Forum Discussion
Active Directory is not working
I had microsoft server 2003. i installed 2012 R2 on a new machine and joined the old domain. Then the migration was done by some person and i dont know how he did it.
The old server crashed now and the new one is working. DNS and DHCP are working fine but Active directory is not.
I am new so can anyone please help me with this.
I will share the results whatever is required.
Thank you.
5 Replies
What do you mean by your active directory not working ?
- AD Services are Down: The Active Directory Domain Services (AD DS) might be unavailable, causing problems with authentication, user logins, or access to domain resources.
- Replication Issues: If there are problems with replication between domain controllers, users may experience inconsistent data, outdated group policies, or changes not being reflected across the network.
- DNS Issues: AD relies on DNS for locating services and domain controllers. DNS misconfigurations or failures can prevent clients from finding domain controllers, leading to login failures or other connectivity issues.
- Authentication Failures: Users might be unable to log in or access resources due to Kerberos or NTLM authentication issues, expired certificates, or network connectivity problems.
- Group Policy Failures: If Group Policies are not being applied correctly, users may face issues related to system settings or permissions.
- Access Control Problems: Permissions in AD may not work as expected, leading to unauthorized access or inability to access certain resources.
- Performance Issues: If AD is slow or experiencing high latency, it could impact how quickly users can log in or access shared resources.
- Schema or Configuration Problems: Misconfigured AD settings or schema modifications can disrupt operations or break specific AD functionalities.
Consider Running a Metadata Cleanup
If the old server was improperly removed, you might need to clean up the metadata. This is a more advanced step and should only be done if you're confident that the old server no longer exists or has been fully decommissioned.
- To clean up AD metadata, use the ntdsutil command
Review the Migration Process
Since the migration was done by someone else, it's crucial to verify how the migration was performed. If they used a tool like Active Directory Migration Tool (ADMT), check the logs for any errors or skipped steps. If manual steps were involved, ensure that the old server was properly decommissioned and that no orphaned objects or references remain in AD.
Check AD Users and Computers
Open Active Directory Users and Computers (type dsa.msc in the run dialog) on the new server and verify the AD structure. Ensure that users, groups, and computers are present. If you notice discrepancies, it could indicate replication or migration issues.
- Try creating a test user or group to see if the system responds normally.
8. Check SYSVOL and NETLOGON Shares
Ensure that the SYSVOL and NETLOGON shares are available and properly replicated. These are required for login scripts and Group Policy processing.
To resolve the issue where Active Directory (AD) is not working after migrating from Windows Server 2003 to Windows Server 2012 R2, we need to first determine the state of your AD environment. Since the original server crashed, there might be some inconsistencies or incomplete migration tasks. Below are steps to help diagnose and resolve the issue.
1. Verify Domain Controller Health
Start by checking the status of the Domain Controller (DC) on the new server. The first thing to do is to check the event logs and verify whether there are any issues with AD replication, services, or other related problems.
- Check Event Logs: Open Event Viewer (type eventvwr.msc in the run dialog) and look for critical errors in:
- Windows Logs → System
- Windows Logs → Application
- Applications and Services Logs → Directory Service
2. Verify the AD Domain Services Are Running
Ensure that the Active Directory Domain Services (AD DS) role is installed and running.
- Open Server Manager → Manage → Add Roles and Features to confirm if the AD DS role is installed.
- Use services.msc to check if the Active Directory Domain Services service is running.
If the service is not running, try to start it. If it doesn't start, check the event logs for specific errors regarding AD DS.
3. Check DNS Configuration
Since DNS is critical for AD, ensure that your new server is configured as the primary DNS server for your domain. Active Directory relies on DNS for locating domain controllers and other critical services.
- Open DNS Manager and check the Forward Lookup Zones for your domain.
- Ensure that your domain zone is present, and check that there are appropriate SRV records for the DCs.
- On your new server, make sure the DNS server is pointing to itself (or another valid DC in the environment).
Also, check if your clients and other servers are correctly configured to use the new server as the primary DNS.
4. Run DCDiag to Check Domain Controller Health
The dcdiag tool is helpful for diagnosing issues with your domain controllers. Run this command on the new server to get a detailed report of any AD-related issues.
This will give you a detailed diagnostic report on the health of the domain controller. Look for any errors, especially related to replication, DNS, or AD services.
- If the domain controller has issues with replication, you might see errors like "Replication Failure" or "Domain Controller not found."
5. Check Active Directory Replication
Since the old server crashed, there could be issues with AD replication. To check the replication status, use the following commands:
- Repadmin /replsummary: This will show you a summary of replication status between DCs.
- repadmin /showrepl
Ensure FSMO Roles Are Transferred
Verify that the Flexible Single Master Operations (FSMO) roles are now held by the new server. These roles are critical for the functioning of Active Directory.
- Run the following command to check FSMO role
- Check Event Logs: Open Event Viewer (type eventvwr.msc in the run dialog) and look for critical errors in:
