Migration Step Two: On the Source server, make sure the Active Directory is healthy

F. On the Source server, make sure the Active Directory is healthy.

If there is only one DC, make sure the SYSVOL and NETLOGON shares are present. Also, check the File Replication Service event log to see if it is in Journal Wrap. The event below is an example of what to look for.


Event Type: Error
Event Source: NtFrs
Event ID: 13568
Description:
The File Replication Service has detected that the replica set “DOMAIN SYSTEM
VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.


If there are multiple domain controllers in the source environment, force an Active Directory replication between them in Active Directory Sites and Services and verify it is successful.


You can also run the Microsoft IT Environment Health Scanner in the source environment to uncover any AD health issues.


Microsoft IT Environment Health Scanner


(I’ll blog about that in a separate blog post)


An unhealthy Active Directory can result in the following setup errors:


  • Windows Small Business Server group policies cannot be configured.
  • Windows Server Update Services cannot be configured.

To fix this, you will need to restore the source server, resolve the AD Health issue(s) and start the migration all over again.


We’re going to check this with a couple of things including this command:


  1. The following are run from the command prompt to test Active Directory health:
  2. DCDiag

  •  
    • DCDiag [Enter]
    • DCDiag /test:DNS
    • DCDiag /? (List of switches)

  1. DcDiag
    _______________________________________________

    Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>dcdiag


 


Domain Controller Diagnosis


 


Performing initial setup:


   Done gathering initial info.


 


Doing initial required tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Connectivity


         ……………………. DOMAIN passed test Connectivity


 


Doing primary tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Replications


         ……………………. DOMAIN passed test Replications


      Starting test: NCSecDesc


         ……………………. DOMAIN passed test NCSecDesc


      Starting test: NetLogons


         ……………………. DOMAIN passed test NetLogons


      Starting test: Advertising


         ……………………. DOMAIN passed test Advertising


      Starting test: KnowsOfRoleHolders


         ……………………. DOMAIN passed test KnowsOfRoleHolders


      Starting test: RidManager


         ……………………. DOMAIN passed test RidManager


      Starting test: MachineAccount


         ……………………. DOMAIN passed test MachineAccount


      Starting test: Services


            IsmServ Service is stopped on [DOMAIN]  <<<< <this is okay and normal on a SBS box — ignore this


         ……………………. DOMAIN failed test Services


      Starting test: ObjectsReplicated


         ……………………. DOMAIN passed test ObjectsReplicated


      Starting test: frssysvol


         ……………………. DOMAIN passed test frssysvol


      Starting test: frsevent


         ……………………. DOMAIN passed test frsevent


      Starting test: kccevent


         ……………………. DOMAIN passed test kccevent


      Starting test: systemlog


         ……………………. DOMAIN passed test systemlog


      Starting test: VerifyReferences


         ……………………. DOMAIN passed test VerifyReferences


 


   Running partition tests on : ForestDnsZones


      Starting test: CrossRefValidation


         ……………………. ForestDnsZones passed test CrossRefValidation


 


      Starting test: CheckSDRefDom


         ……………………. ForestDnsZones passed test CheckSDRefDom


 


   Running partition tests on : DomainDnsZones


      Starting test: CrossRefValidation


         ……………………. DomainDnsZones passed test CrossRefValidation


 


      Starting test: CheckSDRefDom


         ……………………. DomainDnsZones passed test CheckSDRefDom


 


   Running partition tests on : Schema


      Starting test: CrossRefValidation


         ……………………. Schema passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. Schema passed test CheckSDRefDom


 


   Running partition tests on : Configuration


      Starting test: CrossRefValidation


         ……………………. Configuration passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. Configuration passed test CheckSDRefDom


 


   Running partition tests on : DOMAINNAME


      Starting test: CrossRefValidation


         ……………………. DOMAINNAME passed test CrossRefValidation


      Starting test: CheckSDRefDom


         ……………………. DOMAINNAME passed test CheckSDRefDom


 


   Running enterprise tests on : DOMAINNAME.lan


      Starting test: Intersite


         ……………………. DOMAINNAME.lan passed test Intersite


      Starting test: FsmoCheck


         ……………………. DOMAINNAME.lan passed test FsmoCheck


 


C:\Documents and Settings\Administrator>dcdiag /test:DNS


 


Domain Controller Diagnosis


 


Performing initial setup:


   Done gathering initial info.


 


Doing initial required tests


 


   Testing server: Default-First-Site-Name\DOMAIN


      Starting test: Connectivity


         ……………………. DOMAIN passed test Connectivity


 


Doing primary tests


 


   Testing server: Default-First-Site-Name\DOMAIN


 


DNS Tests are running and not hung. Please wait a few minutes…


 


   Running partition tests on : ForestDnsZones


 


   Running partition tests on : DomainDnsZones


 


   Running partition tests on : Schema


 


   Running partition tests on : Configuration


 


   Running partition tests on : DOMAINNAME


 


   Running enterprise tests on : DOMAINNAME.lan


      Starting test: DNS


         ……………………. DOMAINNAME.lan passed test DNS


It should come back “clean”


Then do Netdiag


It starts out with a whole bunch of KBs listed… (hotfixes)


________________________________________________


Netcard queries test . . . . . . . : Passed

 

 

 

Per interface results:

 

    Adapter : Server Local Area Connection

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.2  <<< I’m still at that original SBS 4.0 10.0.0.2 range btw

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . :

        Primary WINS Server. . . . : 10.0.0.2

        Dns Servers. . . . . . . . : 10.0.0.2

 

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

 

        NetBT name test. . . . . . : Passed

        [WARNING] At least one of the <00> ‘WorkStation Service’, <03> ‘Messenge

r Service’, <20> ‘WINS’ names is missing.

            No remote names have been found.

 

        WINS service test. . . . . : Passed

 

    Adapter : Network Connection

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 192.168.1.2

        Subnet Mask. . . . . . . . : 255.255.255.0

        Default Gateway. . . . . . : 192.168.1.254

        Primary WINS Server. . . . : 10.0.0.2

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . : 10.0.0.2 <<<< I still have two nics, I need to rerun this after I’ve removed ISA

 

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Passed

 

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

 

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

 

    Adapter : {A89DD362-5097-4A2B-AE4F-D7AB874ED971}

 

        Netcard queries test . . . : Passed

 

        Host Name. . . . . . . . . : DOMAIN

        IP Address . . . . . . . . : 10.0.0.16  <<<< VPN connection going on here

        Subnet Mask. . . . . . . . : 255.255.255.255

        Default Gateway. . . . . . :

        NetBIOS over Tcpip . . . . : Disabled

        Dns Servers. . . . . . . . :

 

        AutoConfiguration results. . . . . . : Passed

 

        Default gateway test . . . : Skipped

            [WARNING] No gateways defined for this adapter.

 

        NetBT name test. . . . . . : Skipped

            NetBT is disabled on this interface. [Test skipped]

 

        WINS service test. . . . . : Skipped

            NetBT is disable on this interface. [Test skipped].

 

 

Global results:

 

 

Domain membership test . . . . . . : Passed

 

 

NetBT transports test. . . . . . . : Passed

    List of NetBt transports currently configured:

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    1 NetBt transport currently configured.

 

 

Autonet address test . . . . . . . : Passed

 

 

IP loopback ping test. . . . . . . : Passed

 

 

Default gateway test . . . . . . . : Passed

 

 

NetBT name test. . . . . . . . . . : Passed

    [WARNING] You don’t have a single interface with the <00> ‘WorkStation Servi

ce’, <03> ‘Messenger Service’, <20> ‘WINS’ names defined.

 

 

Winsock test . . . . . . . . . . . : Passed

 

 

DNS test . . . . . . . . . . . . . : Passed

    PASS – All the DNS entries for DC are registered on DNS server ‘10.0.0.2’.

 

 

Redir and Browser test . . . . . . : Passed

    List of NetBt transports currently bound to the Redir

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The redir is bound to 1 NetBt transport.

 

    List of NetBt transports currently bound to the browser

        NetBT_Tcpip_{31680511-DFA0-4A2D-A3A9-D1044337C37A}

    The browser is bound to 1 NetBt transport.

