Re: Grouppolicy

Hier der gewünschte Auszug und besten Dank für deine Unterstützung.


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine DC1, is a DC.
* Connecting to directory service on server DC1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Standort\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Standort\DC1
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=intra,DC=domain,DC=ch
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=intra,DC=domain,DC=ch
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=intra,DC=domain,DC=ch
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=intra,DC=domain,DC=ch
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=intra,DC=domain,DC=ch
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... DC1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=intra,DC=domain,DC=ch
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=intra,DC=domain,DC=ch
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=intra,DC=domain,DC=ch
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=intra,DC=domain,DC=ch
(Configuration,Version 2)
* Security Permissions Check for
DC=intra,DC=domain,DC=ch
(Domain,Version 2)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 passed test NetLogons
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
Role Domain Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
Role PDC Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
Role Rid Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* DC1.intra.domain.ch is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1160
......................... DC1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.intra.domain.ch/intra.domain.ch
* SPN found :LDAP/DC1.intra.domain.ch
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.intra.domain.ch/IS
* SPN found
:LDAP/a5f70ace-7cc0-4339-8091-62c0448f18e7._msdcs.intra.domain.ch
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/a5f70ace-7cc0-4339-8091-62c0448f18e7/intra.domain.ch
* SPN found :HOST/DC1.intra.domain.ch/intra.domain.ch
* SPN found :HOST/DC1.intra.domain.ch
* SPN found :HOST/DC1
* SPN found :HOST/DC1.intra.domain.ch/IS
* SPN found :GC/DC1.intra.domain.ch/intra.domain.ch
......................... DC1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [DC1]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=intra,DC=domain,DC=ch
Checking for CN=DC1,OU=Domain Controllers,DC=intra,DC=domain,DC=ch
in domain DC=intra,DC=domain,DC=ch on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch
in domain CN=Configuration,DC=intra,DC=domain,DC=ch on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DC1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... DC1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC1 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=DC1,OU=Domain Controllers,DC=intra,DC=domain,DC=ch and

backlink on

CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch

are correct.
The system object reference (frsComputerReferenceBL)

CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=intra,DC=domain,DC=ch

and backlink on

CN=DC1,OU=Domain Controllers,DC=intra,DC=domain,DC=ch are

correct.
The system object reference (serverReferenceBL)

CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=intra,DC=domain,DC=ch

and backlink on

CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Standort,CN=Sites,CN=Configuration,DC=intra,DC=domain,DC=ch

are correct.
......................... DC1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : intra
Starting test: CrossRefValidation
......................... intra passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... intra passed test CheckSDRefDom

Running enterprise tests on : intra.domain.ch
Starting test: Intersite
Skipping site Standort, this site is outside the scope provided by
the

command line arguments provided.
......................... intra.domain.ch passed test Intersite
Starting test: FsmoCheck
GC Name: \\DC1.intra.domain.ch
Locator Flags: 0xe00001fd
PDC Name: \\DC1.intra.domain.ch
Locator Flags: 0xe00001fd
Time Server Name: \\DC1.intra.domain.ch
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\DC1.intra.domain.ch
Locator Flags: 0xe00001fd
KDC Name: \\DC1.intra.domain.ch
Locator Flags: 0xe00001fd
......................... intra.domain.ch passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS

"Yusuf Dikmenoglu [MVP]" <newsgroup@xxxxxxxxxxxxx> schrieb im Newsbeitrag
news:ADF1348B-0B94-4D0D-B020-3D6E41E6B250@xxxxxxxxxxxxxxxx

"Roger Bruhin" wrote:
ist das kein DNS Problem?

Installiere Dir mal die Windows Support Tools (von der 2003er CD aus dem
Ordner Support\Tools) und führe DCDIAG /v aus. Danach poste das Ergebnis.

Denn wenn ich ping domain mache, bekomme ich die Adresse vom
Domain-Controller!

Das ist auch korrekt so.


Des Weiteren müsstest Du im Eventlog doch (mindestens) den Fehler 1058
haben.
Wenn dem so ist, dann schau Dir ebenfalls die Vorschläge bei Eventid.net
an:
http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

--
Regards from Rhein-Main/Germany
Yusuf Dikmenoglu - MVP Windows Server
Blog: http://blog.dikmenoglu.de
http://www.faq-o-matic.net


.