Solved

DCDIAG Warning MachineAccount Test

Posted on 2007-03-24
2
4,720 Views
Last Modified: 2010-08-05
Hello all

How do I resolve the warning message for the MachineAccount test?

Chris

C:\Documents and Settings\Administrator2>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Manchester\SERVER02
      Starting test: Connectivity
         ......................... SERVER02 passed test Connectivity

Doing primary tests

   Testing server: Manchester\SERVER02
      Starting test: Replications
         ......................... SERVER02 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER02 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER02 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER02 passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of SERVER02 is: 0x82020 = ( UF_P
ASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... SERVER02 passed test MachineAccount
      Starting test: Services
         ......................... SERVER02 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER02 passed test frssysvol
      Starting test: frsevent
         ......................... SERVER02 passed test frsevent
      Starting test: kccevent
         ......................... SERVER02 passed test kccevent
      Starting test: systemlog
         ......................... SERVER02 passed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER02 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ctc
      Starting test: CrossRefValidation
         ......................... ctc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ctc passed test CheckSDRefDom

   Running enterprise tests on : ctc.local
      Starting test: Intersite
         ......................... ctc.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ctc.local passed test FsmoCheck

C:\Documents and Settings\Administrator2>
0
Comment
Question by:mail2clk
2 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
Comment Utility
There is a potential fix for this problem here:
http://www.pcreview.co.uk/forums/thread-2378247.php

Be sure to have a good System State backup of the server before changing anything.
0
 
LVL 33

Expert Comment

by:Busbar
Comment Utility
go to the domain controllers OU,
right click on the Domain controller
properties
delegation
make sure that this computer is trusted for delegation (kerberos only) is selected
restart the server
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now