Назад | Перейти на главную страницу

Старые учетные записи сервера сохраняются после миграции на Windows Server 2019

Я прошел через процесс миграции Active Directory 2012 R2 в Active Directory 2019. За исключением нескольких портов брандмауэра, которые нужно было открыть, я смог пройти через процесс продвижения нового компьютера с Windows Server 2019 и понижения уровня старого Windows Server 2012 r2.

После отключения старого сервера я заметил, что несколько компьютеров находились в разных «Сетях». Старая конфигурация сервера и сети использовалась для отображения доменного имени как «LJBS-DOMAIN». Теперь на компьютерах рабочих станций было показано «Сеть 2» или «Сеть 3». Что еще хуже, на некоторых компьютерах (в зависимости от сети) были разные учетные данные для одной и той же учетной записи.

Я немного не понимаю, что произошло во время этой миграции. Сервер находится на собственном статическом IP-адресе. Я также прошел через каждую рабочую станцию ​​(около 10), которые изменили их на статический IP (ничего не изменили). Все они отображаются как «частная сеть» вместо ожидаемой «доменной сети».

При просмотре сервера в Active Directory все компьютеры были перечислены должным образом. Пытаясь что-то изменить, я удалил одну из них из списка. Это не повлияло на удаленную мной рабочую станцию ​​(т.е. она все еще использовала старые учетные данные для аутентификации). Затем я попытался удалить одну из рабочих станций из домена и переместил ее в рабочую группу. Когда я попытался переместить его обратно в домен, он сказал, что не может быть достигнуто.

Ниже dcdiag вывод. Я заметил Connectivity Test терпит неудачу с The host e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings.

Я полностью отключил брандмауэр, и эта ошибка все еще существует.

Любые идеи были бы полезны. Пожалуйста, дайте мне знать, могу ли я предоставить дополнительную информацию для отладки. Я пытаюсь не переустановить функции Active Directory, DHCP и DNS.

Сетевой дисплей

Конфигурация IP сервера

Настройки DNS рабочей станции

Настройки DNS рабочей станции

Результаты DCDIAG

Command Line: "dcdiag.exe 
/v /c /d /e /s:LJBS-SERVER2"

Directory Server Diagnosis


Performing initial setup:

   * Connecting to directory service on server LJBS-SERVER2.

   LJBS-SERVER2.currentTime = 20191007032614.0Z

   LJBS-SERVER2.highestCommittedUSN = 98340

   LJBS-SERVER2.isSynchronized = 1

   LJBS-SERVER2.isGlobalCatalogReady = 1

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   LJBS-SERVER2.currentTime = 20191007032614.0Z

   LJBS-SERVER2.highestCommittedUSN = 98340

   LJBS-SERVER2.isSynchronized = 1

   LJBS-SERVER2.isGlobalCatalogReady = 1

   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.



===============================================Printing out pDsInfo

GLOBAL:
    ulNumServers=1
    pszRootDomain=LJBS-DOMAIN.local
    pszNC=
    pszRootDomainFQDN=DC=LJBS-DOMAIN,DC=local
    pszConfigNc=CN=Configuration,DC=LJBS-DOMAIN,DC=local
    pszPartitionsDn=CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
    fAdam=0
    iSiteOptions=0
    dwTombstoneLifeTimeDays=180

    dwForestBehaviorVersion=5

    HomeServer=0, LJBS-SERVER2

    SERVER: pServer[0].pszName=LJBS-SERVER2
        pServer[0].pszGuidDNSName (binding str)=e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local
        pServer[0].pszDNSName=LJBS-SERVER2.LJBS-DOMAIN.local
        pServer[0].pszLdapPort=(null)
        pServer[0].pszSslPort=(null)
        pServer[0].pszDn=CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pServer[0].pszComputerAccountDn=CN=LJBS-SERVER2,OU=Domain Controllers,DC=LJBS-DOMAIN,DC=local
        pServer[0].uuidObjectGuid=e431da7d-fae3-46a9-9abb-5410488794d0
        pServer[0].uuidInvocationId=1b2c7dd4-b6ae-4b4b-9690-fdd68ad690d7
        pServer[0].iSite=0 (Default-First-Site-Name)
        pServer[0].iOptions=1
        pServer[0].ftLocalAcquireTime=f8fa2070 01d57cbe 

