When running a DCDiag at a customer site today I had the following error occur:
Warning: Attribute userAccountControl of is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication?
It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.
Fix:
- Open ADSIEDIT.MSC
- Goto Default Naming Context
- Goto OU=Domain Controllers,DC=yourdomain,DC=com
- Right click on “Name of the Problem Domain Controller”
- Change the value for attribute for userAccountControl from 532512 to 532480 (Change it to represent 0x82000.)
UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)