From time to time when using the repadmin utility “repadmin /replsum” you may come across the following error
1396 logon failure: The target account name is incorrect.

To fix this issue I have followed this precedure.

Stop the KDC service and set the service to manual
Restart your server
Start the KDC Service and set the service back to automatic

Open a command prompt and run the following commands ( You should use a Domain Admins Account)

netdom resetpwd /server: (replication partner) /userd:\ /
passwordd:”enter password”

Once this has run you should see the following message.

The machine account password for the local machine has been successfully reset.

The command completed successfully.

Reboot your Server.

Finally use repadmin to check the issue has been resolved.

Repadmin /replsum to make sure the secure channel has been fixed

I hope this has helped, and thanks to Sean.

Problem.

When running a DCDIAG report on Windows 2003 Domain Controller which is in a child domain the following error is seen.

Resolution

The error is because DCDIAG is trying to connect to the PDC Emulator in the Parent Domain on port 389UDP. Ensure that any firewall between the root domain controllers and the child domain controllers allows traffic on this port

Problem:
Windows 2003 Domain Controller will not SYNC time correctly when set to NT5DS

Symptoms
If the following registry entries are set to NTP and the PDC Emulator hostname or IP Address respectively then Time synchronizes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

If the following registry entry is set to NT5DS then there are errors in the event logs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

It does not matter what this registry entry is set to because NT5DS means the server should sync time with the PDC Emulator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Errors in the event logs are along the lines of
Warning
The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

Error
The time provider NtpClient is configured to acquire time from one or more time sources; however; none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

Resolution
This is usually caused When you move the FSMO Role : PDC Emulator to a new Domain Controller you will see this error on the previous PDC Emulator.

• Log on to the previous PDC Emulator with admin privileges
• Open a Command Prompt
• Type : w32tm /config /syncfromflags:domhier /reliable:no /update
• Type : net stop time
• Type : net start time

This will set the time service to look to the domain hierarchy rather than itself for a reliable time providerA

OK, so you have implemented Active Directory Sites and Services, the next question is usually “How do I test it is working?”

I do this by running a script which will determine which site the computer you are on can be located in.

In this example I have created my sites and configured them with the respective subnets, then added a new machine to the domain I then log on to the new server and open a command prompt and create a new vbs file (mysite.vbs) and add the following lines of text

Set objADSysInfo = CreateObject(”ADSystemInfo”)
WScript.Echo “Your current site name = ” & objADSysInfo.SiteName

I then run the vbs file using cscript

cscript mysite.vbs

here is the output from the command prompt :-

C:\Documents and Settings\Administrator>cscript mysite.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Your current site name = Site-1

C:\Documents and Settings\Administrator>