        pServer[0].ftRemoteConnectTime=f8f90f00 01d57cbe 

        pServer[0].ppszMaster/FullReplicaNCs:
            ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=LJBS-DOMAIN,DC=local
            ppszMaster/FullReplicaNCs[4]=DC=LJBS-DOMAIN,DC=local

    SITES:  pSites[0].pszName=Default-First-Site-Name
        pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pSites[0].pszISTG=CN=NTDS Settings,CN=LJBS-SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LJBS-DOMAIN,DC=local
        pSites[0].iSiteOption=0

        pSites[0].cServers=1

    NC:     pNCs[0].pszName=ForestDnsZones
        pNCs[0].pszDn=DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local

            pNCs[0].aCrInfo[0].dwFlags=0x00000201
            pNCs[0].aCrInfo[0].pszDn=CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.LJBS-DOMAIN.local
            pNCs[0].aCrInfo[0].iSourceServer=0
            pNCs[0].aCrInfo[0].pszSourceServer=(null)
            pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[0].aCrInfo[0].bEnabled=TRUE
            pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[0].aCrInfo[0].pszNetBiosName=(null)
            pNCs[0].aCrInfo[0].cReplicas=-1
            pNCs[0].aCrInfo[0].aszReplicas=


    NC:     pNCs[1].pszName=DomainDnsZones
        pNCs[1].pszDn=DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local

            pNCs[1].aCrInfo[0].dwFlags=0x00000201
            pNCs[1].aCrInfo[0].pszDn=CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.LJBS-DOMAIN.local
            pNCs[1].aCrInfo[0].iSourceServer=0
            pNCs[1].aCrInfo[0].pszSourceServer=(null)
            pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
            pNCs[1].aCrInfo[0].bEnabled=TRUE
            pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[1].aCrInfo[0].pszNetBiosName=(null)
            pNCs[1].aCrInfo[0].cReplicas=-1
            pNCs[1].aCrInfo[0].aszReplicas=


    NC:     pNCs[2].pszName=Schema
        pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local

            pNCs[2].aCrInfo[0].dwFlags=0x00000201
            pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[2].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[2].aCrInfo[0].iSourceServer=0
            pNCs[2].aCrInfo[0].pszSourceServer=(null)
            pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[2].aCrInfo[0].bEnabled=TRUE
            pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[2].aCrInfo[0].pszNetBiosName=(null)
            pNCs[2].aCrInfo[0].cReplicas=-1
            pNCs[2].aCrInfo[0].aszReplicas=


    NC:     pNCs[3].pszName=Configuration
        pNCs[3].pszDn=CN=Configuration,DC=LJBS-DOMAIN,DC=local

            pNCs[3].aCrInfo[0].dwFlags=0x00000201
            pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[3].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[3].aCrInfo[0].iSourceServer=0
            pNCs[3].aCrInfo[0].pszSourceServer=(null)
            pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
            pNCs[3].aCrInfo[0].bEnabled=TRUE
            pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[3].aCrInfo[0].pszNetBiosName=(null)
            pNCs[3].aCrInfo[0].cReplicas=-1
            pNCs[3].aCrInfo[0].aszReplicas=


    NC:     pNCs[4].pszName=LJBS-DOMAIN
        pNCs[4].pszDn=DC=LJBS-DOMAIN,DC=local

            pNCs[4].aCrInfo[0].dwFlags=0x00000201
            pNCs[4].aCrInfo[0].pszDn=CN=LJBS-DOMAIN,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local
            pNCs[4].aCrInfo[0].pszDnsRoot=LJBS-DOMAIN.local
            pNCs[4].aCrInfo[0].iSourceServer=0
            pNCs[4].aCrInfo[0].pszSourceServer=(null)
            pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
            pNCs[4].aCrInfo[0].bEnabled=TRUE
            pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
            pNCs[4].aCrInfo[0].pszNetBiosName=(null)
            pNCs[4].aCrInfo[0].cReplicas=-1
            pNCs[4].aCrInfo[0].aszReplicas=


    5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, LJBS-DOMAIN, 
    1 TARGETS: LJBS-SERVER2, 

=============================================Done Printing pDsInfo

Doing initial required tests


   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         The host e431da7d-fae3-46a9-9abb-5410488794d0._msdcs.LJBS-DOMAIN.local

         could not be resolved to an IP address. Check the DNS server, DHCP,

         server name, etc.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ......................... LJBS-SERVER2 failed test Connectivity



Doing primary tests


   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Skipping all tests, because server LJBS-SERVER2 is not responding to

      directory service requests.

      Test omitted by user request: Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Test omitted by user request: FrsEvent

      Test omitted by user request: DFSREvent

      Test omitted by user request: SysVolCheck

      Test omitted by user request: KccEvent

      Test omitted by user request: KnowsOfRoleHolders

      Test omitted by user request: MachineAccount

      Test omitted by user request: NCSecDesc

      Test omitted by user request: NetLogons

      Test omitted by user request: ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Test omitted by user request: Replications

      Test omitted by user request: RidManager

      Test omitted by user request: Services

      Test omitted by user request: SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Test omitted by user request: VerifyReferences

      Test omitted by user request: VerifyReplicas


      Starting test: DNS



         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... LJBS-SERVER2 failed test DNS


   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... ForestDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=c9fee44c-111b-48bb-8699-e873baaef44f,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... ForestDnsZones failed test

         CrossRefValidation


   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... DomainDnsZones failed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=da23dd28-0c5d-4a68-a73d-f07685c118be,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... DomainDnsZones failed test

         CrossRefValidation


   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition

            (CN=Schema,CN=Configuration,DC=LJBS-DOMAIN,DC=local) we encountered

            the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... Schema failed test CrossRefValidation


   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=LJBS-DOMAIN,DC=local) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... Configuration failed test CrossRefValidation


   Running partition tests on : LJBS-DOMAIN

      Starting test: CheckSDRefDom

         ......................... LJBS-DOMAIN passed test CheckSDRefDom

      Starting test: CrossRefValidation

            For the partition (DC=LJBS-DOMAIN,DC=local) we encountered the

            following error retrieving the cross-ref's

            (CN=LJBS-DOMAIN,CN=Partitions,CN=Configuration,DC=LJBS-DOMAIN,DC=local)

             information: 
               LDAP Error 0x3a (58). 
         ......................... LJBS-DOMAIN failed test CrossRefValidation


   Running enterprise tests on : LJBS-DOMAIN.local

      Starting test: DNS

         Test results for domain controllers:


            DC: LJBS-SERVER2.LJBS-DOMAIN.local

            Domain: LJBS-DOMAIN.local




               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  The OS

                  Microsoft Windows Server 2019 Standard (Service Pack level: 0.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet:

                     MAC address is 4C:D9:8F:8F:77:FB
                     IP Address is static 
                     IP address: 192.168.0.7
                     DNS servers:

                        Warning:
                        192.168.0.7 (LJBS-SERVER2) [Invalid]
                        Warning: adapter

                        [00000002] Broadcom NetXtreme Gigabit Ethernet has

                        invalid DNS server: 192.168.0.7 (LJBS-SERVER2)

                        Warning:
                        127.0.0.1 (LJBS-SERVER2) [Invalid]
                        Warning: adapter

                        [00000002] Broadcom NetXtreme Gigabit Ethernet has

                        invalid DNS server: 127.0.0.1 (LJBS-SERVER2)

                  Error: all DNS servers are invalid

                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was not found
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
                  [Error details: 5 (Type: Win32 - Description: Access is denied.)]
               Total query time:0 min. 0 sec.. Total RPC connection

               time:0 min. 0 sec.

               Total WMI connection time:0 min. 0 sec. Total Netuse connection

               time:0 min. 0 sec.


         Summary of test results for DNS servers used by the above domain

         controllers:



            DNS server: 192.168.0.7 (LJBS-SERVER2)

               2 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.LJBS-DOMAIN.local. failed on the DNS server 192.168.0.7
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               Total query time:0 min. 0 sec., Total WMI connection

               time:0 min. 0 sec.


         Summary of DNS test results:


                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: LJBS-DOMAIN.local

               LJBS-SERVER2                 PASS FAIL n/a  n/a  n/a  n/a  n/a  

         Total Time taken to test all the DCs:0 min. 0 sec.

         ......................... LJBS-DOMAIN.local failed test DNS

      Starting test: LocatorCheck

         GC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local

         Locator Flags: 0xe001f3fd
         PDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Preferred Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         KDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         ......................... LJBS-DOMAIN.local passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local

         Locator Flags: 0xe001f3fd
         PDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         Preferred Time Server Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         KDC Name: \\LJBS-SERVER2.LJBS-DOMAIN.local
         Locator Flags: 0xe001f3fd
         ......................... LJBS-DOMAIN.local passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... LJBS-DOMAIN.local passed test Intersite

Обновление 1

После запуска nltest /dsregdns, похоже, проблема с подключением LDAP все еще существует, но сообщение об ошибке другое.

PS C:\Windows\system32> Dcdiag /test:DNS

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = LJBS-SERVER2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LJBS-SERVER2
      Starting test: Connectivity
         An error that is usually temporary occurred during DNS host lookup. Please try again later.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... LJBS-SERVER2 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LJBS-SERVER2

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... LJBS-SERVER2 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : LJBS-DOMAIN

   Running enterprise tests on : LJBS-DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:

            DC: LJBS-SERVER2.LJBS-DOMAIN.local
            Domain: LJBS-DOMAIN.local


               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Warning: adapter [00000002] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.0.7
                  (LJBS-SERVER2)
                  Warning: adapter [00000002] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 127.0.0.1
                  (LJBS-SERVER2)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC
                  Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone LJBS-DOMAIN.local

            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters

         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.0.7 (LJBS-SERVER2)
               2 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.LJBS-DOMAIN.local. failed on the DNS server 192.168.0.7

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: LJBS-DOMAIN.local
               LJBS-SERVER2                 PASS FAIL PASS n/a  WARN FAIL n/a

         ......................... LJBS-DOMAIN.local failed test DNS

Обновление 2

Netdom query fsmo

PS C:\Windows\system32> netdom query fsmo
Schema master               LJBS-SERVER2.LJBS-DOMAIN.local
Domain naming master        LJBS-SERVER2.LJBS-DOMAIN.local
PDC                         LJBS-SERVER2.LJBS-DOMAIN.local
RID pool manager            LJBS-SERVER2.LJBS-DOMAIN.local
Infrastructure master       LJBS-SERVER2.LJBS-DOMAIN.local
The command completed successfully.

Я заметил, когда ковырялся %SystemRoot%\System32\DNS\ и %SystemRoot%\system32\config что он сказал, что у меня нет прав на чтение для просмотра этого файла. Мне интересно, есть ли проблема с разрешениями, препятствующая обновлению DNS? Я вошел в систему как старый аккаунт администратора домена.

Я также выполнил следующие команды:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Это ничего не обновляло в диспетчере DNS. dcdiag /fix тоже ничего не исправляет.

Я заметил это похоже никто записей DNS заполняются, как на этом изображении (в частности, в зонах прямого просмотра нет папок _msdcs, _tcp, _udp и т.д.):

Я попытался удалить всю функцию DNS с помощью опции «Удалить функцию», но когда она была добавлена ​​обратно, записей все еще не было. Могу ли я удалить / удалить файлы, которые могут обновить эти записи?