When running a DCDiag at a customer site today I had the following error occur:
Warning: Attribute userAccountControl of is: 0x82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) Typical setting for a DC is 0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION ) This may be affecting replication?
It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.
Fix:
- Open ADSIEDIT.MSC
- Goto Default Naming Context
- Goto OU=Domain Controllers,DC=yourdomain,DC=com
- Right click on “Name of the Problem Domain Controller”
- Change the value for attribute for userAccountControl from 532512 to 532480 (Change it to represent 0x82000.)
UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)
Related Posts
Get all the domains controllers in the AD forest along with their current FSMO roles
In a large enterprise an admin would need to keep...
Force synchronization for DFSR-replicated SYSVOL
One of my clients had a problem with processing GPO...
Get Inactive Users Report for the past 60 days in a multi domain environment
I had a request recently to provide an inactive user...
One Comment
Comments are closed.