Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
jsclmedave

Administrator
Registered:
Posts: 418
Reply with quote  #1 

I have a friend who asked about this.  They have some Servers where the Server Object was created prior to joining the Server to the Domain.  Once it was joined it was promoted to a DC for its respective site.  Below is what they have found which "may" be causing an replication issue that they are trying to nail down.


Edit: Added - YES this was found when running DCDIAG.  I am finding several links on it now.  Looking for best way to fix multiple DCs...
 


Tim,

What is the effect if we don’t fix this:

 Starting test: MachineAccount

          Warning:  Attribute userAccountControl of ServerA is:

          0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

 

         Typical setting for a DC is

 

         0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

 


         This may be affecting replication?



The thought is that creating the Computer Object prior to joining the computer to the domain is creating issues once the server has been promoted to a DC...


__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 179
Reply with quote  #2 
Not an issue. You get (PASSWD_NOTREQD) when you promote a DC directly from a workgroup, or if you precreate the account.

Let your friend post here directly and we can see what we can do. An actual error would be nice to start with [biggrin]


__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
jsclmedave

Administrator
Registered:
Posts: 418
Reply with quote  #3 
Quote:
Originally Posted by wkasdo
Not an issue. You get (PASSWD_NOTREQD) when you promote a DC directly from a workgroup, or if you precreate the account.

Let your friend post here directly and we can see what we can do. An actual error would be nice to start with [biggrin]



That was from the DCDIAG that they ran.  They confirmed that someone was creating the Computer Object first then adding the Server THEN promoting to a DC.

I will ask about specific Replication error...

Regardless this SHOULD be fixed correct..?  Or does it matter?



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 179
Reply with quote  #4 
> Or does it matter?

It does not matter. DCDIAG simply flags any setting on the computer account that is not default. This variation is innocent.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
jsclmedave

Administrator
Registered:
Posts: 418
Reply with quote  #5 
Thank You!!!
__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: