AD: Replication Problem – “Access Deny”

We had recently done a Windows 2003 to 2012 R2 AD migration project and the client required us to maintain the existing Server Name for the AD Domain Controller.

This can be done by following the link below

https://technet.microsoft.com/en-us/library/cc816601(v=ws.10).aspx

However, after few weeks, some of the AD Domain Controllers are having replication problem.

clip_image001

The following steps are taken to verify the issues

1. Domain Trust is working properly

2. “Dddiag” only show the AD Replications issues

3. “Dcdiag /test:CheckSecurityError” show that there is some security issues on some AD Domain Controller (Child Domain)

The problem is actually due to the previous Computer Name is still registered in AD, and the solution is to

1. Open ADSIEDIT.msc

2. Connect to “Default Naming Context” à Domain Controller à Right Click on the DC (Please refer to Figure 1.1)

3. Go to msDS-AdditionalDnsHostName and remove the additional Name

4. Repadmin /syncall or manually trigger the AD Replication in “AD Site and Services”

5. Repadmin /replsum

clip_image003

Figure 1.1

clip_image005

Figure 1.2

Share This