Solved

DCDIAG Warning MachineAccount Test

Posted on 2007-03-24
2
4,741 Views
Last Modified: 2010-08-05
Hello all

How do I resolve the warning message for the MachineAccount test?

Chris

C:\Documents and Settings\Administrator2>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Manchester\SERVER02
      Starting test: Connectivity
         ......................... SERVER02 passed test Connectivity

Doing primary tests

   Testing server: Manchester\SERVER02
      Starting test: Replications
         ......................... SERVER02 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER02 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER02 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER02 passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of SERVER02 is: 0x82020 = ( UF_P
ASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... SERVER02 passed test MachineAccount
      Starting test: Services
         ......................... SERVER02 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER02 passed test frssysvol
      Starting test: frsevent
         ......................... SERVER02 passed test frsevent
      Starting test: kccevent
         ......................... SERVER02 passed test kccevent
      Starting test: systemlog
         ......................... SERVER02 passed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER02 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ctc
      Starting test: CrossRefValidation
         ......................... ctc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ctc passed test CheckSDRefDom

   Running enterprise tests on : ctc.local
      Starting test: Intersite
         ......................... ctc.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ctc.local passed test FsmoCheck

C:\Documents and Settings\Administrator2>
0
Comment
Question by:mail2clk
2 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18786800
There is a potential fix for this problem here:
http://www.pcreview.co.uk/forums/thread-2378247.php

Be sure to have a good System State backup of the server before changing anything.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 18787458
go to the domain controllers OU,
right click on the Domain controller
properties
delegation
make sure that this computer is trusted for delegation (kerberos only) is selected
restart the server
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now