Chat now with support
Chat with Support

Active Administrator 8.6.3 - Web Console User Guide

Active Administrator Web Console Overview Active Directory Health Alerts Notifications Active Directory Health Check
Using the Health Check landing page Creating a Health Check Setting options for Health Check tests Purging Health Check History Health check tests
Forest tests Domain tests Domain controller tests Site tests
Active Directory Topology Reports Network Operations Center

Domain tests

Active Administrator contains the following domain tests:

Conflict encountered during replication

Indicates that conflicting objects were encountered during replication and reported by Active Directory®.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: Domain user privilege is required.

Conflicts arise when two objects are created independently at separate locations in the domain. When a conflict is detected during replication, Active Directory creates a conflict entry appending the following to the domain name of the object:

CNF:<GUID-of-authoritative-object>

DC replication latency

Indicates that replication changes from one domain controller to all other domain controllers in the naming context exceeds the configured threshold.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: Domain user privileges with rights to list contents, create objects, read and write properties under the AATemp organizational unit in the domain root.

High replication latency values mean that changes you make in the directory are taking too long to replicate to all of the other domain controllers, which can cause operational difficulties. For example, a user cannot use a new password if the password has not replicated to their domain controller. High replication latency values can also cause directory problems. If you make a change to the Configuration naming context by adding a new site or a new domain controller, the replication process will not work correctly until all domain controllers have a copy of the new site or new domain controller.

High latency times are usually due to poor network connectivity, non-functional domain controllers, or incorrect replication schedules.

Make sure that the replication latency is actually too high. In a site with fewer than five domain controllers, the intra-site replication latency should be around five minutes. As you add domain controllers in a site, the intra-site replication latency should go up to about 20-30 minutes, and then stabilize. Inter-site replication latency depends entirely on the link schedules between the sites.

If the latency truly is too high, make sure there are no domain controllers that are down. If a single domain controller acts as a bridgehead between sites, and it goes down, replication will never actually occur.

DNS domain missing SRV records

Indicates one or more requisite Domain Name System (DNS) service locator (SRV) entries are not defined.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: Domain user privilege is required.

Service Records or SRV records are registered specifically for domain controllers when a member server is promoted to a domain controller. The Netlogon service on the domain controller is responsible for registering SRV records. Because Active Directory® depends on DNS, if SRV records of domain controllers are missing from the DNS Zone of the domain, critical failures of Active Directory services can occur.

The following methods can be used to re-register SRV records of a domain controller in the domain DNS zone:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating