Active Directory

A DC has failed (hardware, OS, NTDS corruption, or network isolation). The danger isn't the failure — it's the recovery shortcut that breaks the rest of the forest.

Original FSMO holder is unrecoverable. Seize roles to restore directory operations — and ensure the original DC never returns.

Microsoft's April 2026 Kerberos RC4 hardening Phase 2 enforces AES-only Kerberos ticket encryption on domain-joined Windows clients and Server Domain Controllers, rejecting RC4-HMAC by default. Servi…

Domain controllers are not replicating, or a decommissioned DC has left stale metadata in Active Directory. Changes made on one DC do not appear on others; stale DC objects cause replication errors,…

Policy changes reach the domain but never appear on clients — or apply inconsistently. Diagnose: link, scope, filter, processing, replication.

SYSVOL is not replicating between DCs — Group Policy and login scripts diverge across the domain. DFSR replaced FRS years ago; recovery still goes wrong regularly.

A domain user on Windows 8 or later needs to view both direct members and nested groups within an Active Directory Security Group but lacks domain admin privileges and access to standard AD managemen…

Domain-joined Windows 10/11 workstations stop applying computer and user Group Policy Objects when the Netlogon secure channel between the local machine account password and Active Directory falls ou…

When troubleshooting Group Policy application, authentication failures, or AD replication issues, it is often necessary to determine which Domain Controller handled a user's logon session. The built-…

The 'net user' command queries the local SAM by default and does not accept 'DOMAIN\user' syntax, so attempts to enumerate Active Directory group memberships fail. Appending the '/domain' switch with…

A Windows Server 2008 R2 Domain Controller incorrectly identifies its network connection as a Public Network at startup, causing Windows Firewall to apply the Public profile instead of the Domain pro…

Windows Server 2008 Domain Controllers hosted on vSphere exhibited cyclic 80–100% CPU spikes every 2–3 seconds traced to the EventLog service (svchost.exe). The root cause was the Security Event Log…

Active Directory-integrated DNS zones on Windows Server 2016/2019/2022 Domain Controllers refuse dynamic updates from clients and DHCP nodes, logging Event ID 4015 ('directory service threw a critica…

Windows 10 clients fail to install printer drivers deployed via Group Policy Preferences with error 0x80070bcb after security update KB3170455 (MS16-087) is applied. The update blocks silent installa…

Following a SQL Server migration where the new server was renamed to match the old one, Kerberos authentication silently falls back to NTLM because a conflicting MSSQLSvc SPN remains registered under…

When a Domain Controller fails to register or maintain its AD-specific DNS records (SRV, CNAME, A) in DNS zones such as _msdcs, _tcp, _udp, and _sites, clients lose the ability to locate domain contr…

When no Domain Controller in the environment can authenticate or authorize users, all domain-joined logins fail with 'No logon servers available' errors, and AD-dependent applications cease to functi…

Windows Server 2025 domains are vulnerable to a credential extraction technique called 'dMSA Ouroboros' that abuses delegated Managed Service Account permissions to extract privileged credentials wit…

Windows Server domain controllers (2016, 2019, 2022, 2025) enter a continuous reboot loop after installing the April 2026 cumulative or security updates, rendering Active Directory services unavailab…

Users cannot access SMB file shares using the server FQDN (e.g., \\fileserver.domain.local\share) and receive 'Access Denied' or 'Network path not found' errors, while direct IP access works normally…

Users receive 'Access Denied' or 'Network Path Not Found' when accessing SMB shares via FQDN (e.g., \\fileserver.domain.local\share) while direct IP access works normally. The root cause is Kerberos…

Active Directory-integrated DNS zones refuse dynamic updates from clients and DHCP nodes, logging Event ID 4015 ('directory service threw a critical error') on Domain Controllers. The root cause is l…