Exchange 2003 to Exchange 2008 upgrade for DC

Discussion in 'Active Directory' started by TheWall, Jul 13, 2009.

  1. TheWall

    TheWall Guest

    Hi, it is that time. I have to get us onto Exchange 2008...

    What i need to move:
    DC
    DHCP
    DNS
    Exchange

    I am going to move everything to a hyper-v server.
    Format the existing win 2003 server and install Win 2008.
    Move all the services back to the physical server and keep the virtual
    server as a secondary DC.

    Where can i get documentation on this?
    Can i just run DCPromo on the Win2k8 Hyper-V server and make it a secondary
    DC?
    How do i do exchange?

    Thanks!!
     
    TheWall, Jul 13, 2009
    #1
    1. Advertisements

  2. When was that released? I've only got Exchange 2007!
    What do you have *now* ? That would make it a lot easier to give you advice.
    Please be specific (including whether Exchange is running on a DC, what OS
    you run it on, and whether you have any W2008 DCs now)
     
    Lanwench [MVP - Exchange], Jul 13, 2009
    #2
    1. Advertisements

  3. Hello TheWall,

    Exchange 2008 doesn't exist, so i assume you mean Exchange 2007? It is not
    recommended to run exchange on domain controllers, especially exchange 2007.

    Please describe more detailed your current setup, how many physical machines
    with which application, role installed. It sounds for me that youhave one
    physical 2003 DC with also exchange installed? And an additional physical
    machine with 2008 and Hyper-V running, 32bit or 64bit?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 13, 2009
    #3
  4. TheWall

    TheWall Guest

    Sorry Guys, what i ment was Exch 2007. Tipo

    Got a bit busy so sorry for the delay.

    What i have:
    ServerA: Win 2003 DC running everything from DNS, DHCP, Exchange 2003.
    ServerB: Win 2008 With Hyper-v
    ServerC: Win 2008 with Hyper-v
    ServerH: Hyper-v platform running on ServerC Win 2008

    ServerA has got hardware issues so want a backups server for when/if it goes
    down and dont have the capital now to buy a extra server.

    ServerH will only be a backup server while im redoing/preparing serverA but
    have to run everything while ServerA is down and then i will move roles back
    to ServerA onse it is up and running.

    At the end ServerA will be the main DC but i want to keep ServerH for a
    backup server.(Secondary DC)

    Hope all this makes sence.

    Hyper-V - i know in certain senarios it is not recommended and that the
    snapshot function would break you Virtual server but i have heard that it
    will work, as long as you dont use Snapshots(correct me if im wrong, please)

    My question is more in how to do it? what is the steps and where can i get
    the best documentation...

    Step i think:

    Run DCPromo on ServerH as a secondary DC.
    Add DHCP and DNS to ServerH
    Disable DHCP on serverA

    How do i move the soles over from ServerA to ServerH?

    Syed, just started reading your post and think that would help alot... Quite
    alot to do there so let me have a look and get back to you if that answers
    all my questions.

    Thanks
     
    TheWall, Jul 15, 2009
    #4
  5. Howdie!
    It is generally a good idea to always have two domain controllers per
    domain in case something breaks. You do yourself a favor in having
    those. Please don't consider one server "primary" and another
    "secondary". Apart from the operation master roles, both DCs are equal
    and should be treated so.
    Are you saying you want to make the Hyper-V server a DC? Or do you want
    to create a VM and have that run as a DC? if you have the choice I'd
    rather use a VM within that Hyper-V machine and let that run as a DC.

    Snapshots and Images are no valid backup for DCs - you can break things
    so don't do that.
    Okay - I see now. What about creating a new VM for a DC? Are there
    resources left on the Hyper-V machine?

    You can actually have DCPromo make this machine a DC during promotion.
    just make sure you configure the machine's DNS configuration correctly
    so that it uses the other DC as the primary DNS and itself as the secondary.
    You mean the operation master roles (FSMO)? You do that with NTDSUtil or
    the GUI. Note that you need to _transfer_ the roles rather than _seize_
    them.

