Active Directory

AD, DNS and associated services

Error in DCDIAG: “The replication operation failed to allocate memory”

3 Replies
Issue: While running DCDIAG you receive the following error: "The replication operation failed to allocate memory". Resolution: I checked the page file settings as well as reviewed Task Manager to confirm the server was not out of memory.  I decided to reboot the server to see if the memory issue would go away and in my case the issue was resolved.  This particular domain controller was Virtualized with VMWare so I granted it a small memory reservation (256 MB) in VMWare. Additional Read more [...]

Processing of Group Policy failed. Windows attempted to read file sysvol\policies and was not successful

12 Replies
Issue: Numerous issues on DC including: Cannot apply group policy Cannot access the sysvol Errors include "Could not open pipe with [DC1]:failed with 53",      "Failed can not test for HOST SPN",      "An net use or LsaPolicy operation failed with error 53" DCDIAG Errors: Starting test: MachineAccount Could not open pipe with [DC1]:failed with 53: The network path was not found. Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN Starting Read more [...]

enable inheritance on all AD user accounts

36 Replies
Issue:  You need to enable permission inheritance on all AD user accounts or a specific group of accounts. Background: Enabling inheritance on AD accounts typically required one to check the "include inheritable permissions..." checkbox on the 'Security Tab > Advanced' screen in ADUC on every user account one at a time (see checkbox of doom).  That's a whole lot of clicking! Solution: PowerShell can be used to enable permissions inheritance on a large group of AD user accounts. 1) Read more [...]

force GPUPDATE on all domain computers

1 Reply
Issue: You need to force group policies to refresh on all domain computers immediately rather than waiting the default 90 minutes. Solution: You can use PSEXEC to accomplish this feat. 1) Download PSTOOLS from Microsoft, extract and copy to c:PSTOOLS 2) Open a Command Prompt as administrator: To update group policies on all domain machines: psexec \\* gpupdate /force PSEXEC queries Active Directory for the computer names to run the command against, thus it will likely run against Read more [...]

“The target principal name is incorrect” | DC Stops Replicating Pt. 3

1 Reply
This article is the final installment of our three part series.  We will be continuing from our previous article: "[WARNING] Failed to query SPN registration on DC" | Domain Controller Stops Replicating Pt. 2.  Our previous efforts have brought us even closer to resolving the replication issues on our Los Angeles Domain Controller, however more work awaits us in this AD Replication saga. We will now continue and troubleshoot the error: "The target principal name is incorrect" which is detected Read more [...]