Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 168
Reply with quote  #1 
I get an error for this syntax on one of my DC's Win2016.
Get-ADUser -Server Server_A -LDAPFilter "(samaccountname=TestAccount)" -Properties *

The error is :
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.

Needless to say that SERVER_A is a DC and that the AD Webservice is running.

The syntax is run from a member server Win2012 with Powershell version 3.0.
The same syntax but using another DC is okay, tested with about 25 other DC's Win2016 and Win2008R2.

An alternative syntax with dsquery.exe is okay too :
dsquery * -server SERVER_A -filter "samaccountname=TestAccount" -attr *






__________________
Pieter Demeulemeester
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 168
Reply with quote  #2 
Quote:
Needless to say that SERVER_A is a DC and that the AD Webservice is running.


Humm, The AD Web Services is running, but there are no events in the AD Web Services log.
 
ADwebservicesempty.JPG


__________________
Pieter Demeulemeester
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 215
Reply with quote  #3 
Agree, it's clearly the ADWS. It explains why powershell fails and dsquery works. Restarted it already? Any events in the system log?
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 168
Reply with quote  #4 
Nothing relevant, as far as I know.
I stop/started the ADWS service and I don't even see the events "entered the stopped state" and "entered the running state" (ID 7036)

__________________
Pieter Demeulemeester
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 168
Reply with quote  #5 
I typed
netstat -ano | find "9389"
and got nothing, no listerner on 9389.

Is there a way to re-install ADWS or a 'repair' ?

__________________
Pieter Demeulemeester
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 215
Reply with quote  #6 
Troubleshooting: https://dirteam.com/tomek/2010/04/10/ad-ws-diagnostic-logging/
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 168
Reply with quote  #7 
I modified the debug level as wkasdo suggested:
<add key="DebugLevel" value="Info" />
<add key="DebugLogFile" value="C:\TEMP\ADWS.log" />

No Gain. The 'AD Web Services' event log and the file C:\TEMP\ADWS.log both remains empty, and the GET-ADUser command still replies with an error.

I decided to demote and promote that DC (an advantage of having 2 DC's in each site).  All is well now.
GET-ADUser is working fine, events are written in the Event Log  'AD Web Services'.

FYI: Just for fun, I changed the debug level again to its highest level "info", but the file C:\TEMP\ADWS.log is still empty.  Not a problem for me.

__________________
Pieter Demeulemeester
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.