why can not authenticate agains Domain Controller

Discussion in 'Active Directory' started by Carlos Costa, Mar 30, 2007.

  1. Carlos Costa

    Carlos Costa Guest

    I have a Windows structure based in master domain ( company.local - that hold
    only administrative objects) and child domain (office.company.local that
    holds the rest - users, printers ...).
    sudently the domain controller (company.local) stops authenticating users.
    i rebooted it but now i can not authenticate administrator.

    any sugestions?
    Carlos Costa, Mar 30, 2007
    1. Advertisements

  2. Need some specific's error messages etc... to help fully figure this out

    Run diagnostics against your Active Directory domain.

    If you don't have the tools installed, install them from your server install

    Run dcdiag, netdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> netdiag.exe /v > c:\netdiag.log (On each dc)
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

    **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
    in the forest. If you have significant numbers of DC's this test could
    generate significant detail and take a long time. You also want to take
    into account slow links to dc's will also add to the testing time.

    If you download a gui script I wrote it should be simple to set and run
    (DCDiag and NetDiag). It also has the option to run individual tests
    without having to learn all the switch options. The details will be output
    in notepad text files that pop up automagically.

    The script is located in the download section on my website at

    Just select both dcdiag and netdiag make sure verbose is set. (Leave the
    default settings for dcdiag as set when selected)

    When complete search for fail, error and warning messages.
    Paul Bergson [MVP-DS], Mar 30, 2007
    1. Advertisements

  3. Carlos Costa

    Carlos Costa Guest

    tks for your help Paul....
    but... I can´t authenticate myselft in a DC... So, i can't run any
    diagnostic tools.
    aparently, the problem resides in replication... We changed to summer timer
    and our system "freek out".
    I´ll wait e little more... to undestand what happened.

    Carlos Costa, Apr 2, 2007
  4. As additional comment, you should always be able to logon as the built-in
    administrator account to a Domain Controller unless some thing has gone very
    bad. If that really is the case reboot into Directory Services Restore Mode
    and logon using the restore mode password.

    Christoffer Andersson
    Executive Consultant - TrueSec
    Microsoft MVP - Directory Services

    http://www.chrisse.se - Active Directory Resources


    Sounds like you might have had a time issue when you changed to summer
    time and this could have caused secure channels to break.
    This could cause replication issues, authentication issues, and
    network access issues.

    Like Paul mentioned above, utilize the diagnostic tools provided to
    determine where the issue resides.

    Good luck

    Harj Singh
    Power Your Active Directory Investment
    Chriss3 [MVP], Apr 4, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.