question

raminsa-6505 avatar image
0 Votes"
raminsa-6505 asked DSPatrick commented

Global catalog error

Hi dear expert

when try to create new user on active directory 2016 we get below error


windows cannot verify that the user name is unique because the following error occurred while contacting the global catalog:
The server is not operational.
Windows will create this user account, but the user can log on only after the user name is verified to be unique.Make sure the global
catalog is available. For more information about troubleshooting this issue, see windows help

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello Raminsa,

It seems that for some reason the computer where you are creating the user can't contact a GC.

you can check the list of GCs available with the command> dsquery server -domain DomainName | dsget server -isgc -dnsname
then you can ping them to check connectivity and telnet (gchostname:3268 or use PortQry (https://www.microsoft.com/en-us/download/details.aspx?id=17148) to test the connectivity on port 3268 (Global catalog communication) for that machines.

hope this helps in your case,
Best regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txt

then put unzipped text files up on OneDrive and share a link.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

raminsa-6505 avatar image
0 Votes"
raminsa-6505 answered DSPatrick commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Missing the dc1 files, also looks like the user account did not have enough permissions to run dcdiag. May also need to perform some cleanup. Chech the event logs for more details.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

If problem persist then put up a new set of files to look at.

--please don't forget to upvote and Accept as answer if the reply is helpful--








0 Votes 0 ·