Active Directory Naming information for domain couldn’t be found


Sometimes when you open one of the Active Directory tools you get error message “Naming information couldn’t be contacted“:

Active Directory Users and Computers

Active Directory Trusts and Domains

Active Directory Sites and Services

Domain Security Policy

Domain Controller Security Policy

Schema Admin

This happens because of the following reasons:

1. SRV records for Active directory domains are not registered in DNS Domain Zone.

2. DNS Server couldn’t be contacted for some reason.

3. AA Host records for Domain Controller is missing in DNS Zone.

4. Netlogon service on Domain Controller has been stopped.

5. Domain Controller is pointing to a wrong DNS Server.

6. Domain Controller is pointing to a DNS Server which is far away from DC.

7. DNS Server can’t be contacted because of network congessions.

8. Heavy use of Domain Controller when DNS Client sends a request to DNS Server to find out domain information.  For example: If an application is running which is using a service account that is sending DNS Query to DNS Server frequently.

Your DNS zone should look like below for SRV Records:

   |—–Forward Lookup Zones
   |             |   _sites
   |             |     |    |
   |             |     |   Default-First-Site-Name
   |             |     |         |
   |             |     |       _tcp————— _ldap [SRV]: 0:100:389:
   |             |     |                                  _gc [SRV]: 0:100:3268:
   |             |     |                                  _kerberos [SRV]: 0:100:88:
   |             |     |      
   |             |    _tcp———————- _ldap [SRV]: 0:100:389:
   |             |     |                                 _gc [SRV]: 0:100:3268:
   |             |     |                                 _kerberos [SRV]: 0:100:88:
   |             |     |                                 _kpasswd [SRV]: 0:100:464:
   |             |     |        
   |             |    _udp——————–  _kpasswd [SRV]: 0:100:464:
   |             |     |                                _kerberos [SRV]: 0:100:88:

You must have the above SRVs registerd in DNS zone so that AD Tools can get the list of domain controllers available in domain by executing DcGetDcName API call.

These are the basic guidelines for DNS and TCP/IP Configuration on a server:

1. On DC or DNS server: Make sure DNS server is pointing to server IP address.

2. Make sure Dynamic or Secure Dynamic update is enabled on authoritative Zone.

3. Make sure SOA record in DNS zone is pointing to correct DNS server IP Address.

4. Issue Ipconfig /registerdns from command prompt to register A records of server in zone.

7. If there are two LAN cards make sure Internal NIC of the server is listed first in Binding Order.

2 thoughts on “Active Directory Naming information for domain couldn’t be found”

  1. Ok, the warnings shuold be gone now. Facebook’s DNS SRV response definitely isn’t helpful I’m not sure whether it’s invalid.Ideally my page would print a warning that not all XMPP clients will attempt to recursively lookup DNS SRV records for CNAME responses, but the php function I’m using doesn’t seem like it will allow me to do that correctly. I’ll probably just leave it as-is.

Leave a Reply

Your email address will not be published. Required fields are marked *