Module 10:

Troubleshooting Active
Directory, DNS, and
Replication Issues

Module Overview
Troubleshooting Active Directory Domain Services
Troubleshooting DNS Integration with AD DS

Troubleshooting AD DS Replication

Lesson 1: Troubleshooting Active Directory

Domain Services
Introduction to AD DS Troubleshooting
Discussion: How to Troubleshoot Active Directory Domain

Services Issues

Troubleshooting User Access Errors

Demonstration: Tools for Troubleshooting User

Access Errors

Troubleshooting Domain Controller Performance Issues

Introduction to AD DS Troubleshooting
Active Directory troubleshooting begins when:
Users report authentication or authorization errors
Active Directory related events appear in the Event Viewer
Domain controller performance is degraded
An alert is generated by a monitoring system
Data is not being replicated between domain controllers

Discussion: How to Troubleshoot Active Directory

Domain Services Issues
What steps would you take to troubleshoot an Active

Directory issue?

What tools would you use?

How would you verify that your solution worked?

Troubleshooting User Access Errors

User access errors may be the result of:
Network access errors
Authentication errors
Authorization errors

To address user access errors, verify:

Network connectivity
Time synchronization
Domain controller availability
User account and user
lockout settings

Group memberships

Demonstration: Tools for Troubleshooting User

Access Errors
In this demonstration, you will see how to troubleshoot user
access errors using the Windows tools

Troubleshooting Domain Controller

Performance Issues
Most common performance issues include:
High CPU utilization
High network utilization

To resolve performance issues:

Identify the processes with

high CPU utilization

Monitor application specific

network traffic

Move applications or services

to another server

Distribute Active Directory

and DNS roles across
multiple servers

Review and modify the

replication topology

Deploy domain controllers

with 64 bit hardware

Lesson 2: Troubleshooting DNS Integration with

AD DS
Overview of DNS and AD DS Troubleshooting
Troubleshooting DNS Name Resolution

Troubleshooting DNS Name Registration

Troubleshooting DNS Zone Replication

Overview of DNS and AD DS Troubleshooting

Troubleshoot the integration of DNS and Active
Directory when:
Users cannot log on to Active Directory
Active Directory replication is failing
Active Directory installation fails
To troubleshoot DNS and Active Directory integration, verify:
DNS client and server configurations
DNS name registration
DNS zone replication

Troubleshooting DNS Name Resolution

DNS name resolution may fail due to:
Network connectivity issues
Client configuration errors
DNS server availability
Name registration or DNS replication issues

To troubleshoot DNS name resolution:

Test network connectivity by pinging the DNS server
by IP address
Use IPConfig to examine the client configuration
Use NSLookup to verify server availability
Flush the DNS cache
Use NSLookup to verify SRV records

Troubleshooting DNS Name Registration

DNS name registration may fail due to:
Client configuration errors
DNS server availability

DNS zone configuration

To troubleshoot DNS name registration:

Verify that the client is configured to register in DNS

Test DNS server availability

Verify that the DNS zone is configured for
dynamic updates
Test DNS by using the DCDiag /Test:DNS command

Register the SRV records by restarting the

Netlogon service

Troubleshooting DNS Zone Replication

Investigate DNS zone replication issues when:
DNS-related issues are specific to certain
DNS server clients
Zone information is not consistent on different
DNS servers
DNS server availability

Name registration or DNS replication issues

Troubleshoot Active Directory replication for Active Directory

integrated zones
To troubleshoot standard zone transfer issues:
Verify network connectivity
Verify primary server and secondary server configuration

Verify Start of Authority record

Verify zone transfer configuration

Lesson 3: Troubleshooting AD DS Replication

AD DS Replication Requirements
Common Replication Issues

What Is the Repadmin Tool?

What Is the DCDiag Tool?
Identifying the Cause of Replication Errors

Discussion: Troubleshooting Inter-Site AD DS

Replication Issues

Troubleshooting Distributed File Replication Issues

AD DS Replication Requirements
Active Directory replication requires:
Routable IP infrastructure
DNS name resolution
RPC or SMTP connectivity between domain controllers
Kerberos v5 authentication
LDAP connectivity to install new domain controllers
File Replication Service or Distributed File
System Replication

Common Replication Issues

Symptom
Replication does
not finish or occur
Replication is slow
Client computers
receive a slow
response
Replication greatly
increases network
traffic

Possible causes
Sites not connected by site links
No bridgehead server in the site group
Inefficient site topology

and schedule

No domain controller online

in client site
Not enough domain
controllers

Insufficient bandwidth
Incorrect site topology

What Is the Repadmin Tool?

Use the Repadmin command-line tool to:

View and manually create the replication topology

Force replication events between domain controllers
View the replication metadata

Syntax:
repadmin command arguments [/u:[domain\]user pw:{password|*}]

What Is the DCDiag Tool?

Use the Dcdiag command-line tool to:
Analyze the state of a domain controller and report
any problems
Perform a series of tests to verify different
areas of the system

Syntax:
dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]

Identifying the Cause of Replication Errors

Possible causes

Testing method

Sites are not

connected by
site links

Dcdiag /test:Topology

No bridgehead
server in the site

Repadmin /bridgeheads

Inefficient site
topology and
schedule

Repadmin /latency

No domain controller
online in the site

Dcdiag /test:Replication
Dcdiag /test:Connectivity

Not enough domain

controllers

System monitor NTDS counters

Incorrect site
topology

Active Directory Sites and Services

Repadmin /latency
V Dcdiag /test:Intersite

Discussion: Troubleshooting Inter-Site AD DS

Replication Issues
What steps would you take to troubleshoot an Active

Directory replication issue?

How would you verify that your solution worked?

Troubleshooting Distributed File

Replication Issues

Server 2008 uses FRS or DFSR to replicate the

Windows
SYSVOL directory between domain controllers

Both FRS and DFRS require LDAP and RPC connectivity

between domain controllers

Use Ntfrsutl and FRSDiag to troubleshoot FRS replication

Use DFSRAdmin to troubleshoot DFRS replication

Lab: Troubleshooting Active Directory, DNS, and

Replication Issues
Exercise 1: Troubleshooting Authentication and

Authorization Errors

Exercise 2: Troubleshooting the Integration of DNS and

AD DS

Exercise 3: Troubleshooting AD DS Replication

Logon information

Virtual machine

NYC-DC1, NYC-CL1

User name

Administrator

Password

Pa$$w0rd

Estimated time: 75 minutes

Lab Review
If the Los Angeles office was configured as a separate site,

what additional steps would you need to take to

troubleshoot Scenario #5?

What AD DS troubleshooting issues do you think you will

need to deal with most often in your organization?

Module Review and Takeaways

Considerations
Tools

Review questions

Beta Feedback Tool

Beta feedback tool helps:

Collect student roster information, module feedback, and

course evaluations.
Identify and sort the changes that students request, thereby
facilitating a quick team triage.
Save data to a database in SQL Server that you can later
query.

Walkthrough of the tool

Beta Feedback
Overall flow of module:

Which topics did you think flowed smoothly, from topic to

topic?
Was something taught out of order?

Pacing:

Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?

Learner activities:

Which demos helped you learn the most? Why do you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this
knowledge in your work environment?
Were there any discussion questions or reflection questions
that really made you think? Were there questions you
thought werent helpful?