none
to get some errors about group policy due to disabled an account

    General discussion

  • Hello

    I have an active directory on windows 2012 datacenter. there is a domain on it. it works well.

    Also there is a another AD on another location.  there is another  domain on it. also it works too. 

    there is a trust relationship between 2 domains.

    I disabled an account on first AD server 4 days ago. and then my colleague who manages second AD, notified that started to recieve some errors from eventviewer and have an issue about their group policy.

    the issue event as below;

    The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller

    (LDAP Bind function call failed). Look in the details tab for error code and description.

    Event ID 1006

    Event Source Group Policy

    I think the concerning account was built on the second AD for a service. But we don't know how we can find the account on the second AD server in order to change it.

    How can I fix the issue?

    Thanks

    Saturday, January 24, 2015 2:24 PM

All replies

  • Hi Yavuz,

    >>But we don't know how we can find the account on the second AD server in order to change it.

    What account did we disable? We can check the error code (displayed as a decimal) and error description fields of Event ID 1006 to see if more information can be found.

    Regarding Event ID 1006, the following article can be referred to for more information.

    Event ID 1006 — Group Policy Preprocessing (Active Directory)

    https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx

    Best regards,

    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 27, 2015 8:05 AM
    Moderator
  • Hello

    I had disabled the account on first AD. Namely this account is not already on the second AD.

    But the second AD or trust relationships between 2 AD may have been installed by this disabled account a long time ago.

    This account effects group policy on the second AD.

    When i look at the eventviewer on the second AD, the error code is as below

    Error code 49

    Error description invalid credentials

    How can i fix the problem?

    Thanks


    Tuesday, January 27, 2015 9:39 AM