Missing SRV DNS record for either the primary or secondary DNS server
Data collector
• Category: General
• Name: Missing domain controller SRV DNS record
• Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
• Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.Description
_ldap._tcp.<zone-name>This alert is accompanied by a list of the missing SRV entries.
Cause
Resolution
NETLOGON not shared
Data collector
• Category: Validations
• Name: Is the domain controller folder Netlogon shared
• Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
• Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.Description
Logon scripts for a domain controller are found under the NETLOGON admin share for Windows NT. On Windows NT domain controllers, the %SystemRoot%\System32\Repl\Import\Scripts folder is shared as NETLOGON. Dcpromo modifies the registry value that defines the path to the NETLOGON share to %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts.
The default folder structure is:
Any changes to the %systemroot%\SYSVOL folder on any domain controller are replicated to the other domain controllers in the domain. Replication is RPC based.
Resolution
To set the Netlogon path
1
2 Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
3
4To share folders with other users on your network
1
2
4 Click Share this folder in File and Folder Tasks.
5 In the Properties dialog box, select Share this folder to share the folder with other users on your network.Related articles
NetLogon service is not running
Indicates the NetLogon service is currently not running on the domain controller.
Data collector
• Category: Windows Services
• Name: Netlogon Windows Service
• Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
• Required permissions: When monitored locally, only domain user privilege is required. When monitored remotely, domain administrator privilege is required.Description
The Directory Analyzer agent periodically checks to ensure that the Net Logon service is running.
Resolution
Use the Services MCC snap-in or another SCP application to restart the Net Logon service.
• |
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 |
• |
Required permissions: When monitored locally or remotely, read access to SYSVOL. |
Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete.
© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center