Disconnected Domain Controllers- Here’s the Solution
Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers”
An introduction – Domain Controllers
The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access.
Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used.
The issue – Disconnected Domain Controllers in Windows Server Essential 2016
After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error of disconnected domain controllers.
- Lack of network connectivity
- Missing DNS entries
- Root hits missing or resolution issue
- PCNS issue
- PCNS target missing
- Time synchronization issue
- Integration break between an on-premise server with O365 in Server Essential
If the PCNS (Password Change Notification Service) Target is missing:
- Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service
- The attribute field would be empty (If it exits take back up & delete it)
- Navigate to the path:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\SchCache and rename the *.sch files
- Navigate to the path %LOCALAPPDATA%\Microsoft\Windows\SchCache and rename the *.sch files
- Restart the Password Change Notification Service
Go to path C:\Program Files\Microsoft Password Change Notification
Then, open Command Prompt,
Add PCNS target manually by running the below command:
“C:\Program Files\Microsoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”
- Now PCNS Target should be added successfully
- Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command
Now the disconnected domain controller alert should be resolved.
We keep uploading new blogs quite frequently on our website- keep an eye out for those.
Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.