2

In Active Directory, I have a domain (dc=ABC,dc=DEF). I expect the domain to be ABC.DEF

However, if I use the command

nltest /dsgetdc:ABC

Sometimes I get ERROR_NO_SUCH_DOMAIN (the expected answer), sometimes I get the returned domain as ABC and sometimes I get the return domain as ABC.DEF

Can you AD experts please indicate how this request for a partially qualified domain should respond.

The reason I ask is that sometimes SQL Server will report a login failure for ABC\SomeUser and sometimes it works fine. I would expect that it would always fail and that the user must be ABC.DEC\SomeUser or SomeUser@ABC.DEF

Any insights here please?

Anders R. Bystrup
  • 127
  • 9
Dave
  • 121
  • 3
  • The first obvious problem is that you have [at least one component missing](http://serverfault.com/q/76715/126632) from your chosen AD name. – Michael Hampton Mar 18 '16 at 13:47
  • Thank you for responding Michael. Can you elaborate please. I am not the AD guy, just the developer dealing with the fallout. – Dave Mar 18 '16 at 14:01
  • I think what you are saying is that having an AD name (DC=ABC,DC=DEF) and the same in DNS is wrong and might cause the issues I am seeing. So the AD name needs to be further distinguished like (DC=ABC,DC=DEF,DC=local) or some such? – Dave Mar 18 '16 at 14:21

1 Answers1

1

When running nltest: /dsgetdc: you can specify the NetBIOS name of the domain or you can use the FQDN of the domain. Both are perfectly valid. The AD domain has both a NetBIOS name (ABC) and an FQDN (ABC.DEF). Both are perfectly valid. Part of the problem is that you don't have enough knowledge of AD to understand when you're seeing a problem and when you're not. You'll need to do some reading and learning.

A user may authenticate as either ABC\SomeUser or as SomeUser@domain.tld.

Seeing the authentication to SQL Server as NetBIOSdomainName\Username is perfectly valid.

You're problem isn't with AD. At least not based on the reasons you think it is.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Thank you joeqwenty. So if the NETBIOS name is used and nltest: /dsgetdc: returns ERROR_NO_SUCH_DOMAIN this would indicate what? That WINS failed temporarily to resolve the NETBIOS name? – Dave Mar 18 '16 at 14:36
  • When you run nltest with the FQDN, DNS is used to locate a DC. When you run nltest with the NetBIOS name, the computer Browser service is used to locate a DC. The computer Browser service does make use of WINS, so that failure could point to a problem with WINS, but hopefully you're not using WINS. I would suggest starting by running the AD DS and DNS best practice wizards on your Domain Controllers and run dcdiag as well. All that being said, I don't think your SQL problem is related to AD. – joeqwerty Mar 18 '16 at 14:46