Networking Tips Tricks

What are the basic steps to troubleshoot Active Directory (AD)? 1. DCDIAG To deploy an additional domain controller:   dcdiag /test:dcpromo /DnsDomain:domain_name.com /ReplicaDC To deploy a child domain: dcdiag /test:dcpromo /DnsDomain:child_domain_name. forest.com /ChildDomain Test the FSMO dcdiag /s:<DomainControllerName> /test:fsmocheck Check DNS dcdiag /test:dns Check for missing and duplicate SPNs as well as other errors dcdiag /test:checksecurityerror Check the rid pool dcdiag /s:server /v /test:ridmanager 2. NSLOOKUP Test SRV records cmd >  nslookup set q=srv _ldap._tcp.dc._msdcs. yourdomain.com _ldap._tcp.gc._msdcs. yourdomain.com _ldap._tcp.pdc._msdcs. yourdomain.com Command to Troubleshoot DNS Issues   3. Repadmin Disable replication repadmin /options <dc-fqdn> +DISABLE_OUTBOUND_REPL Enable replication repadmin /options <dc-fqdn> -DISABLE_OUTBOUND_REPL 4. W32TM Time sync issue in DC w32t...

Integrating Active Directory into Open Directory is now so easy you could probably do it with blink of your eyes (well, that may be a exaggerated statement, but you could probably do it in under 5 minutes). 10.4  & older MAC releases Active Directory integration was horrific most of the time. The last 10.4.11 server that I tried to join to Active Directory (just join, not even integrate) failed to login ever again.  I’m sure that I could have troubleshooted the problem and fixed it, but it was easier for me to just upgrade the server to 10.5.