Windows Data Server

Kelvin Cheung

Member
Joined
Oct 31, 2024
Messages
14
My data server runs on Windows Server 2008 R2, lately this issue comes many times, the Internet access icon show No Internet connection, the SSID is shown instead of the AD group name in each access right list in the tab of Security of shared folder, but users (both in Windows and Mac) cannot access the shared folders. After reboot the data server, it works normally.


Do you have any idea the cause of this issue? How to fix it?
 


Solution
The fact that the issue occurs every 24 hours and resolves after a reboot suggests that this may be related to a scheduled process or service that's failing or misbehaving over time. Here are some more targeted areas to investigate, along with potential solutions:

Further Investigation:​

  1. Scheduled Tasks:
    • Check if there are any scheduled tasks running at regular intervals (e.g., every 24 hours) that could be affecting network connectivity or AD services. Look in Task Scheduler for any unusual tasks.
  2. Event Viewer Logs:
    • Open Event Viewer (run eventvwr.msc) and check the System and Application logs around the time the issue occurs. Look for warning or error entries related to networking...
The version you provided from the Active Directory Users and Computers (ADUC) application—6.3.9600.16384—indicates that you are using Windows Server 2012 R2. Here are the implications of this version and recommendations moving forward:

Assessment of the Active Directory Version​

  1. Version Validity:
    • 6.3.9600.16384 corresponds to Windows Server 2012 R2, which is generally considered stable and feature-rich for the time it's from. However, it’s important to note that this version is several years old, as Microsoft has since released Windows Server 2016, 2019, and 2022, each introducing new features, enhancements, and security improvements.
  2. Support Status:
    • As of now, Windows Server 2012 R2 is in its extended support phase, meaning that while it still receives security updates, it may not receive new features or enhancements. Be diligent about security updates to keep the environment secure.

Recommendations Moving Forward​

  1. Consider Upgrading:
    • If your organization has the resources and there are business requirements for new features or improved security, consider planning an upgrade to a more recent version, such as Windows Server 2019 or 2022. Newer versions offer enhancements like:
      • Improved Active Directory features and functionalities.
      • Enhanced security protocols.
      • Better integration with cloud solutions.
  2. Regular Backups:
    • Ensure you continue to perform regular backups of Active Directory and the entire server. Given that you are on an older version, maintaining good backup practices will safeguard against potential failures or corruption.
  3. Audit and Monitor:
    • Regularly audit Active Directory for unused accounts, excessive privileges, or lingering objects that may compromise security. Consider implementing monitoring tools to alert on anomalies and potential security breaches.
  4. Keep Documentation Up to Date:
    • Document your Active Directory configuration, policies, and any modifications made over time. This documentation will assist in troubleshooting and future upgrades.
  5. Evaluate Compatibility:
    • If you plan to add new applications or services, ensure they are compatible with Windows Server 2012 R2. Some modern applications may have requirements that are not supported by older operating systems.
  6. Plan for Retirement:
    • If your organization does not have an immediate plan to upgrade, start preparing for potential migration strategies or cloud transitions (e.g., Azure Active Directory) to future-proof your operations.

Conclusion​

The current version of Active Directory you are running is supported and functional. However, as technology advances, planning for future upgrades is essential to maintain security, efficiency, and feature access. If an upgrade is not feasible in the short term, focus on maintaining a secure, well-documented, and highly available environment. If you have any further questions or need guidance on upgrading or managing your Active Directory, feel free to ask!
 


Backup of AD is completed and Raised Domain Functional Level.
Please refer to following screen capture of our domain
1730453006961.webp

What is the next step suggested to perform?
 


Great job on completing the Active Directory backup and raising the domain functional level! Based on the information from your screenshot, here are the next steps you should consider.

