Solved

Active Directory 2012 R2 - No Event 1119 this DC is now a global catalog

Posted on 2016-09-01
12
33 Views
Last Modified: 2016-09-02
On all my DC´s with Windows Server 2012 R2 i dont get the Event 1119 "this DC is now a global catalog" in the directory service log.

With 2008 R2 i always checked after promotion if that event is logged. Is that removed in 2012 R2?
0
Comment
Question by:Thomas_1991
  • 6
  • 4
  • 2
12 Comments
 
LVL 5

Expert Comment

by:sAMAccountName
Comment Utility
Not sure if its been removed outright or move to a different log file, but you can check if its a GC using powershell:

PS C:> (get-addomaincontroller).IsGlobalCatalog
True

Granted, this is simply a bit on the object and doesnt reflect whether the catalog is built and responsive, but you can test that using ldp against the GC port 3268.  Just connect with ldp on that GC/port and you should be able to crawl the DIT
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Event 1119 is still available.. Are you checking in  Applications and Services Logs > Directory Service
Directory Service
0
 

Author Comment

by:Thomas_1991
Comment Utility
Yes im checking that log.

And there are no erros... Also no erros with dcdiag
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
Hmm, since it's not giving any error in dcdiag, there are chances the event might have overwritten.  Do you have the events there in logs prior to time of the GC promotion?


If the Global Catalog box is selected in NTDS Settings object properties then you are good unless you are experiencing any specific issues.

Also as mentioned above Check if it's showing IsGlobalCatalog is True
Get-ADDomainController -Filter * | select name,IsGlobalCatalog

Open in new window

0
 
LVL 5

Expert Comment

by:sAMAccountName
Comment Utility
Get-ADDomainController -Filter * | select name,IsGlobalCatalog

Open in new window


Thats going to show GC status for all servers in the domain.  But that may be useful to him as well.
0
 

Author Comment

by:Thomas_1991
Comment Utility
Result of the ps-commands are "true".

Also when i check unter H_KEY_LOCAL_Machine\system\currentcontrolset\services\ntds\parameters the entry "global catalog promotion complete" is 0x0000001.

I think from AD site is all ok. Just wondering about the event. And that on 4 DC´s
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 40

Expert Comment

by:Subsun
Comment Utility
If you can't find the events prior to time of the GC promotion then event might have overwritten. I cannot think of any other possible reasons for missing the event.
0
 

Author Comment

by:Thomas_1991
Comment Utility
i have changed the eventlog properties that it cant be overwritten.
No success. Still no eventlog 1119 or other gobal catalog events.
0
 

Author Comment

by:Thomas_1991
Comment Utility
i have promoted a new DC of course...and changed the log size bevor promotion
0
 

Author Comment

by:Thomas_1991
Comment Utility
I've found the problem...i had just 1 domain. After adding a second domain the event is logged
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
Comment Utility
Ah.. ok that make sense..  Once the domain controller is promoted as to a GC, domain partitions in the forest will be replicated to the new GC. I think 1119 is generated once all partitions have successfully replicated to the newly promoted GC. For single domain controller partitions are already updated and nothing to replicate.
0
 

Author Closing Comment

by:Thomas_1991
Comment Utility
Yes, i think so, too. Nice to know
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now