    Cheers,
    Florian
     
    Florian Frommherz [MVP], Jul 15, 2009
    #5
  6. TheWall

    TheWall Guest

    Hi
    Creating a VM on a hyper-V Server. I have already create it so there is
    resources.
     
    TheWall, Jul 15, 2009
    #6
  7. TheWall

    TheWall Guest

    Hi Syed,

    I am following your directions step by step and now got the following error
    and not sure what option to choose... Think i might need to give the New
    Server rights on the DNS for the old server?

    "Active Directory Domain Services Installation Wizzard

    A delegation for this DNS server cannot be created because the authoritive
    parent zone cannot be found or it does not run Windows DNS Server. To enable
    reliable DNS name resolution from outside the domain x.local, you should
    create a delegation to this DNS server manually in the parent zone.

    Do you want to continue?"

    I dont think i should?

    Any idea what i need to do?
     
    TheWall, Jul 16, 2009
    #7
  8. Yes, you can continue. Complete the tasks and follow the other steps
    provided.

    Ace
     
    Ace Fekay [MCT], Jul 16, 2009
    #8
  9. TheWall

    TheWall Guest

    Ok, im little stuck now again...

    What i did:

    Options on DCPromo
    Configure this server as an additional Active Directory domain controller
    for the domain dac.local.

    Site: HQ-X-NAT

    Additional Options:
    Read-only domain controller: No
    Global catalog: Yes
    DNS Server: Yes

    Update DNS Delegation: No

    Source domain controller: any writable domain controller

    Database folder: C:\Windows\NTDS
    Log file folder: C:\Windows\NTDS
    SYSVOL folder: C:\Windows\SYSVOL

    The DNS Server service will be installed on this computer.
    The DNS Server service will be configured on this computer.
    This computer will be configured to use this DNS server as its preferred DNS
    server.

    After install:

    Active Directory Domain Services is now installed on this computer for the
    domain x.local.

    This Active Directory domain controller is assigned to the site
    HQ-location-NAT. You can manage sites with the Active Directory Sites and
    Services administrative tool.

    I have restarted and gave it 20 min and is replicated.

    I now want to run the commands on both servers:
    adprep /forestprep
    adprep /domainprep
    adprep /rodcprep

    On the first one on the new DC it give me Access denied.
    I have tried running under 2 diffrent accounts both with domain admin,
    enterprise Admin and Schema Admin...

    Thanks for all the help sofar...
     
    TheWall, Jul 17, 2009
    #9
  10. Hello TheWall,

    Why will you run adprep command on the new installed 2008 DCs? Did i mis
    something in your descriptions? Adprep has to be run on the existing DC from
    the 2008 installation disk before promoting the 2008 DCs.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 17, 2009
    #10
  11. TheWall

    TheWall Guest

    Hi Meibolf, i did run it on the excisting one.

    On the directions posted by Syed it says

    "- if the new machine is domain controller and DNS server run again
    replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008,
    will work) on both domain controllers"

    This is after i ran DCPromo on the new server?

    Maybe im reading it wrong? By that i understand that i must run it on both
    DC'? New and old?

    Must i skip this step?
     
    TheWall, Jul 17, 2009
    #11
  12. Hello TheWall,

    Seems this is our mismatch, you wrote:

    I now want to run the commands on both servers:
    adprep /forestprep
    adprep /domainprep
    adprep /rodcprep

    To run the support tools after major steps is recommended of course.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 17, 2009
    #12
  13. TheWall

    TheWall Guest

    So must i run it on both servers? Why will it deny access?
     
    TheWall, Jul 17, 2009
    #13
  14. Hello TheWall,

    I assume you do not use the administrator account on the 2008 machines, instead
    a member of the domain admins. Open the command line with RUNAS option to
    elevate the permissions. dcdiag can also be run for the complete DCs with
    /e switch, depending on amount of DCs and connectivity this can take time
    of course. If you use that switch i suggest to pipe the output into a text
    file for better reading.

    dcdiag /v /c /e /s:DCname >c:\dcdiag.log

    See here about the different switches:
    http://technet.microsoft.com/en-us/library/cc757689(WS.10).aspx

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 17, 2009
    #14
  15. TheWall

    TheWall Guest

    Ahh, cant believe it. I always forget about RUNAS... that was the issue.

    Anyway, excuse me if i ask stupid questions but dont want to take any
    chances with this...

    I transvered all the roles except the "Infrastructure Role"

    When i want to tr4ansver it i get the following: "ServerName is a global
    catalog (GC) server. The infrastructure operations master role should not be
    transfered to a gc server."

    Do i want to do this?
     
    TheWall, Jul 17, 2009
    #15


  16. If you only have one domain, ignore the message. This only applies to
    multiple domain forests. If you have more than one domain, then you do not
    want to make a DC a GC if it holds the IM role.

    Ace
     
    Ace Fekay [MCT], Jul 17, 2009
    #16
  17. Meinolf Weber [MVP-DS], Jul 18, 2009
    #17
  18. TheWall

    TheWall Guest

    Great, i am now on the step before demoting old DC.

    Can i know unplug any of the 2 servers and the other one will take over?

    Im getting the following errors on Old DC

    Event Type: Information
    Event Source: NTDS General
    Event Category: DS Schema
    Event ID: 1464
    Date: 2009/07/20
    Time: 11:20:44 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: OLDDC
    Description:
    While searching for an index, Active Directory detected that a new index is
    needed for the following attribute.

    Attribute:
    msFVE-RecoveryGuid
    New index name:
    INDEX_LP_000907AD_1C09

    A new index will be automatically created.

    Additional Data
    Error value:
    -1404 JET_errIndexNotFound, No such index

    and

    Event Type: Error
    Event Source: NTDS General
    Event Category: DS Schema
    Event ID: 1136
    Date: 2009/07/20
    Time: 11:20:45 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: OLDDC
    Description:
    Active Directory failed to create an index for the following attribute.

    Attribute identifier:
    591789
    Attribute name:
    msFVE-RecoveryGuid

    A schema cache update will occur 5 minutes after the logging of this event
    and will attempt to create an index for the attribute.

    Additional Data
    Error value:
    -1403 JET_errIndexDuplicate, Index is already defined

    anything to worry about?
     
    TheWall, Jul 20, 2009
    #18
  19. Hello TheWall,

    Leave all connected until now, this event viewer entries show that something
    seems to be with your schema replication creation, see:
    http://technet.microsoft.com/en-us/library/cc756482(WS.10).aspx

    Please run repadmin /showrepl, dcdiag /v on the DCs and post the output here.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 20, 2009
    #19
  20. TheWall

    TheWall Guest

    OldDC repadmin:

    repadmin running command /showrepl against server localhost

    HQ-Midrand-NAT\CORE

    DC Options: IS_GC

    Site Options: IS_GROUP_CACHING_ENABLED

    DC object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    DC invocationID: 160a894d-4db4-4963-a26f-94631f2138ff



    ==== INBOUND NEIGHBORS ======================================



    DC=dac,DC=local

    HQ-Midrand-NAT\SVVDAC001 via RPC

    DC object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    Last attempt @ 2009-07-20 12:16:29 was successful.



    CN=Configuration,DC=dac,DC=local

    HQ-Midrand-NAT\SVVDAC001 via RPC

    DC object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    Last attempt @ 2009-07-20 11:51:37 was successful.



    CN=Schema,CN=Configuration,DC=dac,DC=local

    HQ-Midrand-NAT\SVVDAC001 via RPC

    DC object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    Last attempt @ 2009-07-20 11:45:43 was successful.



    DC=DomainDnsZones,DC=dac,DC=local

    HQ-Midrand-NAT\SVVDAC001 via RPC

    DC object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    Last attempt @ 2009-07-20 11:53:32 was successful.



    DC=ForestDnsZones,DC=dac,DC=local

    HQ-Midrand-NAT\SVVDAC001 via RPC

    DC object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    Last attempt @ 2009-07-20 11:45:44 was successful.

    OldDC dcdiag:

    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine core, is a DC.
    * Connecting to directory service on server core.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: HQ-Midrand-NAT\CORE
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... CORE passed test Connectivity

    Doing primary tests

    Testing server: HQ-Midrand-NAT\CORE
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    * Replication Site Latency Check
    Site

    CN=NTDS Site
    Settings,CN=HQ-Midrand,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it has no servers in it.
    Site

    CN=NTDS Site
    Settings,CN=IS-OnSite-Hosting,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it never had an ISTG running in it.
    Site

    CN=NTDS Site
    Settings,CN=CapeTown,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it never had an ISTG running in it.
    ......................... CORE passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC CORE.
    * Security Permissions Check for
    DC=ForestDnsZones,DC=dac,DC=local
    (NDNC,Version 2)
    * Security Permissions Check for
    DC=DomainDnsZones,DC=dac,DC=local
    (NDNC,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=dac,DC=local
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=dac,DC=local
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=dac,DC=local
    (Domain,Version 2)
    ......................... CORE passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\CORE\netlogon
    Verified share \\CORE\sysvol
    ......................... CORE passed test NetLogons
    Starting test: Advertising
    The DC CORE is advertising itself as a DC and having a DS.
    The DC CORE is advertising as an LDAP server
    The DC CORE is advertising as having a writeable directory
    The DC CORE is advertising as a Key Distribution Center
    The DC CORE is advertising as a time server
    The DS CORE is advertising as a GC.
    ......................... CORE passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Domain Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role PDC Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Rid Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    ......................... CORE passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 2610 to 1073741823
    * SVVDAC001.dac.local is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1610 to 2109
    * rIDPreviousAllocationPool is 1610 to 2109
    * rIDNextRID: 1752
    ......................... CORE passed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC CORE on DC CORE.
    * SPN found :LDAP/core.dac.local/dac.local
    * SPN found :LDAP/core.dac.local
    * SPN found :LDAP/CORE
    * SPN found :LDAP/core.dac.local/DAC
    * SPN found
    :LDAP/160a894d-4db4-4963-a26f-94631f2138ff._msdcs.dac.local
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/160a894d-4db4-4963-a26f-94631f2138ff/dac.local
    * SPN found :HOST/core.dac.local/dac.local
    * SPN found :HOST/core.dac.local
    * SPN found :HOST/CORE
    * SPN found :HOST/core.dac.local/DAC
    * SPN found :GC/core.dac.local/dac.local
    ......................... CORE passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... CORE passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    CORE is in domain DC=dac,DC=local
    Checking for CN=CORE,OU=Domain Controllers,DC=dac,DC=local in
    domain DC=dac,DC=local on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=CORE,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local in domain CN=Configuration,DC=dac,DC=local on 1 servers
    Object is up-to-date on all servers.
    ......................... CORE passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... CORE passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... CORE passed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:05:54
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:05:54
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:10:55
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:10:55
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:15:56
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0000470
    Time Generated: 07/20/2009 12:15:56
    (Event String could not be retrieved)
    ......................... CORE failed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0xC0000192
    Time Generated: 07/20/2009 11:24:16
    Event String: Virtual Server 1: 10.10.10.23 maximum number of

    connections has been reached. Connection being

    closed.
    An Error Event occured. EventID: 0xC0000192
    Time Generated: 07/20/2009 11:58:32
    Event String: Virtual Server 1: 10.10.10.23 maximum number of

    connections has been reached. Connection being

    closed.
    ......................... CORE failed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=CORE,OU=Domain Controllers,DC=dac,DC=local and backlink on


    CN=CORE,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=CORE,CN=Domain System Volume (SYSVOL share),CN=File Replication
    Service,CN=System,DC=dac,DC=local

    and backlink on CN=CORE,OU=Domain Controllers,DC=dac,DC=local are

    correct.
    The system object reference (serverReferenceBL)

    CN=CORE,CN=Domain System Volume (SYSVOL share),CN=File Replication
    Service,CN=System,DC=dac,DC=local

    and backlink on

    CN=NTDS
    Settings,CN=CORE,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local

    are correct.
    ......................... CORE passed test VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : dac
    Starting test: CrossRefValidation
    ......................... dac passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... dac passed test CheckSDRefDom

    Running enterprise tests on : dac.local
    Starting test: Intersite
    Skipping site HQ-Midrand, this site is outside the scope provided by

    the command line arguments provided.
    Skipping site HQ-Midrand-NAT, this site is outside the scope provided

    by the command line arguments provided.
    Skipping site IS-OnSite-Hosting, this site is outside the scope

    provided by the command line arguments provided.
    Skipping site CapeTown, this site is outside the scope provided by
    the

    command line arguments provided.
    ......................... dac.local passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\core.dac.local
    Locator Flags: 0xe00001fc
    PDC Name: \\SVVDAC001.dac.local
    Locator Flags: 0xe00011fd
    Time Server Name: \\core.dac.local
    Locator Flags: 0xe00001fc

    newDC Repadmin

    Repadmin: running command /showrepl against full DC localhost

    HQ-Midrand-NAT\SVVDAC001

    DSA Options: IS_GC

    Site Options: IS_GROUP_CACHING_ENABLED

    DSA object GUID: d6e86ccf-71b1-4a3d-a156-25882c167054

    DSA invocationID: 5bd23ea5-24f1-4916-8d59-58f775e4ec09



    ==== INBOUND NEIGHBORS ======================================



    DC=dac,DC=local

    HQ-Midrand-NAT\CORE via RPC

    DSA object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    Last attempt @ 2009-07-20 12:20:55 was successful.



    CN=Configuration,DC=dac,DC=local

    HQ-Midrand-NAT\CORE via RPC

    DSA object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    Last attempt @ 2009-07-20 11:51:30 was successful.



    CN=Schema,CN=Configuration,DC=dac,DC=local

    HQ-Midrand-NAT\CORE via RPC

    DSA object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    Last attempt @ 2009-07-20 11:51:21 was successful.



    DC=DomainDnsZones,DC=dac,DC=local

    HQ-Midrand-NAT\CORE via RPC

    DSA object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    Last attempt @ 2009-07-20 11:53:47 was successful.



    DC=ForestDnsZones,DC=dac,DC=local

    HQ-Midrand-NAT\CORE via RPC

    DSA object GUID: 160a894d-4db4-4963-a26f-94631f2138ff

    Last attempt @ 2009-07-20 11:51:22 was successful.

    NewDC


    Directory Server Diagnosis


    Performing initial setup:

    Trying to find home server...

    * Verifying that the local machine SVVDAC001, is a Directory Server.
    Home Server = SVVDAC001

    * Connecting to directory service on server SVVDAC001.

    * Identified AD Forest.
    Collecting AD specific global data
    * Collecting site info.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=dac,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    The previous call succeeded
    Iterating through the sites
    Looking at base site object: CN=NTDS Site
    Settings,CN=IS-OnSite-Hosting,CN=Sites,CN=Configuration,DC=dac,DC=local
    Getting ISTG and options for the site
    Looking at base site object: CN=NTDS Site
    Settings,CN=HQ-Midrand,CN=Sites,CN=Configuration,DC=dac,DC=local
    Getting ISTG and options for the site
    Looking at base site object: CN=NTDS Site
    Settings,CN=CapeTown,CN=Sites,CN=Configuration,DC=dac,DC=local
    Getting ISTG and options for the site
    Looking at base site object: CN=NTDS Site
    Settings,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Getting ISTG and options for the site
    * Identifying all servers.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=dac,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    The previous call succeeded....
    The previous call succeeded
    Iterating through the list of servers
    Getting information for the server CN=NTDS
    Settings,CN=CORE,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    Getting information for the server CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    * Identifying all NC cross-refs.

    * Found 2 DC(s). Testing 1 of them.

    Done gathering initial info.


