10-Troubleshooting Active Directory, DNS, and Replication Issues

Discussion: How to Troubleshoot Active Directory Domain Services Issues.. • What steps would you take to troubleshoot an Active Directory issue.[r]

Module 10: Troubleshooting Active

Directory, DNS, and Replication Issues

Module Overview

• Troubleshooting Active Directory Domain Services

• Troubleshooting DNS Integration with AD DS

• Troubleshooting AD DS Replication

Lesson 1: Troubleshooting Active Directory

Domain Services

• Introduction to AD DS Troubleshooting

• Discussion: How to Troubleshoot Active Directory Domain Services Issues

• Troubleshooting User Access Errors

• Demonstration: Tools for Troubleshooting User

Access Errors

• Troubleshooting Domain Controller Performance Issues

Introduction to AD DS Troubleshooting

Active Directory troubleshooting begins when:

• Users report authentication or authorization errors

• Active Directory related events appear in the Event Viewer

• Domain controller performance is degraded

• An alert is generated by a monitoring system

• Data is not being replicated between domain controllers

Discussion: How to Troubleshoot Active Directory Domain Services Issues

• What steps would you take to troubleshoot an Active

Directory issue?

• What tools would you use?

• How would you verify that your solution worked?

Troubleshooting User Access Errors

User access errors may be the result of:

• Network access errors

• Domain controller availability

• User account and user lockout settings

• Group memberships

Demonstration: Tools for Troubleshooting User

Access Errors

In this demonstration, you will see how to troubleshoot user access errors using the Windows tools

Troubleshooting Domain Controller

Performance Issues

Most common performance issues include:

• High CPU utilization

• High network utilization

To resolve performance issues:

Identify the processes with

high CPU utilization

Lesson 2: Troubleshooting DNS Integration with

AD DS

• Overview of DNS and AD DS Troubleshooting

• Troubleshooting DNS Name Resolution

• Troubleshooting DNS Name Registration

• Troubleshooting DNS Zone Replication

Overview of DNS and AD DS Troubleshooting

Troubleshoot the integration of DNS and Active

Directory when:

• Users cannot log on to Active Directory

• Active Directory replication is failing

• Active Directory installation fails

To troubleshoot DNS and Active Directory integration, verify:

• DNS client and server configurations

• DNS name registration

• DNS zone replication

Troubleshooting DNS Name Resolution

DNS name resolution may fail due to:

• Network connectivity issues

• Client configuration errors

• DNS server availability

• Name registration or DNS replication issues

To troubleshoot DNS name resolution:

• Test network connectivity by pinging the DNS server

by IP address

• Use IPConfig to examine the client configuration

• Use NSLookup to verify server availability

• Flush the DNS cache

• Use NSLookup to verify SRV records

Troubleshooting DNS Name Registration

DNS name registration may fail due to:

• Client configuration errors

• DNS server availability

• DNS zone configuration

To troubleshoot DNS name registration:

• Verify that the client is configured to register in DNS

• Test DNS server availability

• Verify that the DNS zone is configured for

dynamic updates

• Test DNS by using the DCDiag /Test:DNS command

• Register the SRV records by restarting the

Netlogon service

Troubleshooting DNS Zone Replication

Investigate DNS zone replication issues when:

• DNS-related issues are specific to certain

DNS server clients

• Zone information is not consistent on different

DNS servers

• DNS server availability

• Name registration or DNS replication issues

Troubleshoot Active Directory replication for Active Directory integrated zones

To troubleshoot standard zone transfer issues:

• Verify network connectivity

• Verify primary server and secondary server configuration

• Verify Start of Authority record

• Verify zone transfer configuration

Lesson 3: Troubleshooting AD DS Replication

• AD DS Replication Requirements

• Common Replication Issues

• What Is the Repadmin Tool?

• What Is the DCDiag Tool?

• Identifying the Cause of Replication Errors

• Discussion: Troubleshooting Inter-Site AD DS

Replication Issues

• Troubleshooting Distributed File Replication Issues

• LDAP connectivity to install new domain controllers

• File Replication Service or Distributed File

System Replication

Common Replication Issues

• Sites not connected by site links

• No bridgehead server in the site group

• No domain controller online

What Is the Repadmin Tool?

Use the Repadmin command-line tool to:

• View and manually create the replication topology

• Force replication events between domain controllers

• View the replication metadata

Syntax:

repadmin command arguments [/u:[domain\]user pw:{password|*}]

What Is the DCDiag Tool?

Use the Dcdiag command-line tool to:

• Analyze the state of a domain controller and report any problems

• Perform a series of tests to verify different

areas of the system

Syntax:

dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ]

Identifying the Cause of Replication Errors

• System monitor NTDS counters

online in the site •• Dcdiag /test:Replication Dcdiag /test:Connectivity

Not enough domain

Discussion: Troubleshooting Inter-Site AD DS Replication Issues

• What steps would you take to troubleshoot an Active Directory replication issue?

• How would you verify that your solution worked?

Troubleshooting Distributed File

• Use Ntfrsutl and FRSDiag to troubleshoot FRS replication

• Use DFSRAdmin to troubleshoot DFRS replication

Lab: Troubleshooting Active Directory, DNS, and Replication Issues

• Exercise 1: Troubleshooting Authentication and

Virtual machine NYC-DC1, NYC- CL1

Estimated time: 75 minutes

Module Review and Takeaways

• Considerations

• Tools

• Review questions

Beta Feedback Tool

• Beta feedback tool helps:

 Collect student roster information, module feedback, and course evaluations

 Identify and sort the changes that students request, thereby facilitating a quick team triage

 Save data to a database in SQL Server that you can later query

• Walkthrough of the tool

Beta Feedback

• Overall flow of module:

 Which topics did you think flowed smoothly, from topic to topic?

 Was something taught out of order?

• Pacing:

 Were you able to keep up? Are there any places where the pace felt too slow?

 Were you able to process what the instructor said before

moving on to next topic?

 Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions?

knowledge in your work environment?

 Were there any discussion questions or reflection questions that really made you think? Were there questions you

thought weren’t helpful?