Next Steps After Raising the Domain Functional Level​

  1. Raise Forest Functional Level:
    • Since your forest functional level is still set to Windows Server 2003, consider raising it to match the highest version of your domain (Windows Server 2012 R2). This will allow you to enable additional features that are available at higher forest functional levels.
    • To do this:
      • In the same properties dialog where you raised the domain functional level, you should see an option to raise the forest functional level. Make sure all domain controllers in the forest are running a compatible version (Windows Server 2003 or later).
      • Select the desired level and confirm the action.
  2. Update Group Policies:
    • After making changes to the functional levels, review any Group Policies that may be affected. Ensure they are configured according to best practices and reflect the capabilities of the new functional levels.
    • Run gpupdate /force on domain controller(s) to ensure that policies are applied correctly.
  3. Monitor Domain and Replication:
    • Monitor the domain for any replication issues. Use the repadmin /replsummary command to check the replication status across your domain controllers.
    • Check the Event Viewer for any related issues or warnings, especially under the Directory Service logs.
  4. Test Active Directory Features:
    • Test the functionalities that come with the new domain functional level. This could include:
      • User login and authentication processes.
      • Access to network resources and shared folders.
      • Any new AD features available at the functional level.
  5. Backup AD and Critical Data:
    • Consider performing another backup after all changes have been confirmed successful. This adds another layer of security to your AD environment after making significant configuration changes.
  6. Plan for Additional Updates:
    • Evaluate your IT strategy for any future upgrades or adjustments. If you plan to migrate to later server versions (like 2016 or 2019), start documenting your current configuration and any applications that may be impacted.
  7. Training and Documentation:
    • Ensure that all staff managing Active Directory are trained on the new features and understand the configuration changes. Update documentation to reflect the current state of your Active Directory environment.
By following these steps, you can ensure that your Active Directory environment is optimized and taking full advantage of the capabilities of Windows Server 2012 R2 functional levels. If you have any questions about specific tasks or features, feel free to ask!
 


1730789431858.webp

As I am going to raise the forest function level in AD of DC1.
In the same properties, there is no Raise Forest Functional Level
option found. (please refer to attached screen capture above).

1. Could you give me suggestion to perform this action (raise forest functional level)?

2. Which level should be chosen in this case?

Thanks
 


It looks like you're ready to raise the forest functional level in Active Directory but are unable to find the option in your current console view. Here are some clarifications and steps you can take:

1. Why You Might Not See the "Raise Forest Functional Level" Option​

The ability to raise the forest functional level is typically managed through the Active Directory Domains and Trusts management console, not directly through the Active Directory Users and Computers console. This is often a point of confusion.

Steps to Raise Forest Functional Level​

Follow these steps to access the appropriate tool and raise the forest functional level:
  1. Open Active Directory Domains and Trusts:
    • Go to Start > Administrative Tools > Active Directory Domains and Trusts.
    • Alternatively, you can run domain.msc in the Run dialog (Windows + R).
  2. Access the Forest Functional Level:
    • In the left pane, right-click on the root of your domain (it should display your forest's name).
    • Select Raise Forest Functional Level from the context menu.
  3. Select the Desired Forest Functional Level:
    • A dialog box will appear displaying the current forest functional level and the available levels to raise it to.
    • Since both of your domain controllers (DC1 and DC2) are running Windows Server 2012 R2, you should select Windows Server 2012 R2 as the new functional level.
    • Click Raise and confirm your choice.

2. Which Level to Choose​

You should choose Windows Server 2012 R2 as the new forest functional level. By raising it to this level, you’ll enable access to features that enhance performance and security within Active Directory while also ensuring your environment supports any newer applications or functionalities tied to this version.

Additional Notes​

  • Make sure that all your domain controllers are operating on this version or later. This is a requirement for raising the forest functional level.
  • Before making changes, ensure that you have a backup of your Active Directory as discussed in previous messages.
  • If you encounter any issues or have questions during this process, feel free to ask!
By following these steps, you should be able to successfully raise the forest functional level and leverage the full capabilities of your Active Directory environment.
 


According to your suggestion, I open the Active Directory Domains and Trusts, and try to Raise the level Forest Functional Level.
However, it is found that only Raise Domain Functional Level in the list.
Could you please give further information in this case.
Thank you
1730790125276.webp
 


It appears that you're still encountering issues with finding the option to raise the forest functional level in your Active Directory environment. Let’s troubleshoot this further and clarify the conditions under which you can find this option.

Possible Reasons for Not Seeing the "Raise Forest Functional Level" Option​

  1. Administrator Permissions:
    • Ensure you are logged in with an account that has sufficient permissions to change the forest functional level. You should be a member of the Enterprise Admins group to perform this action.
  2. Console Configuration:
    • The "Active Directory Domains and Trusts" console may not be displaying the correct context if it hasn't been configured properly or if the view has not been refreshed.
    • Ensure that the root node is selected. If you have not expanded the console properly, the forest option might not be visible.
  3. Domain Controllers Compatibility:
    • Verify that all domain controllers in the forest are indeed running compatible versions (Windows Server 2012 R2 or later). If there is an older version in your forest, it will prevent you from raising the forest functional level.

Suggested Steps to Resolve the Issue​

  1. Check Permissions:
    • Confirm that you are logged in with an account that has Enterprise Admins permissions. If not, try logging in with the appropriate account.
  2. Select the Forest Root:
    • In the "Active Directory Domains and Trusts" console, be sure to select the root of your forest. If necessary, close the console and reopen it, ensuring you are viewing the complete structure:
      • When you open the console, ensure the tree is fully expanded, and you are clicking on the top-most node which represents the forest.
  3. Run the Active Directory Users and Computers Console:
    • If the forest functional level option is still not available, try accessing it using Active Directory Users and Computers to verify that your setup is correct.
    • Right-clicking on the domain should still provide the option to check the properties.
  4. Use PowerShell:
    • If the GUI options continue to elude you, consider using PowerShell to raise the forest functional level. Open PowerShell as an Administrator and execute:
      Code:
      powershell Set-ADForestMode -Identity  -ForestMode Windows2012R2Forest
      • Replace with your actual forest name.
    • Check for Issues in Event Viewer:
      • Review the Event Viewer for any Active Directory-related error messages that might point to why the option is unavailable.

Conclusion​

If you systematically review permissions, ensure you are looking at the correct context within the "Active Directory Domains and Trusts" console, and consider using PowerShell as an alternative, you should be able to successfully raise the forest functional level. If the problem persists, further investigation into the health of your Active Directory environment may be necessary. Please let me know if you need more assistance or clarification on any of these steps!
 


I could locate the function and have raised the forest functional level to Windows Server 2012 R2.

1730791743886.webp


1. What is the next step to be followed according to your previous suggested solution on fixing the communication issue between data server and domain controller?

2. Does the two domain controllers auto synchronize ? How could I check the outcome?
 


Congratulations on successfully raising the forest functional level to Windows Server 2012 R2! Here’s how to proceed based on your previous objectives regarding communication issues between your data server and domain controllers.

1. Next Steps to Fix Communication Issues​

Given the domain and forest functional levels are now set, the next steps to address any communication issues would be:
A. Verify Active Directory Connectivity:
  • Ensure that your data server can communicate effectively with the domain controllers. You can perform the following checks:
    • Use ping to check connectivity to your domain controllers:
      Code:
      shell ping
      • Use nslookup to confirm DNS resolution for the domain name and domain controllers:
        Code:
        shell nslookup

B. Check Account and Permissions:
  • Verify that the account used to log in to the data server has the necessary permissions to interact with the Active Directory.
C. Review Firewall Settings:
  • Check Windows Firewall settings (or any third-party firewall) on both the data server and domain controllers to ensure that necessary ports are open. Common ports used by Active Directory include:
    • TCP/UDP 53 for DNS
    • TCP 88 for Kerberos authentication
    • TCP/UDP 135 for RPC
    • TCP 389 and TCP 636 for LDAP
D. Use DCDiag for Diagnostics:
  • Run dcdiag on the domain controllers to check their health and ensure there are no issues impacting communication. Look for any errors that indicate replication or connectivity problems, which can be done by executing:
    Code:
    shell dcdiag /v

2. Synchronization Between Domain Controllers​

Do Domain Controllers Auto-Synchronize?
  • Yes, domain controllers in the same Active Directory domain automatically synchronize their data with each other. This includes user accounts, security groups, and other objects within Active Directory.
How to Check Synchronization?
To monitor and validate replication between domain controllers, you can:
A. Use Repadmin Tool:
  • The repadmin tool helps in managing and troubleshooting Active Directory replication. You can run the following command to check the replication status:
    Code:
    shell repadmin /replsummary
  • This will provide a summary of replication status across all domain controllers.
B. Check Event Viewer:
  • Open Event Viewer on the domain controllers and navigate to:
    Code:
     Applications and Services Logs > Microsoft > Windows > Active Directory Domain Services > Operational
  • Here you might find logs related to successful or failed replication attempts.
C. Validate Replication using Active Directory Sites and Services:
  • Open Active Directory Sites and Services and inspect the replication links between your domain controllers to ensure they are enabled and functioning.

Conclusion​

Following these steps will help ensure that your data server communicates effectively with your domain controllers and that synchronization is functioning as expected. Monitoring replication and resolving any issues promptly will keep the environment healthy. Please let me know if you encounter any issues or need further assistance!
 


Back
Top