Removing Automatically Generated NTDS Settings


G

Guest

I have many NTDS KCC warnings and errors in my Directory Service event logs
on two of our domain controllers, each in a separate remote office. Also, I
noticed that these servers have auto-generated NTDS settings that make them
try to connect to some servers in our domain that they have no physical
connecticity to. Below are details of our config. Any help would be
appreciated.

We have 5 total domain controllers- 2 in our main HQ and 1 in each of our 3
remote offices. Remote offices are physically connected to HQ in a hub and
spoke topology. The HQ network is accessable from any remote site, but one
remote site has no means of communicating with another.

I have 4 sites set up in AD Sites and Services, one for each of our 4
offices. I have three IP site links, one for each remote office's connection
to HQ. "Bridge all site links" is enabled.

Again, any help would be appreciated. Thanks.
 
Ad

Advertisements

P

Paul Bergson

If you have "Bridge all site links" all remote sites will establish site
links via the common sites, this is unnecessary so disable this. The site
that has not established a link have you moved the dc to this site
(Phsically dragged and dropped it into the container)? There will be no
links established without a dc at the site.

If you have a dc in all site containers then you will have to provide more
information.

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The details will be output in notepad text files that pop
up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Also you should run frsDiag and Ultrasound

frsDiag:
http://www.microsoft.com/downloads/...8E-8553-4DE7-811A-562563EB5EBF&displaylang=en
This will give you an overload of details but extremely helpful in
diagnostics

Ultrasound:
http://www.microsoft.com/downloads/...b9-c354-4f98-a823-24cc0da73b50&displaylang=en

Also is there a firewall between the failing site and HQ? If so look in the
articles section on my website there are a couple of articles to help with
this as well.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top