I am getting this error in my best practive anazlyzer. I was checking here since i was having a sysvol replication issue. What record is this looking for dns? My 2 DCs each have their local ip in the forward zones?

The "LdapIpAddress" DNS (A/AAAA) resource records that advertise this domain controller as an available LDAP server in the domain and point to its IPv4 or IPv6 addresses are not registered. All writeable domain controllers in the domain (but not read-only domain controllers (RODCs)) must register these records.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
This initially appears to be an Active Directory issue.  I would run the following command:

with an account that has Admin privileges = dcdiag /test:DNS /e /v > dcdiag.txt

and attach the output so it can be looked over.

JamesSenior Cloud Infrastructure EngineerCommented:
Check that replication is functioning. Run the following commands from the command prompt > repadmin /syncall /AdeP and also > repadmin /showreps

Check to see can you access the sysvol share from each domain controller and vice a versa.


valmaticAuthor Commented:
Mostly i am seeing it is missing my AAAA records but i dont use IP V6. Ill have it posted in a few.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

valmaticAuthor Commented:
My sys vol share is not replicating to my second DC. I usually edit Group policy on my main server and it is not replicating over is the reason i started looking around.  

I got nothing from that command about repadmin...
JamesSenior Cloud Infrastructure EngineerCommented:
You did not get any errors from repadmin? The command is - repadmin /AdeP

Please be aware the AP in /AdeP are capitals.


valmaticAuthor Commented:
No errors at all with that command
Dan McFaddenSystems EngineerCommented:
There should be a file called dcdiag.txt in the location that you ran the command prompt from.

If you just opened a command prompt and ran the command, the text file is probably in your user directory.
valmaticAuthor Commented:
Dan i ran your command and the only errors on all 9 pages were the server not listed it V6 AAAA record, other than that it came out clean. Im not sure what this ldapipaddress setting is supposed to be the best practice thing is complaining about?
Dan McFaddenSystems EngineerCommented:
valmaticAuthor Commented:
it is talking about ldap in the error but is it simply stating it is mad i disabled ip v6 on my nic and once i turn it on and that record hits dns it will be happy?
Dan McFaddenSystems EngineerCommented:
You should not disable IPv6 on domain controllers.  It is not recommended by Microsoft.  IPv6 should be enabled and for all options configured as automatic.

Dan McFaddenSystems EngineerCommented:
Reference links:

 1. https://social.technet.microsoft.com/Forums/windowsserver/en-US/18001bd9-e79f-4f80-973c-3ef0f0b3d2ff/disabling-ipv6-on-2008r2-domain-controllers-best-practice?forum=winservergen
 2. http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx
 3. http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11270-DNS-Best-Practices-for-Domain-Controllers.html

 I would go thru the article in link 3.

 My suggestion is to adjust the bindings on the NICs.

1. Go to:  Control Panel > All Control Panel Items > Network and Sharing Center
2. Click "Change adapter settings"
3. hit the "ALT" key once, the file menu will appear
4. click "Advanced" then select "Advanced Settings"
5. On the tab "Adapters and Bindings > Connections area :: make sure you NIC(s) are in the order in which you want them used... Make sure the object "[Remote Access Connections]" is on the bottom.
6. In the Bindings for "YourNicName" section, make sure TCP/IPv4 is above v6
7. On the tab "Provider Order" > Network Providers area :: make sure "Microsoft Windows Network" is first.

Click thru all OKs.  Then give it a test.

Your IPv6 configuration should be:
1. in the properties of IPv6
2. General Tab : all options on Obtain ... automatically.
3. all advanced options should be left default.

After this, I would run the following commands:

1. ipconfig /flushdns
2. ipconfig /registerdns
3. dcdiag again.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
valmaticAuthor Commented:
is this ok to do during the day since i am not messing with my ip v4 address?
Dan McFaddenSystems EngineerCommented:
This can be done without disrupting operations.
valmaticAuthor Commented:
i added ip v6 back in but the analyzer is still not happy.
Is this supposed to be in DNS somewhere i do not see it?
LdapIpAddress ??
Dan McFaddenSystems EngineerCommented:
The "LdapIpAddress" item is described in my post from yesterday at 16:38.  Please read thru the article from Microsoft as it describes what you need to do to address the issue,

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.