    Doing initial required tests


    Testing server: HQ-Midrand-NAT\SVVDAC001

    Starting test: Connectivity

    * Active Directory LDAP Services Check
    Determining IP4 connectivity
    Determining IP6 connectivity
    * Active Directory RPC Services Check
    ......................... SVVDAC001 passed test Connectivity



    Doing primary tests


    Testing server: HQ-Midrand-NAT\SVVDAC001

    Starting test: Advertising

    The DC SVVDAC001 is advertising itself as a DC and having a DS.
    The DC SVVDAC001 is advertising as an LDAP server
    The DC SVVDAC001 is advertising as having a writeable directory
    The DC SVVDAC001 is advertising as a Key Distribution Center
    The DC SVVDAC001 is advertising as a time server
    The DS SVVDAC001 is advertising as a GC.
    ......................... SVVDAC001 passed test Advertising

    Test omitted by user request: CheckSecurityError

    Test omitted by user request: CutoffServers

    Starting test: FrsEvent

    * The File Replication Service Event log test
    ......................... SVVDAC001 passed test FrsEvent

    Starting test: DFSREvent

    The DFS Replication Event Log.
    ......................... SVVDAC001 passed test DFSREvent

    Starting test: SysVolCheck

    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... SVVDAC001 passed test SysVolCheck

    Starting test: KccEvent

    * The KCC Event log test
    Found no KCC errors in "Directory Service" Event log in the last 15
    minutes.
    ......................... SVVDAC001 passed test KccEvent

    Starting test: KnowsOfRoleHolders

    Role Schema Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Domain Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role PDC Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Rid Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local
    ......................... SVVDAC001 passed test KnowsOfRoleHolders

    Starting test: MachineAccount

    Checking machine account for DC SVVDAC001 on DC SVVDAC001.
    * SPN found :LDAP/SVVDAC001.dac.local/dac.local
    * SPN found :LDAP/SVVDAC001.dac.local
    * SPN found :LDAP/SVVDAC001
    * SPN found :LDAP/SVVDAC001.dac.local/DAC
    * SPN found
    :LDAP/d6e86ccf-71b1-4a3d-a156-25882c167054._msdcs.dac.local
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d6e86ccf-71b1-4a3d-a156-25882c167054/dac.local
    * SPN found :HOST/SVVDAC001.dac.local/dac.local
    * SPN found :HOST/SVVDAC001.dac.local
    * SPN found :HOST/SVVDAC001
    * SPN found :HOST/SVVDAC001.dac.local/DAC
    * SPN found :GC/SVVDAC001.dac.local/dac.local
    ......................... SVVDAC001 passed test MachineAccount

    Starting test: NCSecDesc

    * Security Permissions check for all NC's on DC SVVDAC001.
    * Security Permissions Check for

    DC=ForestDnsZones,DC=dac,DC=local
    (NDNC,Version 3)
    * Security Permissions Check for

    DC=DomainDnsZones,DC=dac,DC=local
    (NDNC,Version 3)
    * Security Permissions Check for

    CN=Schema,CN=Configuration,DC=dac,DC=local
    (Schema,Version 3)
    * Security Permissions Check for

    CN=Configuration,DC=dac,DC=local
    (Configuration,Version 3)
    * Security Permissions Check for

    DC=dac,DC=local
    (Domain,Version 3)
    ......................... SVVDAC001 passed test NCSecDesc

    Starting test: NetLogons

    * Network Logons Privileges Check
    Verified share \\SVVDAC001\netlogon
    Verified share \\SVVDAC001\sysvol
    ......................... SVVDAC001 passed test NetLogons

    Starting test: ObjectsReplicated

    SVVDAC001 is in domain DC=dac,DC=local
    Checking for CN=SVVDAC001,OU=Domain Controllers,DC=dac,DC=local in
    domain DC=dac,DC=local on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local in domain CN=Configuration,DC=dac,DC=local on 1 servers
    Object is up-to-date on all servers.
    ......................... SVVDAC001 passed test ObjectsReplicated