 

 

DC discovery test. . . . . . . . . : Passed

 

 

DC list test . . . . . . . . . . . : Passed

 

 

Trust relationship test. . . . . . : Skipped

 

 

Kerberos test. . . . . . . . . . . : Passed

 

 

LDAP test. . . . . . . . . . . . . : Passed

 

 

Bindings test. . . . . . . . . . . : Passed

 

 

WAN configuration test . . . . . . : Skipped

    No active remote access connections.

 

 

Modem diagnostics test . . . . . . : Passed

 

IP Security test . . . . . . . . . : Skipped

 

    Note: run “netsh ipsec dynamic show /?” for more detailed information

 

 

The command completed successfully

 

C:\Documents and Settings\Administrator>

 


Next we’ll do RepAdmin


  1. RepAdmin

  •  
    • RepAdmin /viewlist *
    • RepAdmin /SyncAll
    • RepAdmin /KCC

__________________________________________________


Microsoft Windows [Version 5.2.3790]


(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>repadmin /viewlist *


DC_LIST[1] = DOMAIN.DOMAINNAME.lan


 


 


C:\Documents and Settings\Administrator>repadmin /syncall


CALLBACK MESSAGE: SyncAll Finished.


SyncAll terminated with no errors.


 


 


C:\Documents and Settings\Administrator>repadmin /kcc


 


repadmin running command /kcc against server localhost


 


Consistency check on localhost successful.


Next we’ll do NetDom /query FSMO


  1. NetDom /query FSMO

____________________________


Microsoft Windows [Version 5.2.3790]


(C) Copyright 1985-2003 Microsoft Corp.


 


C:\Documents and Settings\Administrator>netdom /query FSMO


Schema owner                DOMAIN.DOMAINNAME.lan


 


Domain role owner           DOMAIN.DOMAINNAME.lan


 


PDC role                    DOMAIN.DOMAINNAME.lan


 


RID pool manager            DOMAIN.DOMAINNAME.lan


 


Infrastructure owner        DOMAIN.DOMAINNAME.lan


 


The command completed successfully.


 

Other than reruning this after I remove ISA… AD using DCdiag looking fine.

5 Thoughts on “Migration Step Two: On the Source server, make sure the Active Directory is healthy

  1. Jim Maher on November 2, 2009 at 9:22 am said:

    I got interesting results from DCDiag /test:DNS, as follows. I wonder what it means (no problems that I’m aware of) and I really wonder how it happened (SBS was installed and seldom touched).

    DCDiag /test:DNS results:

    Running enterprise tests on : jdmaher.local
    Starting test: DNS
    Test results for domain controllers:

    DC: sbssrv.jdmaher.local
    Domain: jdmaher.local

    TEST: Records registration (RReg)
    Network Adapter [00000007] Broadcom NetXtreme Gigabit Ethernet:
    Error: Missing A record at DNS server 192.168.16.2 :
    sbssrv.jdmaher.local

    Warning: Record Registrations not found in some network adapters

    Ideas?

  2. cseiter on November 2, 2009 at 10:40 am said:

    Just got done using this tool as a precursor to Exchange 2007. Very helpful as it put links to the kb articles that could fix the issues.

  3. Tyler Wisenburg on November 2, 2009 at 1:21 pm said:

    Susan, isn’t NetDiag missing from 2008? Is there a way to get this same functionality from DCDiag on our ’08 boxes?

  4. I’ve had this journal error before and I wrote a handy little script to make it go away. :)

    @ECHO OFF
    ECHO Stopping NTFRS Service
    net stop ntfrs >NUL

    ECHO Creating Reg File
    SET tmpfile=%temp%\%random%.reg
    ECHO Windows Registry Editor Version 5.00 > %tmpfile%
    ECHO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters] >> %tmpfile%
    ECHO “Enable Journal Wrap Automatic Restore”=dword:00000001 >> %tmpfile%
    ECHO Executing Registry Script
    regedit /s %tmpfile%
    del %tmpfile% >NUL

    ECHO Starting NTFRS Service
    net start ntfrs >NUL
    ECHO SYSVOL Replication Started
    ECHO Waiting 5 minutes for next Poll
    Timeout /T 300
    ECHO Please check event Viewer for Further Errors.
    eventvwr.msc
    PAUSE

  5. Can anyone recommend the best Patch Management system for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central it automation software
    ? What is your best take in cost vs performance among those three? I need a good advice please… Thanks in advance!

Post Navigation