may not exist because it may have been deleted.” This article also describes a resolution for this issue. Symptoms Symptom 1 The DCDIAG reports that the Active Directory Replications test failed with error 8606: “Insufficient attributes were given to create an object.”Starting test: Replications[Replications Check, <Destination DC>] A recent replication attempt failed:From <source DC> to <destination DC>Naming Context: <directory partition DN path>The replication generated an error (8606): Insufficient attributes were given to create an object. This object may not exist…

Domain controllers and global catalog servers are represented in DNS as SRV records. You can query SRV records using nslookup by setting the type=SRV. nslookup Default Server: pugazh.in Address: 10.0.0.10 set type=SRVThis query retrieves all domain controllers from domain DNS. _ldap._tcp.<Domain DNSNames> This query retrieves global catalogs, but forest-wide. _gc._tcp.<Forest DNS Name> Find the domain controllers or global catalogs that are in a particular site _ldap._tcp.._sites.<Domain DNSNames> _gc._tcp.._sites.<Forest DNS Name>

Troubleshooting Trusts What problem are you having? Clients are unable to access resources in a domain outside of the forest. Trust errors between servers or workstations. Trust errors between Windows NT 4.0 and Active Directory domains. After upgrading a Windows NT 4.0 domain with existing trusts to Active Directory domains, you encounter various trust-related problems. Cannot connect to a domain controller running Windows 2000. Clients are unable to access resources in a domain outside of the forest. Cause:  A failure has occurred on the external trust between the domains. Solution:  Reset and verify the trust between the domains. The PDC emulator master must be available for a trust to be successfully reset. See also:  Verify a trust; Operations master…

Troubleshooting schema What problem are you having? Unable to modify or extend the schema. Unable to add attributes to a class. Unable to connect to a domain controller running Windows 2000 from the Active Directory Schema snap-in. Unable to find or run the Active Directory Schema snap-in. Search for new and updated information. Or, your question does not match any of those listed above. Unable to modify or extend the schema. Cause:  The schema operations master is not available. The domain controller that currently holds the schema master role is offline or network connectivity between you and the schema master is inoperable. Solution:  Restore the availability of the schema master by fixing the…

Go to the particular OU/users/Computer or any object properties, go to the Object tab. Here, uncheck Protect object from accidental deletion. Using cmd we can view the enable status"dsquery site -name <SiteName> | dsget site -dn -cachegroups -prefGCSite"