Module 10: Troubleshooting Active Directory, DNS, and Replication Issues

1

• Module 10 Troubleshooting Active Directory, DNS,
  and Replication Issues

2
Module Overview

• Troubleshooting Active Directory Domain Services
• Troubleshooting DNS Integration with AD DS
• Troubleshooting AD DS Replication

3
Lesson 1 Troubleshooting Active Directory Domain
Services

• Introduction to AD DS Troubleshooting
• Discussion How to Troubleshoot Active Directory
  Domain Services Issues
• Troubleshooting User Access Errors
• Demonstration Tools for Troubleshooting User
  Access Errors
• Troubleshooting Domain Controller Performance
  Issues

4
Introduction to AD DS Troubleshooting

• Active Directory troubleshooting begins when

• Users report authentication or authorization
  errors

• Active Directory related events appear in the
  Event Viewer

• Domain controller performance is degraded

• An alert is generated by a monitoring system

• Data is not being replicated between domain
  controllers

5
Discussion How to Troubleshoot Active Directory
Domain Services Issues

• What steps would you take to troubleshoot an
  Active Directory issue?
• What tools would you use?
• How would you verify that your solution worked?

6
Troubleshooting User Access Errors
User access errors may be the result of

• Network access errors
• Authentication errors
• Authorization errors

To address user access errors, verify

• Network connectivity
• Time synchronization
• Domain controller availability
• User account and user lockout settings
• Group memberships

7
Demonstration Tools for Troubleshooting User
Access Errors

• In this demonstration, you will see how to
  troubleshoot user access errors using the Windows
  tools

8
Troubleshooting Domain Controller Performance
Issues

• Most common performance issues include

• High CPU utilization

• High network utilization

• To resolve performance issues

Distribute Active Directory and DNS roles
across multiple servers
Identify the processes with high CPU
utilization
ü
ü
Monitor application specific network traffic
ü
Review and modify the replication topology
ü
Move applications or services to another
server
ü
Deploy domain controllers with 64 bit
hardware
ü
9
Lesson 2 Troubleshooting DNS Integration with AD
DS

• Overview of DNS and AD DS Troubleshooting
• Troubleshooting DNS Name Resolution
• Troubleshooting DNS Name Registration
• Troubleshooting DNS Zone Replication

10
Overview of DNS and AD DS Troubleshooting

• Troubleshoot the integration of DNS and Active
  Directory when

• Users cannot log on to Active Directory

• Active Directory replication is failing

• Active Directory installation fails

• To troubleshoot DNS and Active Directory
  integration, verify

• DNS client and server configurations

• DNS name registration

• DNS zone replication

11
Troubleshooting DNS Name Resolution
DNS name resolution may fail due to

• Network connectivity issues
• Client configuration errors
• DNS server availability
• Name registration or DNS replication issues

To troubleshoot DNS name resolution

• Test network connectivity by pinging the DNS
  server by IP address
• Use IPConfig to examine the client configuration
• Use NSLookup to verify server availability
• Flush the DNS cache
• Use NSLookup to verify SRV records

12
Troubleshooting DNS Name Registration
DNS name registration may fail due to

• Client configuration errors
• DNS server availability
• DNS zone configuration

To troubleshoot DNS name registration

• Verify that the client is configured to register
  in DNS
• Test DNS server availability
• Verify that the DNS zone is configured
  fordynamic updates
• Test DNS by using the DCDiag /TestDNS command
• Register the SRV records by restarting the
  Netlogon service

13
Troubleshooting DNS Zone Replication
Investigate DNS zone replication issues when

• DNS-related issues are specific to certain DNS
  server clients
• Zone information is not consistent on different
  DNS servers
• DNS server availability
• Name registration or DNS replication issues

Troubleshoot Active Directory replication for
Active Directory integrated zones
To troubleshoot standard zone transfer issues

• Verify network connectivity
• Verify primary server and secondary server
  configuration
• Verify Start of Authority record
• Verify zone transfer configuration