    Test omitted by user request: OutboundSecureChannels

    Starting test: Replications

    * Replications Check
    * Replication Latency Check
    * Replication Site Latency Check
    Site

    CN=NTDS Site
    Settings,CN=IS-OnSite-Hosting,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it never had an ISTG running in it.
    Site

    CN=NTDS Site
    Settings,CN=HQ-Midrand,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it has no servers in it.
    Site

    CN=NTDS Site
    Settings,CN=CapeTown,CN=Sites,CN=Configuration,DC=dac,DC=local

    was skipped because it never had an ISTG running in it.
    ......................... SVVDAC001 passed test Replications

    Starting test: RidManager

    * Available RID Pool for the Domain is 2610 to 1073741823
    * SVVDAC001.dac.local is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 2110 to 2609
    * rIDPreviousAllocationPool is 2110 to 2609
    * rIDNextRID: 2110
    ......................... SVVDAC001 passed test RidManager

    Starting test: Services

    * Checking Service: EventSystem
    * Checking Service: RpcSs
    * Checking Service: NTDS
    * Checking Service: DnsCache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... SVVDAC001 passed test Services

    Starting test: SystemLog

    * The System Event log test
    Found no errors in "System" Event log in the last 60 minutes.
    ......................... SVVDAC001 passed test SystemLog

    Test omitted by user request: Topology

    Test omitted by user request: VerifyEnterpriseReferences

    Starting test: VerifyReferences

    The system object reference (serverReference)

    CN=SVVDAC001,OU=Domain Controllers,DC=dac,DC=local and backlink on


    CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local

    are correct.
    The system object reference (serverReferenceBL)

    CN=SVVDAC001,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=dac,DC=local

    and backlink on

    CN=NTDS
    Settings,CN=SVVDAC001,CN=Servers,CN=HQ-Midrand-NAT,CN=Sites,CN=Configuration,DC=dac,DC=local

    are correct.
    ......................... SVVDAC001 passed test VerifyReferences

    Test omitted by user request: VerifyReplicas


    Test omitted by user request: DNS

    Test omitted by user request: DNS


    Running partition tests on : ForestDnsZones

    Starting test: CheckSDRefDom

    ......................... ForestDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... ForestDnsZones passed test

    CrossRefValidation


    Running partition tests on : DomainDnsZones

    Starting test: CheckSDRefDom

    ......................... DomainDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... DomainDnsZones passed test

    CrossRefValidation


    Running partition tests on : Schema

    Starting test: CheckSDRefDom

    ......................... Schema passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Schema passed test CrossRefValidation


    Running partition tests on : Configuration

    Starting test: CheckSDRefDom

    ......................... Configuration passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Configuration passed test
    CrossRefValidation


    Running partition tests on : dac

    Starting test: CheckSDRefDom

    ......................... dac passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... dac passed test CrossRefValidation


    Running enterprise tests on : dac.local

    Test omitted by user request: DNS

    Test omitted by user request: DNS

    Starting test: LocatorCheck

    GC Name: \\SVVDAC001.dac.local

    Locator Flags: 0xe00011fd
    PDC Name: \\SVVDAC001.dac.local
    Locator Flags: 0xe00011fd
    Time Server Name: \\SVVDAC001.dac.local
    Locator Flags: 0xe00011fd
    Preferred Time Server Name: \\SVVDAC001.dac.local
    Locator Flags: 0xe00011fd
    KDC Name: \\SVVDAC001.dac.local
    Locator Flags: 0xe00011fd
    ......................... dac.local passed test LocatorCheck

    Starting test: Intersite

    Skipping site IS-OnSite-Hosting, this site is outside the scope

    provided by the command line arguments provided.
    Skipping site HQ-Midrand, this site is outside the scope provided by

    the command line arguments provided.
    Skipping site CapeTown, this site is outside the scope provided by
    the

    command line arguments provided.
    Skipping site HQ-Midrand-NAT, this site is outside the scope provided

    by the command line arguments provided.
    ......................... dac.local passed test Intersite
     
    TheWall, Jul 20, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.