Troubleshooting Active Directory Users and Computers

Applies To: Windows Server 2008

What problem are you having?

  • Cannot add or remove a domain..

  • Changes to group memberships are not taking effect..

  • Receiving "Domain not found," "Server not available," or "RPC server is unavailable" error messages..

Cannot add or remove a domain.

Cause:  The domain naming master is not available. This may be caused by a network connectivity problem or an Active Directory Installation Wizard failure. It may also be caused by a failure of the computer holding the domain naming operations master role (also known as flexible single master operations or FSMO). Or, the user who is attempting to add or remove the domain does not have the necessary administrative credentials.

Solution:  Identify the computer holding the domain naming master role by using the command netdom query fsmo, and then repair or replace the domain naming master computer. It may be necessary to seize the domain naming master role. Or, resolve the network connectivity problem. If this does not help solve the issue, see article Q223787 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=4441).

Changes to group memberships are not taking effect.

Cause:  The infrastructure operations master is not available. This may be caused by a network connectivity problem. It may also be caused by a failure of the computer holding the infrastructure master role. Or, the user who is attempting to change group membership does not have the necessary administrative credentials.

Solution:  Identify the computer holding the infrastructure master role by using the command netdom query fsmo, and then repair or replace the computer holding the infrastructure master role. It may be necessary to seize the infrastructure master role. Or, resolve the network connectivity problem. If this does not help solve the issue, see article Q223787 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=4441).

Receiving "Domain not found," "Server not available," or "RPC server is unavailable" error messages.

Cause:  Name registration or name resolution problem.

Solution:  Verify that Domain Name System (DNS) is available and functioning correctly. Run the Netdiag /debug command on the server in question. This will evaluate the registration of NetBIOS, DNS, and services. If this does not help solve the issue, see article Q265706 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=4441).