Re: Two accounts getting locked out
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 10 Jun 2005 09:53:38 -0500
What does DCDiag on each DC show?
The following is focused on DNS for AD but has
some AD troubleshooting references too....
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
.
- Follow-Ups:
- Re: Two accounts getting locked out
- From: John McCoy
- Re: Two accounts getting locked out
- References:
- Two accounts getting locked out
- From: John McCoy
- Re: Two accounts getting locked out
- From: Herb Martin
- Re: Two accounts getting locked out
- From: John McCoy
- Re: Two accounts getting locked out
- From: Herb Martin
- Re: Two accounts getting locked out
- From: John McCoy
- Two accounts getting locked out
- Prev by Date: Re: Two accounts getting locked out
- Next by Date: Access denied to shared drive after reboot
- Previous by thread: Re: Two accounts getting locked out
- Next by thread: Re: Two accounts getting locked out
- Index(es):
Relevant Pages
|