14
Lesson 3 Troubleshooting AD DS Replication

• AD DS Replication Requirements
• Common Replication Issues
• What Is the Repadmin Tool?
• What Is the DCDiag Tool?
• Identifying the Cause of Replication Errors
• Discussion Troubleshooting Inter-Site AD DS
  Replication Issues
• Troubleshooting Distributed File Replication
  Issues

15
AD DS Replication Requirements
Active Directory replication requires

• Routable IP infrastructure
• DNS name resolution
• RPC or SMTP connectivity between domain
  controllers
• Kerberos v5 authentication
• LDAP connectivity to install new domain
  controllers
• File Replication Service or Distributed File
  System Replication

16
Common Replication Issues
Possible causes
Symptom
Replication does not finish or occur

• Sites not connected by site links
• No bridgehead server in the site group

Replication is slow

• Inefficient site topology and schedule

Client computersreceive a slow response

• No domain controller online in client site
• Not enough domain controllers

Replication greatly increases network traffic

• Insufficient bandwidth
• Incorrect site topology

17
What Is the Repadmin Tool?
Use the Repadmin command-line tool to

• View and manually create the replication topology
  
• Force replication events between domain
  controllers
• View the replication metadata

Syntax repadmin command arguments
/udomain\user pwpassword
18
What Is the DCDiag Tool?
Use the Dcdiag command-line tool to

• Analyze the state of a domain controller and
  report any problems
• Perform a series of tests to verify different
  areas of the system

Syntax dcdiag command arguments /v /fLogFile
/ferrErrLog
19
Identifying the Cause of Replication Errors
20
Discussion Troubleshooting Inter-Site AD DS
Replication Issues

• What steps would you take to troubleshoot an
  Active Directory replication issue?
• How would you verify that your solution worked?

21
Troubleshooting Distributed File Replication
Issues

• Windows Server 2008 uses FRS or DFSR to
  replicate the SYSVOL directory between domain
  controllers

ü

• Both FRS and DFRS require LDAP and RPC
  connectivity between domain controllers

ü

• Use Ntfrsutl and FRSDiag to troubleshoot FRS
  replication

ü

• Use DFSRAdmin to troubleshoot DFRS replication

ü
22
Lab Troubleshooting Active Directory, DNS, and
Replication Issues

• Exercise 1 Troubleshooting Authentication and
  Authorization Errors
• Exercise 2 Troubleshooting the Integration of
  DNS and AD DS
• Exercise 3 Troubleshooting AD DS Replication

Logon information
Virtual machine NYC-DC1, NYC-CL1
User name Administrator
Password Paw0rd
Estimated time 75 minutes
23
Lab Review

• If the Los Angeles office was configured as a
  separate site, what additional steps would you
  need to take to troubleshoot Scenario 5?
• What AD DS troubleshooting issues do you think
  you will need to deal with most often in your
  organization?

24
Module Review and Takeaways

• Considerations
• Tools
• Review questions

25
Beta Feedback Tool

• Beta feedback tool helps
• Collect student roster information, module
  feedback, and course evaluations.
• Identify and sort the changes that students
  request, thereby facilitating a quick team
  triage.
• Save data to a database in SQL Server that you
  can later query.
• Walkthrough of the tool

26
Beta Feedback

• Overall flow of module
• Which topics did you think flowed smoothly, from
  topic to topic?
• Was something taught out of order?
• Pacing
• Were you able to keep up? Are there any places
  where the pace felt too slow?
• Were you able to process what the instructor said
  before moving on to next topic?
• Did you have ample time to reflect on what you
  learned? Did you have time to formulate and ask
  questions?
• Learner activities
• Which demos helped you learn the most? Why do you
  think that is?
• Did the lab help you synthesize the content in
  the module? Did it help you to understand how you
  can use this knowledge in your work environment?
• Were there any discussion questions or reflection
  questions that really made you think? Were there
  questions you thought werent helpful?