Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15
  1. #11
    Computer Tech
    Join Date
    Dec 2004
    Location
    Whangarei
    Posts
    5,730

    Default Re: Troubleshooting Active Directory issues

    Quote Originally Posted by linw View Post
    We feel your pain. A helluva responsibility on a live system.

    Hopefully, something will go your way.
    Yea agree here, can you get a full backup image to take away and mount in a VM or something to play with and see if you can get it fixed?

  2. #12
    Enterprise IT Consultant chiefnz's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    1,457

    Default Re: Troubleshooting Active Directory issues

    They have no spare infrastructure, it's an overseas government department with very little funding. Took me 5 weeks to convince them to buy 3 more servers.

    I may just blow the second DC away I just built and install Hyper-V on there and try to get a backup copy of the current DC restored to a VM.

    Whilst doing everything from scratch will be a lot of effort at least I know it will be done properly, to be honest anything would be better than the bowl of noodle soup they have now.

    I will continue to troubleshoot on the VM once I have the backup restored.

    Cheers,

    Asus P8Z77-VL X
    Intel Core i7-3770
    Cooler Master Seidon 120V Plus CPU Water Cooler
    32GB DDR3
    2 x 250GB SSD, 3 x 2TB WD Enterprise HDD
    Asus DVD/RW
    eVGA GeForce GTX 970
    Coolermaster Centurion Case & 550W PSU
    Windows 10 Pro

  3. #13
    Enterprise IT Consultant chiefnz's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    1,457

    Default Re: Troubleshooting Active Directory issues

    I have found that the Exchange server is a member of the "Domain Controllers" group?

    Not sure if this is meant to be here as the Exchange server doesn't have the AD role installed. Is this normal?

    I tried to remove it from the "Domain Controllers" group but this returned a message saying that this is the server's "Primary Group" and that I have to select a new Primary Group before I can remove it.

    We are running Exchange 2013.

    Can any AD or Exchange gurus provide some advice on this?

    Thanks,

    Asus P8Z77-VL X
    Intel Core i7-3770
    Cooler Master Seidon 120V Plus CPU Water Cooler
    32GB DDR3
    2 x 250GB SSD, 3 x 2TB WD Enterprise HDD
    Asus DVD/RW
    eVGA GeForce GTX 970
    Coolermaster Centurion Case & 550W PSU
    Windows 10 Pro

  4. #14
    Systems Engineer Alex B's Avatar
    Join Date
    Mar 2010
    Location
    London
    Posts
    1,659

    Default Re: Troubleshooting Active Directory issues

    Before you go any further make sure you have good backups, use Windows Backup to backup AD system state at least.

    Consider opening a support case with MS. I think the cost is about $500, but that can work out cheap with AD issues like you're looking at, they are rarely straightforward to resolve.

    I would raise the domain/forest functional level to at least 2008 R2. There hasn't been any improvements since that level, so no real point going past it that I'm aware of.

    You may also want to upgrade from FRS to DFSR Replication: https://blogs.technet.microsoft.com/...-sysvol/#quick

    As for the Exchange Box being in Domain Controllers. IIRC if a DC is properly demoted, it is automatically removed from the Domain Controllers OU.

    How are the logs looking in event viewer? Especially around AD and DNS. AD is very dependent on DNS being healthy.

    When you changed to a new DC, did you update DHCP to point the endpoints to the new DC for DNS?
    Last edited by Alex B; 06-09-2017 at 10:58 AM.

  5. #15
    Enterprise IT Consultant chiefnz's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    1,457

    Default Re: Troubleshooting Active Directory issues

    Sorry for the delay.

    I've been through the logs and here is what I've found... which isn't much really as you will see from the log entry types:

    For the DNS, Directory Services and DHCP Server logs:

    They all have entries similar to this; they only vary in number, most of them occur in the Directory services log and i'm pretty sure that's because there is only one domain controller, from what I can tell there are many errors relating to AD replication etc. which is to be expected.

    The description for Event ID xxxx from source xxxx cannot be found. Either the component that raises this event is not installed
    on your local computer or the installation.
    The System log is flooded with the following error:

    No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the
    system default credentials from accepting SSL.
    I've had to stop working on the client's system for now as they have run out of funding.

    I do have copies of the log files so could potentially answer a few queries if any arise from this post.

    Cheers,

    Asus P8Z77-VL X
    Intel Core i7-3770
    Cooler Master Seidon 120V Plus CPU Water Cooler
    32GB DDR3
    2 x 250GB SSD, 3 x 2TB WD Enterprise HDD
    Asus DVD/RW
    eVGA GeForce GTX 970
    Coolermaster Centurion Case & 550W PSU
    Windows 10 Pro

Similar Threads

  1. Sample Active Directory
    By somebody in forum PressF1
    Replies: 3
    Last Post: 15-07-2012, 09:53 PM
  2. Exporting data from Active Directory
    By chiefnz in forum PressF1
    Replies: 5
    Last Post: 06-10-2009, 06:22 PM
  3. Active Directory
    By jwil1 in forum PressF1
    Replies: 1
    Last Post: 30-01-2009, 09:55 AM
  4. Replies: 4
    Last Post: 18-11-2007, 10:43 AM
  5. Copy Active Directory users to Open Directory
    By technicianxp in forum PressF1
    Replies: 2
    Last Post: 13-04-2006, 06:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •