Windows Server - Error after pdc rebuild

Asked By darren5972

10-Jan-09 06:08 AM

Hi,

This week we had to rebuild our pdc after OS corruption whilst doing a
reboot after windows updates. We tried to restore system state but to no
avail.
We have two domain controllers pdc and bdc running Windows server 2003
r2 standard. In the end we rebuilt the pdc manually but could only add
it to the domain using dcpromo as another dc, there didn't seem anyway
of adding it as a primary domain controller. We seem to have ironed out
alot of errors but one or two remain when we run dcdiag. We don't get
any errors in the event log but warnings along the lines of:-



Could someone have a look at the dcdiags below and maybe explain if we
have anything to worry about.

Many Thanks in Advance.

PDC DCDIAG followed by BDC DCDIAG

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server highfield-pdc01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\HIGHFIELD-BDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
........................ HIGHFIELD-BDC01 passed test
Connectivity

Testing server: Default-First-Site-Name\HIGHFIELD-PDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
........................ HIGHFIELD-PDC01 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\HIGHFIELD-BDC01
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
........................ HIGHFIELD-BDC01 passed test
Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-BDC01 passed test
Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-BDC01 passed test
CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC
HIGHFIELD-BDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=highfield,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=highfield,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=highfield,DC=local
(Domain,Version 2)
........................ HIGHFIELD-BDC01 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HIGHFIELD-BDC01\netlogon
Verified share \\HIGHFIELD-BDC01\sysvol
........................ HIGHFIELD-BDC01 passed test
NetLogons
Starting test: Advertising
The DC HIGHFIELD-BDC01 is advertising itself as a DC and
having a DS.
The DC HIGHFIELD-BDC01 is advertising as an LDAP server
The DC HIGHFIELD-BDC01 is advertising as having a writeable
directory
The DC HIGHFIELD-BDC01 is advertising as a Key Distribution
Center
The DC HIGHFIELD-BDC01 is advertising as a time server
The DS HIGHFIELD-BDC01 is advertising as a GC.
........................ HIGHFIELD-BDC01 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
........................ HIGHFIELD-BDC01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13603 to 1073741823
* highfield-bdc01.highfield.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 10103 to 10602
* rIDPreviousAllocationPool is 10103 to 10602
* rIDNextRID: 10281
........................ HIGHFIELD-BDC01 passed test
RidManager
Starting test: MachineAccount
Checking machine account for DC HIGHFIELD-BDC01 on DC
HIGHFIELD-BDC01.
* SPN found
* SPN found :LDAP/highfield-bdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-BDC01
* SPN found :LDAP/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-bdc01.highfield.local
* SPN found :HOST/HIGHFIELD-BDC01
* SPN found :HOST/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
........................ HIGHFIELD-BDC01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ HIGHFIELD-BDC01 passed test
Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ HIGHFIELD-BDC01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
HIGHFIELD-BDC01 is in domain DC=highfield,DC=local
Checking for CN=HIGHFIELD-BDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
in domain CN=Configuration,DC=highfield,DC=local on 2 servers
Object is up-to-date on all servers.
........................ HIGHFIELD-BDC01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ HIGHFIELD-BDC01 passed test
frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared.  Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured.  EventID: 0x800034FF
Time Generated: 01/08/2009   14:31:27
(Event String could not be retrieved)
........................ HIGHFIELD-BDC01 failed test
frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
........................ HIGHFIELD-BDC01 passed test
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured.  EventID: 0x0000165B
Time Generated: 01/09/2009   11:19:50
Event String: The session setup from computer
'HIGHFIEL-070EEF'

failed because the security database does not

contain a trust account 'HIGHFIEL-070EEF$'

referenced by the specified computer.



USER ACTION

If this is the first occurrence of this event for

the specified computer and account, this may be a

transient issue that doesn't require any action

at this time. Otherwise, the following steps may

be taken to resolve this problem:



If 'HIGHFIEL-070EEF$' is a legitimate machine

account for the computer 'HIGHFIEL-070EEF', then

'HIGHFIEL-070EEF' should be rejoined to the

domain.



If 'HIGHFIEL-070EEF$' is a legitimate interdomain

trust account, then the trust should be

recreated.



Otherwise, assuming that 'HIGHFIEL-070EEF$' is

not a legitimate account, the following action

should be taken on 'HIGHFIEL-070EEF':



If 'HIGHFIEL-070EEF' is a Domain Controller, then

the trust associated with 'HIGHFIEL-070EEF$'

should be deleted.



If 'HIGHFIEL-070EEF' is not a Domain Controller,

it should be disjoined from the domain.
An Error Event occured.  EventID: 0x000016AD
Time Generated: 01/09/2009   11:26:16
Event String: The session setup from the computer

HIGHFIEL-070EEF failed to authenticate. The

following error occurred:

%%5
An Error Event occured.  EventID: 0x00000457
Time Generated: 01/09/2009   11:56:58
(Event String could not be retrieved)
........................ HIGHFIELD-BDC01 failed test
systemlog
Starting test: VerifyReplicas
........................ HIGHFIELD-BDC01 passed test
VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=HIGHFIELD-BDC01,OU=Domain Controllers,DC=highfield,DC=local
and

backlink on


CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=HIGHFIELD-BDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=HIGHFIELD-BDC01,OU=Domain Controllers,DC=highfield,DC=local
are

correct.
The system object reference (serverReferenceBL)

CN=HIGHFIELD-BDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
........................ HIGHFIELD-BDC01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ HIGHFIELD-BDC01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth:  Beginning security errors check!
Found KDC HIGHFIELD-PDC01 for domain highfield.local in site
Default-First-Site-Name
Checking machine account for DC HIGHFIELD-BDC01 on DC
HIGHFIELD-PDC01.
* SPN found
* SPN found :LDAP/highfield-bdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-BDC01
* SPN found :LDAP/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-bdc01.highfield.local
* SPN found :HOST/HIGHFIELD-BDC01
* SPN found :HOST/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
Checking for CN=HIGHFIELD-BDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
[HIGHFIELD-BDC01] No security related replication errors were
found on this DC!  To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ HIGHFIELD-BDC01 passed test
CheckSecurityError

Testing server: Default-First-Site-Name\HIGHFIELD-PDC01
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
........................ HIGHFIELD-PDC01 passed test
Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-PDC01 passed test
Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-PDC01 passed test
CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC
HIGHFIELD-PDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=highfield,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=highfield,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=highfield,DC=local
(Domain,Version 2)
........................ HIGHFIELD-PDC01 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HIGHFIELD-PDC01\netlogon
Verified share \\HIGHFIELD-PDC01\sysvol
........................ HIGHFIELD-PDC01 passed test
NetLogons
Starting test: Advertising
The DC HIGHFIELD-PDC01 is advertising itself as a DC and
having a DS.
The DC HIGHFIELD-PDC01 is advertising as an LDAP server
The DC HIGHFIELD-PDC01 is advertising as having a writeable
directory
The DC HIGHFIELD-PDC01 is advertising as a Key Distribution
Center
The DC HIGHFIELD-PDC01 is advertising as a time server
The DS HIGHFIELD-PDC01 is advertising as a GC.
........................ HIGHFIELD-PDC01 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
........................ HIGHFIELD-PDC01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13603 to 1073741823
* highfield-bdc01.highfield.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 13103 to 13602
* rIDPreviousAllocationPool is 13103 to 13602
* rIDNextRID: 13103
........................ HIGHFIELD-PDC01 passed test
RidManager
Starting test: MachineAccount
Checking machine account for DC HIGHFIELD-PDC01 on DC
HIGHFIELD-PDC01.
* SPN found
* SPN found :LDAP/highfield-pdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-PDC01
* SPN found :LDAP/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-pdc01.highfield.local
* SPN found :HOST/HIGHFIELD-PDC01
* SPN found :HOST/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
........................ HIGHFIELD-PDC01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ HIGHFIELD-PDC01 passed test
Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ HIGHFIELD-PDC01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
HIGHFIELD-PDC01 is in domain DC=highfield,DC=local
Checking for CN=HIGHFIELD-PDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
in domain CN=Configuration,DC=highfield,DC=local on 2 servers
Object is up-to-date on all servers.
........................ HIGHFIELD-PDC01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ HIGHFIELD-PDC01 passed test
frssysvol
Starting test: frsevent
* The File Replication Service Event log test
........................ HIGHFIELD-PDC01 passed test
frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
........................ HIGHFIELD-PDC01 passed test
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured.  EventID: 0x0000165B
Time Generated: 01/09/2009   11:20:42
Event String: The session setup from computer
'HIGHFIEL-070EEF'

failed because the security database does not

contain a trust account 'HIGHFIEL-070EEF$'

referenced by the specified computer.



USER ACTION

If this is the first occurrence of this event for

the specified computer and account, this may be a

transient issue that doesn't require any action

at this time. Otherwise, the following steps may

be taken to resolve this problem:



If 'HIGHFIEL-070EEF$' is a legitimate machine

account for the computer 'HIGHFIEL-070EEF', then

'HIGHFIEL-070EEF' should be rejoined to the

domain.



If 'HIGHFIEL-070EEF$' is a legitimate interdomain

trust account, then the trust should be

recreated.



Otherwise, assuming that 'HIGHFIEL-070EEF$' is

not a legitimate account, the following action

should be taken on 'HIGHFIEL-070EEF':



If 'HIGHFIEL-070EEF' is a Domain Controller, then

the trust associated with 'HIGHFIEL-070EEF$'

should be deleted.



If 'HIGHFIEL-070EEF' is not a Domain Controller,

it should be disjoined from the domain.
An Error Event occured.  EventID: 0x000016AD
Time Generated: 01/09/2009   11:23:22
Event String: The session setup from the computer

HIGHFIEL-070EEF failed to authenticate. The

following error occurred:

%%5
An Error Event occured.  EventID: 0x00000457
Time Generated: 01/09/2009   11:55:30
(Event String could not be retrieved)
An Error Event occured.  EventID: 0xC0002719
Time Generated: 01/09/2009   11:57:07
(Event String could not be retrieved)
An Error Event occured.  EventID: 0xC0002719
Time Generated: 01/09/2009   11:58:01
(Event String could not be retrieved)
........................ HIGHFIELD-PDC01 failed test
systemlog
Starting test: VerifyReplicas
........................ HIGHFIELD-PDC01 passed test
VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=HIGHFIELD-PDC01,OU=Domain Controllers,DC=highfield,DC=local
and

backlink on


CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=HIGHFIELD-PDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=HIGHFIELD-PDC01,OU=Domain Controllers,DC=highfield,DC=local
are

correct.
The system object reference (serverReferenceBL)

CN=HIGHFIELD-PDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=NTDS
Settings,CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
........................ HIGHFIELD-PDC01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ HIGHFIELD-PDC01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth:  Beginning security errors check!
Found KDC HIGHFIELD-PDC01 for domain highfield.local in site
Default-First-Site-Name
Checking machine account for DC HIGHFIELD-PDC01 on DC
HIGHFIELD-PDC01.
* SPN found
* SPN found :LDAP/highfield-pdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-PDC01
* SPN found :LDAP/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-pdc01.highfield.local
* SPN found :HOST/HIGHFIELD-PDC01
* SPN found :HOST/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
[HIGHFIELD-PDC01] No security related replication errors were
found on this DC!  To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ HIGHFIELD-PDC01 passed test
CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
........................ ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
........................ DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
........................ Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
........................ Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Configuration passed test
CheckSDRefDom

Running partition tests on : highfield
Starting test: CrossRefValidation
........................ highfield passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ highfield passed test CheckSDRefDom

Running enterprise tests on : highfield.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope

provided by the command line arguments provided.
........................ highfield.local passed test
Intersite
Starting test: FsmoCheck
GC Name: \\highfield-pdc01.highfield.local
Locator Flags: 0xe00001fc
PDC Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
Time Server Name: \\highfield-pdc01.highfield.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
KDC Name: \\highfield-pdc01.highfield.local
Locator Flags: 0xe00001fc
........................ highfield.local passed test
FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: highfield-pdc01.highfield.local
Domain: highfield.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:15:C5:F6:93:18
IP address is static
IP address: 10.201.81.190
DNS servers:
10.201.81.190 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.254.3.2 (<name unavailable>) [Valid]
10.254.3.71 (<name unavailable>) [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS
server

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure highfield.local.
Test record _dcdiag_test_record added successfully in
zone highfield.local.
Test record _dcdiag_test_record deleted successfully
in zone highfield.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server
10.201.81.190:
highfield-pdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.190:

53795643-a396-4a1d-91ac-75666497839a._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.gc._msdcs.highfield.local



DC: highfield-bdc01.highfield.local
Domain: highfield.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:15:C5:F6:8E:CE
IP address is static
IP address: 10.201.81.191
DNS servers:
10.201.81.191 (<name unavailable>) [Valid]
10.201.81.190 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.254.3.2 (<name unavailable>) [Valid]
10.254.3.71 (<name unavailable>) [Valid]
10.254.3.8 (<name unavailable>) [Invalid
(unreachable)]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS
server

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure highfield.local.
Test record _dcdiag_test_record added successfully in
zone highfield.local.
Test record _dcdiag_test_record deleted successfully
in zone highfield.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server
10.201.81.191:
highfield-bdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.191:

1ad7956a-4670-490a-ae57-2cebfb688077._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.gc._msdcs.highfield.local

Matching PDC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.pdc._msdcs.highfield.local

Matching A record found at DNS server
10.201.81.190:
highfield-bdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.190:

1ad7956a-4670-490a-ae57-2cebfb688077._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.gc._msdcs.highfield.local

Matching PDC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.pdc._msdcs.highfield.local


Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 10.254.3.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 10.254.3.8
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 10.201.81.190 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 10.201.81.191 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 10.254.3.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

DNS server: 10.254.3.71 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server

Summary of DNS test results:

Auth Basc Forw Del  Dyn
RReg Ext

________________________________________________________________
Domain: highfield.local
highfield-pdc01              PASS PASS PASS PASS WARN
PASS n/a
highfield-bdc01              PASS PASS FAIL PASS WARN
PASS n/a

........................ highfield.local failed test DNS



BDC DCDIAG


Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server highfield-bdc01.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\HIGHFIELD-BDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
........................ HIGHFIELD-BDC01 passed test
Connectivity

Testing server: Default-First-Site-Name\HIGHFIELD-PDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
........................ HIGHFIELD-PDC01 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\HIGHFIELD-BDC01
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=ForestDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
........................ HIGHFIELD-BDC01 passed test
Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-BDC01 passed test
Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-BDC01 passed test
CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC
HIGHFIELD-BDC01.
* Security Permissions Check for
DC=DomainDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=highfield,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=highfield,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=highfield,DC=local
(Domain,Version 2)
........................ HIGHFIELD-BDC01 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HIGHFIELD-BDC01\netlogon
Verified share \\HIGHFIELD-BDC01\sysvol
........................ HIGHFIELD-BDC01 passed test
NetLogons
Starting test: Advertising
The DC HIGHFIELD-BDC01 is advertising itself as a DC and
having a DS.
The DC HIGHFIELD-BDC01 is advertising as an LDAP server
The DC HIGHFIELD-BDC01 is advertising as having a writeable
directory
The DC HIGHFIELD-BDC01 is advertising as a Key Distribution
Center
The DC HIGHFIELD-BDC01 is advertising as a time server
The DS HIGHFIELD-BDC01 is advertising as a GC.
........................ HIGHFIELD-BDC01 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
........................ HIGHFIELD-BDC01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13603 to 1073741823
* highfield-bdc01.highfield.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 10103 to 10602
* rIDPreviousAllocationPool is 10103 to 10602
* rIDNextRID: 10281
........................ HIGHFIELD-BDC01 passed test
RidManager
Starting test: MachineAccount
Checking machine account for DC HIGHFIELD-BDC01 on DC
HIGHFIELD-BDC01.
* SPN found
* SPN found :LDAP/highfield-bdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-BDC01
* SPN found :LDAP/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-bdc01.highfield.local
* SPN found :HOST/HIGHFIELD-BDC01
* SPN found :HOST/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
........................ HIGHFIELD-BDC01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ HIGHFIELD-BDC01 passed test
Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ HIGHFIELD-BDC01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
HIGHFIELD-BDC01 is in domain DC=highfield,DC=local
Checking for CN=HIGHFIELD-BDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
in domain CN=Configuration,DC=highfield,DC=local on 2 servers
Object is up-to-date on all servers.
........................ HIGHFIELD-BDC01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ HIGHFIELD-BDC01 passed test
frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared.  Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured.  EventID: 0x800034FF
Time Generated: 01/08/2009   14:31:27
(Event String could not be retrieved)
........................ HIGHFIELD-BDC01 failed test
frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
........................ HIGHFIELD-BDC01 passed test
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured.  EventID: 0x0000165B
Time Generated: 01/09/2009   11:19:50
Event String: The session setup from computer
'HIGHFIEL-070EEF'

failed because the security database does not

contain a trust account 'HIGHFIEL-070EEF$'

referenced by the specified computer.



USER ACTION

If this is the first occurrence of this event for

the specified computer and account, this may be a

transient issue that doesn't require any action

at this time. Otherwise, the following steps may

be taken to resolve this problem:



If 'HIGHFIEL-070EEF$' is a legitimate machine

account for the computer 'HIGHFIEL-070EEF', then

'HIGHFIEL-070EEF' should be rejoined to the

domain.



If 'HIGHFIEL-070EEF$' is a legitimate interdomain

trust account, then the trust should be

recreated.



Otherwise, assuming that 'HIGHFIEL-070EEF$' is

not a legitimate account, the following action

should be taken on 'HIGHFIEL-070EEF':



If 'HIGHFIEL-070EEF' is a Domain Controller, then

the trust associated with 'HIGHFIEL-070EEF$'

should be deleted.



If 'HIGHFIEL-070EEF' is not a Domain Controller,

it should be disjoined from the domain.
An Error Event occured.  EventID: 0x000016AD
Time Generated: 01/09/2009   11:26:16
Event String: The session setup from the computer

HIGHFIEL-070EEF failed to authenticate. The

following error occurred:

%%5
An Error Event occured.  EventID: 0x00000457
Time Generated: 01/09/2009   11:56:58
(Event String could not be retrieved)
........................ HIGHFIELD-BDC01 failed test
systemlog
Starting test: VerifyReplicas
........................ HIGHFIELD-BDC01 passed test
VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=HIGHFIELD-BDC01,OU=Domain Controllers,DC=highfield,DC=local
and

backlink on


CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=HIGHFIELD-BDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=HIGHFIELD-BDC01,OU=Domain Controllers,DC=highfield,DC=local
are

correct.
The system object reference (serverReferenceBL)

CN=HIGHFIELD-BDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
........................ HIGHFIELD-BDC01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ HIGHFIELD-BDC01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth:  Beginning security errors check!
Found KDC HIGHFIELD-BDC01 for domain highfield.local in site
Default-First-Site-Name
Checking machine account for DC HIGHFIELD-BDC01 on DC
HIGHFIELD-BDC01.
* SPN found
* SPN found :LDAP/highfield-bdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-BDC01
* SPN found :LDAP/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-bdc01.highfield.local
* SPN found :HOST/HIGHFIELD-BDC01
* SPN found :HOST/highfield-bdc01.highfield.local/HIGHFIELD
* SPN found
[HIGHFIELD-BDC01] No security related replication errors were
found on this DC!  To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ HIGHFIELD-BDC01 passed test
CheckSecurityError

Testing server: Default-First-Site-Name\HIGHFIELD-PDC01
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=DomainDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=ForestDnsZones,DC=highfield,DC=local
Latency information for 5 entries in the vector were
ignored.
5 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
CN=Configuration,DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
DC=highfield,DC=local
Latency information for 9 entries in the vector were
ignored.
9 were retired Invocations.  0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc.  0 had no latency information (Win2K DC).
........................ HIGHFIELD-PDC01 passed test
Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-PDC01 passed test
Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=highfield,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ HIGHFIELD-PDC01 passed test
CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC
HIGHFIELD-PDC01.
* Security Permissions Check for
DC=DomainDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=highfield,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=highfield,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=highfield,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=highfield,DC=local
(Domain,Version 2)
........................ HIGHFIELD-PDC01 passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HIGHFIELD-PDC01\netlogon
Verified share \\HIGHFIELD-PDC01\sysvol
........................ HIGHFIELD-PDC01 passed test
NetLogons
Starting test: Advertising
The DC HIGHFIELD-PDC01 is advertising itself as a DC and
having a DS.
The DC HIGHFIELD-PDC01 is advertising as an LDAP server
The DC HIGHFIELD-PDC01 is advertising as having a writeable
directory
The DC HIGHFIELD-PDC01 is advertising as a Key Distribution
Center
The DC HIGHFIELD-PDC01 is advertising as a time server
The DS HIGHFIELD-PDC01 is advertising as a GC.
........................ HIGHFIELD-PDC01 passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=HIGHFIELD-BDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
........................ HIGHFIELD-PDC01 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13603 to 1073741823
* highfield-bdc01.highfield.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 13103 to 13602
* rIDPreviousAllocationPool is 13103 to 13602
* rIDNextRID: 13103
........................ HIGHFIELD-PDC01 passed test
RidManager
Starting test: MachineAccount
Checking machine account for DC HIGHFIELD-PDC01 on DC
HIGHFIELD-PDC01.
* SPN found
* SPN found :LDAP/highfield-pdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-PDC01
* SPN found :LDAP/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-pdc01.highfield.local
* SPN found :HOST/HIGHFIELD-PDC01
* SPN found :HOST/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
........................ HIGHFIELD-PDC01 passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ HIGHFIELD-PDC01 passed test
Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ HIGHFIELD-PDC01 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
HIGHFIELD-PDC01 is in domain DC=highfield,DC=local
Checking for CN=HIGHFIELD-PDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local
in domain CN=Configuration,DC=highfield,DC=local on 2 servers
Object is up-to-date on all servers.
........................ HIGHFIELD-PDC01 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ HIGHFIELD-PDC01 passed test
frssysvol
Starting test: frsevent
* The File Replication Service Event log test
........................ HIGHFIELD-PDC01 passed test
frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
........................ HIGHFIELD-PDC01 passed test
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured.  EventID: 0x0000165B
Time Generated: 01/09/2009   11:20:42
Event String: The session setup from computer
'HIGHFIEL-070EEF'

failed because the security database does not

contain a trust account 'HIGHFIEL-070EEF$'

referenced by the specified computer.



USER ACTION

If this is the first occurrence of this event for

the specified computer and account, this may be a

transient issue that doesn't require any action

at this time. Otherwise, the following steps may

be taken to resolve this problem:



If 'HIGHFIEL-070EEF$' is a legitimate machine

account for the computer 'HIGHFIEL-070EEF', then

'HIGHFIEL-070EEF' should be rejoined to the

domain.



If 'HIGHFIEL-070EEF$' is a legitimate interdomain

trust account, then the trust should be

recreated.



Otherwise, assuming that 'HIGHFIEL-070EEF$' is

not a legitimate account, the following action

should be taken on 'HIGHFIEL-070EEF':



If 'HIGHFIEL-070EEF' is a Domain Controller, then

the trust associated with 'HIGHFIEL-070EEF$'

should be deleted.



If 'HIGHFIEL-070EEF' is not a Domain Controller,

it should be disjoined from the domain.
An Error Event occured.  EventID: 0x000016AD
Time Generated: 01/09/2009   11:23:22
Event String: The session setup from the computer

HIGHFIEL-070EEF failed to authenticate. The

following error occurred:

%%5
An Error Event occured.  EventID: 0x00000457
Time Generated: 01/09/2009   11:55:30
(Event String could not be retrieved)
An Error Event occured.  EventID: 0xC0002719
Time Generated: 01/09/2009   11:57:07
(Event String could not be retrieved)
An Error Event occured.  EventID: 0xC0002719
Time Generated: 01/09/2009   11:58:01
(Event String could not be retrieved)
........................ HIGHFIELD-PDC01 failed test
systemlog
Starting test: VerifyReplicas
........................ HIGHFIELD-PDC01 passed test
VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=HIGHFIELD-PDC01,OU=Domain Controllers,DC=highfield,DC=local
and

backlink on


CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=HIGHFIELD-PDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=HIGHFIELD-PDC01,OU=Domain Controllers,DC=highfield,DC=local
are

correct.
The system object reference (serverReferenceBL)

CN=HIGHFIELD-PDC01,CN=Domain System Volume (SYSVOL
share),CN=File Replication Service,CN=System,DC=highfield,DC=local

and backlink on

CN=NTDS
Settings,CN=HIGHFIELD-PDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=highfield,DC=local

are correct.
........................ HIGHFIELD-PDC01 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ HIGHFIELD-PDC01 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth:  Beginning security errors check!
Found KDC HIGHFIELD-BDC01 for domain highfield.local in site
Default-First-Site-Name
Checking machine account for DC HIGHFIELD-PDC01 on DC
HIGHFIELD-BDC01.
* SPN found
* SPN found :LDAP/highfield-pdc01.highfield.local
* SPN found :LDAP/HIGHFIELD-PDC01
* SPN found :LDAP/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
* SPN found
* SPN found
* SPN found :HOST/highfield-pdc01.highfield.local
* SPN found :HOST/HIGHFIELD-PDC01
* SPN found :HOST/highfield-pdc01.highfield.local/HIGHFIELD
* SPN found
Checking for CN=HIGHFIELD-PDC01,OU=Domain
Controllers,DC=highfield,DC=local in domain DC=highfield,DC=local on 2
servers
Object is up-to-date on all servers.
[HIGHFIELD-PDC01] No security related replication errors were
found on this DC!  To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ HIGHFIELD-PDC01 passed test
CheckSecurityError

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
........................ DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
........................ ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
........................ Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
........................ Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Configuration passed test
CheckSDRefDom

Running partition tests on : highfield
Starting test: CrossRefValidation
........................ highfield passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ highfield passed test CheckSDRefDom

Running enterprise tests on : highfield.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope

provided by the command line arguments provided.
........................ highfield.local passed test
Intersite
Starting test: FsmoCheck
GC Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
PDC Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
Time Server Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
KDC Name: \\highfield-bdc01.highfield.local
Locator Flags: 0xe00003fd
........................ highfield.local passed test
FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: highfield-pdc01.highfield.local
Domain: highfield.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:15:C5:F6:93:18
IP address is static
IP address: 10.201.81.190
DNS servers:
10.201.81.190 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.254.3.2 (<name unavailable>) [Valid]
10.254.3.71 (<name unavailable>) [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS
server

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure highfield.local.
Test record _dcdiag_test_record added successfully in
zone highfield.local.
Test record _dcdiag_test_record deleted successfully
in zone highfield.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server
10.201.81.190:
highfield-pdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.190:

53795643-a396-4a1d-91ac-75666497839a._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.gc._msdcs.highfield.local



DC: highfield-bdc01.highfield.local
Domain: highfield.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:15:C5:F6:8E:CE
IP address is static
IP address: 10.201.81.191
DNS servers:
10.201.81.191 (<name unavailable>) [Valid]
10.201.81.190 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.254.3.2 (<name unavailable>) [Valid]
10.254.3.71 (<name unavailable>) [Valid]
10.254.3.8 (<name unavailable>) [Invalid
(unreachable)]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS
server

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure highfield.local.
Test record _dcdiag_test_record added successfully in
zone highfield.local.
Test record _dcdiag_test_record deleted successfully
in zone highfield.local.

TEST: Records registration (RReg)
Network Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server
10.201.81.191:
highfield-bdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.191:

1ad7956a-4670-490a-ae57-2cebfb688077._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.gc._msdcs.highfield.local

Matching PDC SRV record found at DNS server
10.201.81.191:
_ldap._tcp.pdc._msdcs.highfield.local

Matching A record found at DNS server
10.201.81.190:
highfield-bdc01.highfield.local

Matching CNAME record found at DNS server
10.201.81.190:

1ad7956a-4670-490a-ae57-2cebfb688077._msdcs.highfield.local

Matching DC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.dc._msdcs.highfield.local

Matching GC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.gc._msdcs.highfield.local

Matching PDC SRV record found at DNS server
10.201.81.190:
_ldap._tcp.pdc._msdcs.highfield.local


Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 10.254.3.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 10.254.3.8
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 10.201.81.190 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 10.201.81.191 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered

DNS server: 10.254.3.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.

