When trying to access Active Directory Users and Computers I get the following error: The naming Information cannot be located for the following reason: the srever is not operational. I have uninstalled Symantec antivirus and eliminated possible issues with the Broadcomm NIC installed, I beleive thats it is a Microsoft Issue. Also possibly, for steps 2 and 3, instead of initially making the zones AD integrated, to simply make the zones Standard Primary zones keeping the "Store in AD It's possible the server error message is coming from trying to store them in AD, beause it can't find AD. This posting is provided AS-IS with no warranties or guarantees and confers no rights. So it won't initialize Sysvol. That's why the DC can't be contacted. And it's trying to populate Sysvol from the other DC, which no longer exists. To fix it, we have to force it to initialize a new, empty Sysvol. This is called an Authoritative Sysvol Restore. You may want to remove your email address so it doesn't get havested by web spiders searching for email addresses. Took a little time to get remoted in, then some more time to resolve it, but it seems to be resolved and working fine now. With Steve's permission, I am posting the steps I took to resolve it. I hope others benefit from this. ADSI Edit shows decimal value for UserAccountControl as 0x I changed it to 0x The following error occurred: The system cannot find the file specified. TO see if any other DCs are in the domain, I ran metadata cleanup, but I found DSERVER2 is the only one, then quit the utility.

Connected to dserver2 using credentials of locally logged on user. This could be due to this server is a replica DC and the initial replication never occured. Note - since this is the only DC in the domain, I used the D4 option to build a new one. D2 would have been used to pull a copy from another DC. Didn't have permissions to run it. Added myself to the Enterprise Admins and Schema Admins Logged off, then on again. Ran the command again. Sysvol policies and everything else is now created. GPMC now shows both policies and all settings. Error code: 0xb A referral was returned from the server. Enlist directory partition failed: DomainDnsZones. Enlist directory partition failed: ForestDnsZones. Are Your DNS Application Partitions Corrupt? Using ADSIEdit. Delete the CrossRef object, essentially skipping to step 7 above. Force replication, validate that the partition is gone. Restart DNS, the service will re-add the partition. Using NTDSUtil: 1. Open the CMD prompt 2. NTDSUtil 3. Domain Management In it changes to "partition management" 4. Quit 6. Symantec Endpoint reinstalled.

THis will take care of the NTDS and SYSVOL folders, and anything else it may try to block or quarantine. DSERVER2 passed test Replications. I wouldn't worry about this. DCDIAG is just reporting that you have a retired NTDS object a DC. No prob there. It shows zero for any latency issues and is only flagging the one retired partner. Let's make sure this machine is a GC. Then run:. Now run a metadata cleanup to remove the references to the DCs that no longer exist. Or just follow these steps:. After a day or two, change the zones to AD integrated. That would be the middle CHANGE button below in the screenshot.

Check the box to store in AD. Then after you hit Apply, click the bottom CHANGE button, and set the replication scope for each zone:. For the crl. Configuring the Windows Time Service for Windows Server Ace Fekay -MVP. How many DCs do you have? Are you running ADUC from DC? Try changing the domain controller from ADUC and connecting to a different DC. Host Name. Connection-specific DNS Suffix. Media State. Check the DNS server, DHCP, server name,. DSERVER2 failed test Connectivity. A Global Catalog Server could not be located - All GC's are down. A KDC could not be located - All the KDCs are down. I did not do a system restart on the DC.. What is Did you use external DNS Server IP Address for DNS Client? Creating a Windows Domain in the Cloud. Yous must delete Check NIC binding the NIC which is online and has ip details should be in first order. If multiple NIC are present then disabled the unrequired NIC. Remove alternate DNS setting Restart the netlogon and DNS service. Configure authorative time server on the PDC role holder server below is the KB article for the same. Make sure that below parameters are set correctly on PDC Server. Change the server type to NTP 2. Set AnnounceFlags to 5 3. Enable NTPServer 4. Specify the time sources. Check the system log you will get event id 35 and 37 related to time sync.

Hope this helps. Regards, Sandesh Dubey. I don't know, why you use Public IP Address for Domain Controller IP Address!!!??? But this link show you, How to configure Multihomed multihomed domain controller is not recommended. Multihoming a Windows Server. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information, see the online Help. Event ID — DNS Server Informational Events. Is there any specific reason you have assigned public Ip address to DC? It is not recommended by Microsoft because it renders your server vulnarable to direct attacks from the outside world. Are you using RRAS for Natting on this server? Why would you need to configure Private IP to LAN NIC? The answer to this is - because RRAS has been configured to take care of the NATTING needs and will now be leasing IP Addresses Private IP's to the Client machine's or Member server's in the network, this LAN NIC will be used to lease the IP's. The LAN NIC will then connect to a Switch and all the client machines will also connect to this switch for there IP requirements.

However this box SHOULD BE checked in the LAN NIC card properties with DNS pointing to itself Private IP address of this Server. Do not have a secondary DNS defined, if you want to define an IP Public or Private , make sure you do it under forwarders in DNS. Make sure that LAN NIC Private is at the top in NIC binding.

