Title: Module 10: Troubleshooting Active Directory, DNS, and Replication Issues
1- Module 10 Troubleshooting Active Directory, DNS,
and Replication Issues
2Module Overview
- Troubleshooting Active Directory Domain Services
- Troubleshooting DNS Integration with AD DS
- Troubleshooting AD DS Replication
3Lesson 1 Troubleshooting Active Directory Domain
Services
- Introduction to AD DS Troubleshooting
- Discussion How to Troubleshoot Active Directory
Domain Services Issues - Troubleshooting User Access Errors
- Demonstration Tools for Troubleshooting User
Access Errors - Troubleshooting Domain Controller Performance
Issues
4Introduction to AD DS Troubleshooting
- Active Directory troubleshooting begins when
-
- Users report authentication or authorization
errors
- Active Directory related events appear in the
Event Viewer
- Domain controller performance is degraded
- An alert is generated by a monitoring system
-
- Data is not being replicated between domain
controllers
5Discussion How to Troubleshoot Active Directory
Domain Services Issues
- What steps would you take to troubleshoot an
Active Directory issue? - What tools would you use?
- How would you verify that your solution worked?
6Troubleshooting User Access Errors
User access errors may be the result of
- Network access errors
- Authentication errors
- Authorization errors
To address user access errors, verify
- Network connectivity
- Time synchronization
- Domain controller availability
- User account and user lockout settings
- Group memberships
7Demonstration Tools for Troubleshooting User
Access Errors
- In this demonstration, you will see how to
troubleshoot user access errors using the Windows
tools
8Troubleshooting Domain Controller Performance
Issues
- Most common performance issues include
- To resolve performance issues
Distribute Active Directory and DNS roles
across multiple servers
Identify the processes with high CPU
utilization
ü
ü
Monitor application specific network traffic
ü
Review and modify the replication topology
ü
Move applications or services to another
server
ü
Deploy domain controllers with 64 bit
hardware
ü
9Lesson 2 Troubleshooting DNS Integration with AD
DS
- Overview of DNS and AD DS Troubleshooting
- Troubleshooting DNS Name Resolution
- Troubleshooting DNS Name Registration
- Troubleshooting DNS Zone Replication
10Overview of DNS and AD DS Troubleshooting
- Troubleshoot the integration of DNS and Active
Directory when
-
- Users cannot log on to Active Directory
- Active Directory replication is failing
- Active Directory installation fails
- To troubleshoot DNS and Active Directory
integration, verify
-
- DNS client and server configurations
11Troubleshooting DNS Name Resolution
DNS name resolution may fail due to
- Network connectivity issues
- Client configuration errors
- DNS server availability
- Name registration or DNS replication issues
To troubleshoot DNS name resolution
- Test network connectivity by pinging the DNS
server by IP address - Use IPConfig to examine the client configuration
- Use NSLookup to verify server availability
- Flush the DNS cache
- Use NSLookup to verify SRV records
12Troubleshooting DNS Name Registration
DNS name registration may fail due to
- Client configuration errors
- DNS server availability
- DNS zone configuration
To troubleshoot DNS name registration
- Verify that the client is configured to register
in DNS - Test DNS server availability
- Verify that the DNS zone is configured
fordynamic updates - Test DNS by using the DCDiag /TestDNS command
- Register the SRV records by restarting the
Netlogon service
13Troubleshooting DNS Zone Replication
Investigate DNS zone replication issues when
- DNS-related issues are specific to certain DNS
server clients - Zone information is not consistent on different
DNS servers - DNS server availability
- Name registration or DNS replication issues
Troubleshoot Active Directory replication for
Active Directory integrated zones
To troubleshoot standard zone transfer issues
- Verify network connectivity
- Verify primary server and secondary server
configuration - Verify Start of Authority record
- Verify zone transfer configuration
14Lesson 3 Troubleshooting AD DS Replication
- AD DS Replication Requirements
- Common Replication Issues
- What Is the Repadmin Tool?
- What Is the DCDiag Tool?
- Identifying the Cause of Replication Errors
- Discussion Troubleshooting Inter-Site AD DS
Replication Issues - Troubleshooting Distributed File Replication
Issues
15AD DS Replication Requirements
Active Directory replication requires
- Routable IP infrastructure
- DNS name resolution
- RPC or SMTP connectivity between domain
controllers - Kerberos v5 authentication
- LDAP connectivity to install new domain
controllers - File Replication Service or Distributed File
System Replication
16Common Replication Issues
Possible causes
Symptom
Replication does not finish or occur
- Sites not connected by site links
- No bridgehead server in the site group
Replication is slow
- Inefficient site topology and schedule
Client computersreceive a slow response
- No domain controller online in client site
- Not enough domain controllers
Replication greatly increases network traffic
- Insufficient bandwidth
- Incorrect site topology
17What Is the Repadmin Tool?
Use the Repadmin command-line tool to
- View and manually create the replication topology
- Force replication events between domain
controllers - View the replication metadata
Syntax repadmin command arguments
/udomain\user pwpassword
18What Is the DCDiag Tool?
Use the Dcdiag command-line tool to
- Analyze the state of a domain controller and
report any problems - Perform a series of tests to verify different
areas of the system
Syntax dcdiag command arguments /v /fLogFile
/ferrErrLog
19Identifying the Cause of Replication Errors
20Discussion Troubleshooting Inter-Site AD DS
Replication Issues
- What steps would you take to troubleshoot an
Active Directory replication issue? - How would you verify that your solution worked?
21Troubleshooting Distributed File Replication
Issues
-
- Windows Server 2008 uses FRS or DFSR to
replicate the SYSVOL directory between domain
controllers
ü
- Both FRS and DFRS require LDAP and RPC
connectivity between domain controllers
ü
- Use Ntfrsutl and FRSDiag to troubleshoot FRS
replication
ü
- Use DFSRAdmin to troubleshoot DFRS replication
ü
22Lab Troubleshooting Active Directory, DNS, and
Replication Issues
- Exercise 1 Troubleshooting Authentication and
Authorization Errors - Exercise 2 Troubleshooting the Integration of
DNS and AD DS - Exercise 3 Troubleshooting AD DS Replication
Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Paw0rd
Estimated time 75 minutes
23Lab Review
- If the Los Angeles office was configured as a
separate site, what additional steps would you
need to take to troubleshoot Scenario 5? - What AD DS troubleshooting issues do you think
you will need to deal with most often in your
organization?
24Module Review and Takeaways
- Considerations
- Tools
- Review questions
25Beta Feedback Tool
- Beta feedback tool helps
- Collect student roster information, module
feedback, and course evaluations. - Identify and sort the changes that students
request, thereby facilitating a quick team
triage. - Save data to a database in SQL Server that you
can later query. - Walkthrough of the tool
26Beta Feedback
- Overall flow of module
- Which topics did you think flowed smoothly, from
topic to topic? - Was something taught out of order?
- Pacing
- Were you able to keep up? Are there any places
where the pace felt too slow? - Were you able to process what the instructor said
before moving on to next topic? - Did you have ample time to reflect on what you
learned? Did you have time to formulate and ask
questions? - Learner activities
- Which demos helped you learn the most? Why do you
think that is? - Did the lab help you synthesize the content in
the module? Did it help you to understand how you
can use this knowledge in your work environment? - Were there any discussion questions or reflection
questions that really made you think? Were there
questions you thought werent helpful?