DNS server: 10.254.3.71 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.

Summary of DNS test results:

Auth Basc Forw Del  Dyn
RReg Ext

________________________________________________________________
Domain: highfield.local
highfield-pdc01              PASS PASS PASS PASS WARN
PASS n/a
highfield-bdc01              PASS PASS FAIL PASS WARN
PASS n/a

........................ highfield.local failed test DNS


--
darren5972
------------------------------------------------------------------------
darren5972's Profile: http://forums.techarena.in/members/darren5972.htm
View this thread: http://forums.techarena.in/active-directory/1101419.htm

http://forums.techarena.in

10-Jan-09 09:19 AM

Take a look at this KB, it talks about solving replication errors with DC in
the same site:
http://support.microsoft.com/?scid=kb%3Ben-us%3B249256&x=13&y=6

Or this one that says about rebuilding SYSVOL tree
http://support.microsoft.com/?scid=kb%3Ben-us%3B315457&x=13&y=14

Did you check that all of your FSMO roles are in an existing DC?

Hope it helps

Cheers



--

augusto alvarez | it professional
MCP - MCTS - MCITP DBA
http://blog.augustoalvarez.com.ar/


noticias:darren5972.3lsojc@DoNotSpam.com...

11-Jan-09 04:48 PM

Hello darren5972,

Just to get you correct, the crashed machine was rebuilt from scratch and
added to the domain and promoted to DC?

Did you seize the FSMO roles on the from you called BDC

Did you make it DNS server if not already done before, what kind of zones?

Did you make it Global catalog server if not already done before?

Did you cleanup the AD database BEFORE adding the reinstalled machine to
the domain from the old DC which was crashed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

10-Jan-09 03:43 PM

Hi Meinolf,

Just to get you correct, the crashed machine was rebuilt from scratch
and
added to the domain and promoted to DC?

--Yes this is correct.

Did you seize the FSMO roles on the from you called BDC

--No we didn't.

Did you make it DNS server if not already done before, what kind of
zones?

--I'll need to check this.

Did you make it Global catalog server if not already done before?

--No we didn't and I'm not sure how to do this.

Did you cleanup the AD database BEFORE adding the reinstalled machine
to
the domain from the old DC which was crashed?

--No we didn't, is this something we can do now?


--
darren5972
------------------------------------------------------------------------
darren5972's Profile: http://forums.techarena.in/members/darren5972.htm
View this thread: http://forums.techarena.in/active-directory/1101419.htm

http://forums.techarena.in

12-Jan-09 04:42 AM

Hi Meinolf,

Thanks for your help

---So please run "netdom query fsmo" and post the result. If the
crashed one
has all FSMO roles it will show up that name

C:\>netdom query fsmo
Schema owner                highfield-bdc01.highfield.local

Domain role owner           highfield-bdc01.highfield.local

PDC role                    highfield-bdc01.highfield.local

RID pool manager            highfield-bdc01.highfield.local

Infrastructure owner        highfield-bdc01.highfield.local

The command completed successfully.

Is the new installed DC name as the old one or different? Please post
also
both servernames and the nae of the old one.

old name of pdc = highfield-pdc01
which is what it was called after rebuild

current names:-
highfield-pdc01
highfield-bdc01

Cheers
Darren


--
darren5972
------------------------------------------------------------------------
darren5972's Profile: http://forums.techarena.in/members/darren5972.htm
View this thread: http://forums.techarena.in/active-directory/1101419.htm

http://forums.techarena.in

12-Jan-09 08:32 AM

Since you didn't cleanup after the repromotion of your dc I would STRONGLY
suggest you demote your new dc (Remove it from the domain) and then go back
and clean up the metadata and then rejoin and promote this machine.

http://support.microsoft.com/?id=216498

http://www.microsoft.com/technet/scriptcenter/scripts/ad/domains/addmvb04.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.