Active Directory not functioning

Edward Gutman
Edward Gutman used Ask the Experts™
on
I cannot use AD Management tools.  When I try to run AD Users and Computers, I get
Server is running Windows Server 2012 and I do not have a good backup of AD.

DCDIAG output shows error 1355 that it cannot contact the GC.

Here is the output of a couple of NLTEST commands:

nltest /DSGETDC:seward.local
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
The command completed successfully

nltest /DSGETDC:seward.local /PDC
           DC: \\DCX.seward.local
      Address: \\10.0.0.4
     Dom Guid: a7abc8d0-1708-4b59-a57e-32dbab798375
     Dom Name: seward.local
  Forest Name: seward.local
 Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS
8
The command completed successfully

nltest /DNSGETDC:seward.local
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
   dcx.seward.local  fe80::7472:7484:cb5d:deb7%16  10.0.0.4
The command completed successfully

nltest /DNSGETDC:seward.local /GC
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
   dcx.seward.local  fe80::7472:7484:cb5d:deb7%16  10.0.0.4
The command completed successfully


In addition, the NIC is stuck on the Public firewall profile.  I've tried putting Letwork Location Awareness on Automatic Delayed start, but it still won't come up as a domain for the firewall profile.  I've tried turning the firewall completely off, but still get the same responses as above.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
yo_beeDirector of Information Technology

Commented:
What is your primary DNS server?

Author

Commented:
DNS Server is set to the IP of the DC.
Distinguished Expert 2017

Commented:
Install rsat on a workstation. To remotely manage the AD in the event the access is impacted by profike corruption.


nslookup -q=SRV _ldap._tcp.dc._msdcs.youraddomain.local

Make sure the system dies jot have external public servers.

Check the event log for errors, indications what might be going.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
check ping from host to fqdn weather its pinging to ip V6 ?...
MichelangeloSystem Administrator / Postmaster

Commented:
It seems you have a problem with DNS. try using the IP with your AD management tool. does it work?
Check if DNS is up and running.
how many DCs have you got? are you trying AD management froma client or from DC itself?

Author

Commented:
Yes, the domain controller responds to ping over IPv4 and IPv6.  Looks like I may have a mismatch on the IPv6 address in my DNS server.  Is there an easy way to properly update the IPv6 records in DNS?
Distinguished Expert 2017

Commented:
Ipconfig /registerdns. Or something like that.

Do you actually assign IPv6 IPs through dhcp?t

Server ip, static? Add directly in the DNS interface aaaa record.
It's only a six station network.  Thanks for the suggestions, but I'm going to cut my losses on time here and just create a new AD and migrate the users to it.  I have tools to reassign their old profiles in the new domain and I think that's going to be my path of least resistance here.  I simply can't find the reason AD won't resolve and I don't have anymore time to chase it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial