Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy / Directory Service Error

Status
Not open for further replies.
HeleneP

HeleneP

Technical User
Apr 18, 2002
64
US
We've not long set up AD on our network (mixed mode) and I thought I'd have a check of at the user account policy so I went to Users and Computers, Properties on the domain and then to Group Policy and got the following error message:

Failed to find a domain controller for <domain name> with Active Directory Support.

Details:
The directory service is unavailable.

We have 3 locations each with a DC set up for global catalog, dns and wins along with other DC's without these functions.

What have I done wrong?
 
Sort by date Sort by votes
Just an update to see if anyone has an answer for me.

Have changed to native mode and removed a DC that thought it was doing all 5 FSMO roles when all other DC's only had it doing 2 and other DC's doing the PDC, RID and Infrastructure roles. This let us access the Group Policy information for the domain. We left the system overnight to sort itself out and when we came back in this morning the Group policy issue is back with the same message.

We believe that it is not applying our user account policy correctly. I have also found that although I can run netdiag, I cannot run dcdiag as I get the following error.

The procedure entry point DsIsMangledDnW could be located in the dynamic link library NTDSAPI.dll

Please can someone help me.
 
Upvote 0 Downvote
Hi there .

I hope you installed all the sp and patches. :)

Did you remove a dc ?
than you might have to do a metadatacleanup.(ntdsutil)

Use the Netdom tool that is included in the Windows Support Tools to verify network trust relationships and reset or establish a connection to a server.

Check your event logs for more errors.

Greetz nootgevallen
 
Upvote 0 Downvote
Hey. Thanks so much for replying.

All of our servers are fully patched. The DC that was giving us the problem was finally dcpromo'ed down to a member server and then removed from the domain and re-established back in as a member server again. AD is not showing it as a DC any more and all remaining DC's seem to agree on which servers are performing the 5 FSMO roles at any one time.

I am a bit uncertain about the NTDSUTIL and Netdom functions. Can you tell me exactly what I need to do.

Also the error for dcdiag sounds rather ominous. Any advice there?

Have you ever come across the error for the group policy. And would you have any idea why some people are struggling to change their passwords. It lets them change when they have a few days left but then requires them to put in their old passwords. Finally when the password expires it no longer lets them change it.

Thanks. Any help would be wonderful.
 
Upvote 0 Downvote
OK here we go ,

Your dcdiag mayby the wrong version don't know which version is the correct one but you can use this tool from microsoft it has the latest dcdiag in it and is the right version .
it makes a log file off the dcdiag in a folder in the
%system%\MPSReports\DirSvc\Logs

It will install some tools in
%system%\MPSReports\DirSvc\Bin

NOTES:
======
Average completion times for the MPS Reporting Tool MODE 1 are in the range of 5 to 15 minutes. If for some reason the data collection process is not completing try running the tool during non-peak usage times.

MODE 2: FULL of the reporting tool should only be run during non-peak usage times or on systems that are not under heavy load.

It is required that the currently logged on user have Administrative rights in order to allow for proper operations of the MPS Reporting Tool.

Microsoft Platform Support Reporting Tool v5.16
Information
Download :
This is the one with the latest dcdiag in it.
-----------------------------------------------------------
are the dc in one location or at different locations?
I think different locations. i want to now which server Dc1 or Dc2 or Dc3 has which fsmo roles.

there are scripts on the microsoft site for determine which server has which roles.

I've read that all your dc's are configured as a global catalog servers.

Fsmo role :
The infrastructure master(only one) will not function if it is residing on a domain controller that also contains a global catalog!
So your infrastructure master will not function.
it does not replicate changes from the global catalog to other domain controllers in your domain.warning to that effect will be logged on that DC's event log.

explaines all fsmo roles :

Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller :

And your last question about passwords , could be the problem with the infrastructure master!
doesn't replicate changes .

I hope this helps a little .......

greetz nootgevallen.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
248
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
986
goombawaho
goombawaho
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony &amp; QS
Replies
0
Views
520
DeepuM
DeepuM
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
230
geneg28
geneg28
johan_1212
  • Locked
  • Question
AVG Antivirus Error
Replies
0
Views
214
johan_1212
johan_1212

Part and Inventory Search

Sponsor

Back
Top