Forum Discussion

humzanadeem2019's avatar
humzanadeem2019
Copper Contributor
Aug 27, 2024

Active Directory is not working

I had microsoft server 2003. i installed 2012 R2 on a new machine and joined the old domain. Then the migration was done by some person and i dont know how he did it. The old server crashed now and ...
Active Directory
powershell
Windows Server
kyazaferr's avatar
kyazaferr
MCT
Nov 13, 2024

To resolve the issue where Active Directory (AD) is not working after migrating from Windows Server 2003 to Windows Server 2012 R2, we need to first determine the state of your AD environment. Since the original server crashed, there might be some inconsistencies or incomplete migration tasks. Below are steps to help diagnose and resolve the issue.

1. Verify Domain Controller Health

Start by checking the status of the Domain Controller (DC) on the new server. The first thing to do is to check the event logs and verify whether there are any issues with AD replication, services, or other related problems.

  • Check Event Logs: Open Event Viewer (type eventvwr.msc in the run dialog) and look for critical errors in:
    • Windows LogsSystem
    • Windows LogsApplication
    • Applications and Services LogsDirectory Service
    Look for any Event ID 1311, Event ID 2042, or other AD-related errors.

2. Verify the AD Domain Services Are Running

Ensure that the Active Directory Domain Services (AD DS) role is installed and running.

  • Open Server ManagerManageAdd Roles and Features to confirm if the AD DS role is installed.
  • Use services.msc to check if the Active Directory Domain Services service is running.

If the service is not running, try to start it. If it doesn't start, check the event logs for specific errors regarding AD DS.

3. Check DNS Configuration

Since DNS is critical for AD, ensure that your new server is configured as the primary DNS server for your domain. Active Directory relies on DNS for locating domain controllers and other critical services.

  • Open DNS Manager and check the Forward Lookup Zones for your domain.
  • Ensure that your domain zone is present, and check that there are appropriate SRV records for the DCs.
  • On your new server, make sure the DNS server is pointing to itself (or another valid DC in the environment).

Also, check if your clients and other servers are correctly configured to use the new server as the primary DNS.

4. Run DCDiag to Check Domain Controller Health

The dcdiag tool is helpful for diagnosing issues with your domain controllers. Run this command on the new server to get a detailed report of any AD-related issues.

 

  1. This will give you a detailed diagnostic report on the health of the domain controller. Look for any errors, especially related to replication, DNS, or AD services.

    • If the domain controller has issues with replication, you might see errors like "Replication Failure" or "Domain Controller not found."

    5. Check Active Directory Replication

    Since the old server crashed, there could be issues with AD replication. To check the replication status, use the following commands:

    • Repadmin /replsummary: This will show you a summary of replication status between DCs.
    • repadmin /showrepl

    • Ensure FSMO Roles Are Transferred

      Verify that the Flexible Single Master Operations (FSMO) roles are now held by the new server. These roles are critical for the functioning of Active Directory.

      1. Run the following command to check FSMO role 
      2.  

Resources