How to Fix: Attribute userAccountControl of DC is: 0x82020

When running a DCDiag at a customer site today I had the following error occur:

Warning: Attribute userAccountControl of is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication?

It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.

Fix:

Open ADSIEDIT.MSC
Goto Default Naming Context
Goto OU=Domain Controllers,DC=yourdomain,DC=com
Right click on “Name of the Problem Domain Controller”
Change the value for attribute for userAccountControl from 532512 to 532480 (Change it to represent 0x82000.)

UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

mo wasay

How to Fix: Attribute userAccountControl of DC is: 0x82020

Fix:

Mohammed Wasay

Dallas based Design Technologist & Hybrid Developer

Categories

Archives

Meta