Disconnected Domain Controllers – Here’s the Solution

Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers” 

An introduction – Domain Controllers

The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access. 

Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used. 

The issue – Disconnected Domain Controllers in Windows Server Essential 2016

After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error of disconnected domain controllers.

Possible Causes 

• Lack of network connectivity 
• Missing DNS entries 
• Root hits missing or resolution issue 
• PCNS issue 
• PCNS target missing 
• Time synchronization issue 
• Integration break between an on-premise server with O365 in Server Essential 

If the PCNS (Password Change Notification Service) Target is missing: 

• Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service
  
  
  
• The attribute field would be empty (If it exits take back up & delete it)
• Navigate to the path:
  C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsSchCache and rename the *.sch files
  
  
• Navigate to the path %LOCALAPPDATA%MicrosoftWindowsSchCache and rename the *.sch files
  
• Restart the Password Change Notification Service

 

 

Now, 

Go to path C:Program FilesMicrosoft Password Change Notification

Then, open Command Prompt,

 

Add PCNS target manually by running the below command:

“C:Program FilesMicrosoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”

 

• Now PCNS Target should be added successfully
• Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command
  
  
  Now the disconnected domain controller alert should be resolved. 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.