Sidebar

mo wasay

mo wasay

Enter a brief biography here by editing your profile →

August 12, 2019Backup & Restore Active Directory integrated DNS zones
August 8, 2019Fix Active Directory broken security inheritance problem
July 2, 2019How to Fix: Attribute userAccountControl of DC is: 0x82020
June 6, 2019Find why an account is getting locked out and where
May 29, 2019List all SPNs in Active Directory

How to Fix: Attribute userAccountControl of DC is: 0x82020

When running a DCDiag at a customer site today I had the following error occur:

Warning: Attribute userAccountControl of is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication?

It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.

Fix:

Open ADSIEDIT.MSC
Goto Default Naming Context
Goto OU=Domain Controllers,DC=yourdomain,DC=com
Right click on “Name of the Problem Domain Controller”
Change the value for attribute for userAccountControl from 532512 to 532480 (Change it to represent 0x82000.)

UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

Date July 2, 2019
Author mo wasay
Category Windows
Tag 0x82000 0x82020 affecting Attribute be DC dcdiag Error for PASSWD_NOTREQD replication SERVER_TRUST_ACCOUNT This may TRUSTED_FOR_DELEGATION Typical setting userAccountControl warning
Comments No Comments