Windows Server 2008 R2 ADUC – Naming information cannot be located

active-directorywindowswindows-patchingwindows-server-2008

I'm having a very hard time with Active Directory.

Brand new server with a fresh install of Windows Server 2008 R2 SP1. Everything was fine until it restarted after installing updates.

When I try to access ADUC, I receive a message "Naming information cannot be located because: The network path was not found"

If I run dcdiag from cmd, I get:

Trying to find home server...
Home Server = CEMSA-AD
[CEMSA-AD] LDAP connection failed with error 0,
The operation completed successfully..
[CEMSA-AD] Unrecoverable LDAP Error 89:

I have checked DNS, it is all correct, nslookup resolves correctly.
LDAP is also running as I can connect to the LDAP server using Sysinternals AD Explorer.

Problem is, I cannot manage any users and groups at the moment.

Active Directory Administration Center works, but again, parts of it such as group memberships fail.

Best Answer

Just to be clear, is the problem with ADUC or ADAC? A patch in December broke ADAC and needs to be uninstalled to restore ADAC functionality.

The bad patches include KB 3205394 for Windows 7 and KB 3206632, KB 3205386 for Windows 10.

FMI: http://www.infoworld.com/article/3155264/microsoft-windows/december-windows-security-patches-crash-active-directory-admin-center.html

Related Solutions

Unable to dcpromo new 2008 Server in 2000 domain

This is going to sound crazy but only because I did this to myself once. Check and be sure there are no firewalls or network issues. I had one network once where I accidently had the windows firewall turned on, on one of the DC's (there were 4), so because this DC wasn't replicating properly I couldn't do any AD upgrades. Though the rest of the network was working fine so there were no symptions until I tried to update the schema in my case.

Simple test, make sure each DC can ping every other DC and that all DNS is resolving properly. Also ensure the AD is in the highest that Windows 2000 can go, I'm not sure how backwards compatiable 2008 is as a DC.

Windows – Setting up LDAP connection between CentOS and Windows server 2008

The error message is fairly straightforward:

text: 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this 
operation a successful bind must be completed on the connection., data 0

That means you need to authenticate before you can query the directory. A typical command line will look something like this:

ldapsearch -x -H ldaps://dc.example.com/ -D lars@example.com -W cn=lars

This connect using simple authentication (-x) to dc.example.com using LDAP over SSL (ldaps://). I am authenticating as lars@example.com and the command will prompt me for a password (-W). I am searching for records matching cn=lars.

You can also authenticate against AD using Kerberos. Assuming everything is set up correctly, that looks like:

$ kinit lars@example.com
Password for lars@EXAMPLE>COM: 
$ ldapsearch -H ldap://dc.example.com cn=lars

In either case, you generally want to create accounts specifically to act as bind credentials, rather than using an administrative or a user account.

It is possible to configure Active Directory to allow anonymous binds. It is also possible to set up something else -- e.g., OpenLDAP -- as an anonymous bind proxy for AD.

Best Answer

Related Solutions

Unable to dcpromo new 2008 Server in 2000 domain

Windows – Setting up LDAP connection between CentOS and Windows server 2008

Related Topic