Missing domain controller SRV DNS record
Indicates one or more requisite Domain Name System (DNS) Service Locator (SRV) entries are not defined. DNS SRV entries are vital to the proper functioning of Active Directory®.
• |
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 |
• |
Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group. |
This test queries the DNS service for the SRV entries required for each zone hosted on the server. Note that this applies exclusively to zones designated as primary. This test does not evaluate SRV entries for accuracy - only that the entries are, in fact, present.
This test confirms the existence of the following SRV entries for each zone hosted on the server:
This test is accompanied by a list of the missing SRV entries.
Whenever a domain controller is promoted, the Microsoft NetLogon process registers the applicable SRV entries with the primary DNS server of the affected domain. As SRV entries are used to identify the constituent domain controllers, the Primary Domain Controller(PDC), and the owner of the global catalog of each zone, the absence of an SRV entry can have serious consequences for Active Directory.
The presence of all requisite SRV locator entries is evaluated for top-level zones exclusively. However, SRV locator entries of sub-zones that host at least one domain controller (with a Active Directory Health Analyzer agent) are evaluated.
Typically, missing SRV entries indicate that Dynamic DNS has been disabled for one or more DNS zones. Active Directory relies on Dynamic DNS to update all affected entries when network resources are altered or relocated. Other possible causes include DCPROMO failure, and erroneous manual configuration of SRV entries.
Confirm that Dynamic DNS is enabled on all applicable zones. Either add the SRV entries manually in the DNS Management Console or cause the entries to be refreshed (for example, by demoting and subsequently promoting the effected domain controllers).
NetLogon folder shared
Indicates if the NETLOGON folder is shared. File Replication Service requires this folder to be shared on domain controllers for replication to work correctly.
• |
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 |
• |
Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group. |
Logon scripts for a domain controller are found under the NETLOGON admin share for Windows® NT, whereas they are found under the SYSVOL share for Windows 2000, which can cause some confusion for Windows NT administrators not familiar with the name change. On Windows NT domain controllers, the %SystemRoot%\System32\Repl\Import\Scripts folder is shared as NETLOGON. Dcpromo modifies the registry value that defines the path to the NETLOGON share as part of the upgrade to %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts.
The default folder structure for W2K is:
Any changes to the %systemroot%\SYSVOL folder on any domain controller are replicated to the other domain controllers in the domain. Replication is RPC based.
You can use NETLOGON and SYSVOL to distinguish between a domain controller and a member server. If both the NETLOGON and SYSVOL shares exist on a W2K server, it is a domain controller. When dcpromo demotes a domain controller to a member server, the NETLOGON share is removed, so the presence of only SYSVOL indicates a member server.
All potential source domain controllers in the domain should themselves have shared the NETLOGON and SYSVOL shares and applied default domain and domain controllers policy.
SYSVOL directory structure:
1 |
Click Start, Click Run, type regedit, and press ENTER. |
2 |
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters. |
4 |
In the Value data box, enter the new path, including the drive letter, and click OK. |
1 |
Open My Documents in Windows Explorer. |
2 |
Click Start, point to All Programs, point to Accessories, and click Windows Explorer. |
4 |
Click Share this folder in File and Folder Tasks. |
5 |
In the Properties dialog box, select Share this folder to share the folder with other users on your network. |
NetLogon Windows service
Indicates if the NetLogon service is running on the domain controller.
• |
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 |
• |
Required permissions: When monitored locally, only domain user privilege is required. When monitored remotely, domain administrator privilege is required. |
Use the Services MCC snap-in or another SCP application to restart the Net Logon service.
Network adapter information
Information only. Displays the network adapter name. Indicates if DHCP is enabled, and if enabled, displays the time stamp for when the lease was obtained and when it expires, and the name of the DHCP server. Displays the domain name, DNS host name, MAC address, IP address, Subnet mask, Gateway IP address, DNS servers IP addresses, and primary and secondary WINS server IP addresses, if enabled.