none
Users not found specific DC

    Question

  • We have 2 Windows 2012 R2 DC's. We performing a search for specific users using Powershell, they are only found on DC1 and not on DC2. When performing the same search with ADUC, these users are found on both DC's.

    These are users that have been in the AD from the get go. There are no known sync problems. Any ideas?

    Monday, April 10, 2017 3:12 PM

All replies

  • Synchronization problems are the only explanation I can think of. How do you search for the users? In ADUC, or with PowerShell? In PowerShell you can use the Get-ADUser cmdlet and specify a DC with the -Server parameter, and specify the user by sAMAccountName with the -Identity parameter.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, April 10, 2017 3:43 PM
  • Yes, I can specify the other DC in Powershell (-server) and then it shows the user, but I would like to know why the other DC doesn't show the user.

    ADUC works just fine on both DC's.

    Tuesday, April 11, 2017 8:03 AM
  • I'm sorry, but I don't understand the problem. Do you mean that the user shows up in ADUC on both DC's (when ADUC is pointed to each DC)? When you use Get-ADUser and specify the DC with -Server, you see the user on both DC's?

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, April 11, 2017 4:24 PM
  • Mostly it's a replication issue, did you check the replication from affected domain controller?


    Regards,
    Ganesamoorthy.S
    www.windowstricks.in)


    Tuesday, April 11, 2017 6:36 PM
  • Powershell on DC01: get-aduser finds affected user account
    Powershell on DC02: get-aduser doesn't find affected user account
    Powershell on DC02: get-aduser -server 'DC01' finds affected user

    ADUC on server DC01: search finds affected user account
    ADUC on server DC02: search finds affected user account

    ===========================================

    Replication between the DC's:

    C:\Windows\system32>repadmin /showrepl

    Repadmin: running command /showrepl against full DC localhost
    Main-*****-site\*****dc01
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: *****
    DSA invocationID: *****

    ==== INBOUND NEIGHBORS ======================================

    DC=*****,DC=com
        Main-*****-site\*****dc02 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 11:10:12 was successful.

    CN=Configuration,DC=*****,DC=com
        Main-*****-site\*****dc02 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:59:28 was successful.

    CN=Schema,CN=Configuration,DC=*****,DC=com
        Main-*****-site\*****dc02 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:59:28 was successful.

    DC=DomainDnsZones,DC=*****,DC=com
        Main-*****-site\*****dc02 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:59:28 was successful.

    DC=ForestDnsZones,DC=*****,DC=com
        Main-*****-site\*****dc02 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:59:28 was successful.

    ---------------

    C:\Windows\system32>repadmin /showrepl

    Repadmin: running command /showrepl against full DC localhost
    Main-iaas-site\*****dc02
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: *****
    DSA invocationID: *****

    ==== INBOUND NEIGHBORS ======================================

    DC=*****,DC=nl
        Main-iaas-site\*****dc01 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:52:57 was successful.

    CN=Configuration,DC=*****,DC=com
        Main-iaas-site\*****dc01 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:49:47 was successful.

    CN=Schema,CN=Configuration,DC=*****,DC=com
        Main-iaas-site\*****dc01 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:49:47 was successful.

    DC=DomainDnsZones,DC=*****,DC=com
        Main-iaas-site\*****dc01 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:49:47 was successful.

    DC=ForestDnsZones,DC=*****,DC=com
        Main-iaas-site\*****dc01 via RPC
            DSA object GUID: *****
            Last attempt @ 2017-04-12 10:49:47 was successful.

    -----------------


    Wednesday, April 12, 2017 9:17 AM
  • When running Powershell "run as administrator" all search results are displayed.
    Thursday, April 13, 2017 1:03 PM
  • Hi,
    Appreciate for the update and share, can I think that the issue is fixed now? If yes, please we would appreciate you to mark them as answers, it will be greatly helpful to others who have the same question.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 19, 2017 2:08 AM
    Moderator
  • Sorry for the delayed response. We consider it a workaround, not a solution/fix.

    Friday, May 5, 2017 11:35 AM