Paul
Wed May 07 05:38:03 PDT 2008
Run diagnostics against your Active Directory domain.
If you don't have the support tools installed, install them from your server
install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.
The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"peruvian99" <peruvian99@discussions.microsoft.com> wrote in message
news:138C8992-C96D-489F-983E-CC3CD7AC3045@microsoft.com...
> Thanks for the advice - one more thing -we are seeing another issue where
> our
> domain controllers which happen to hold the FSMO roles to not come up when
> we
> do a nslookup against the domain i.e. xyz.net
>
> I restarted netlogon service to rebuild the srv record - reregistered the
> dc's via ipconfig .registerdns
>
> any thoughts
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> If you remove the manually created connection objects the KCC should
>> rebuild
>> then in about 15 minutes. Any manually created objects won't be touched
>> so
>> you should only delete those you want rebuilt by the KCC.
>>
>> There may have been a reason that the objects were manually created so
>> don't
>> just do this on a whim. Also you may want to research on whether or not
>> you
>> have site link bridging enabled. This could create connection objects
>> you
>> may not want and that might be why the objects were manually created. So
>> please read the link below and make sure you understand your topology
>> before
>> you start making any changes.
>>
>> Replication Details
>>
http://technet2.microsoft.com/WindowsServer/en/library/1038d210-c07c-4cde-ad08-a4079b9a8ff01033.mspx?mfr=true
>>
>>
>>
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>>
>>
http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "peruvian99" <peruvian99@discussions.microsoft.com> wrote in message
>> news:6FBBE676-03BF-4E16-AC0B-4B67C841BDF8@microsoft.com...
>> > Hi, we are running into some issues with replication in AD- apparently
>> > some
>> > manual entries have been added to our replication topology - we are
>> > talking
>> > 13 sites all across the US
>> >
>> > Is there a way to default to only using the KCC to fix all this manual
>> > stuff? What is the correct procedure.?
>> >
>> > any help will be appeciated?
>> >
>> > Pierre
>>
>>
>>