Right now my active directory is failing a dcdiag test. I can find no info online about this error.
When I run dcdiag /test:crossrefvalidation, I get the output:
....
Doing primary tests
Testing server: Default-First-Site-Name\ad01
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running partition tests on : t
Starting test: CrossRefValidation
This cross-ref has a non-standard dNSRoot attribute.
Cross-ref DN:
CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration,
DC=mydomain,DC=com
nCName attribute (Partition name): DC=t
Bad dNSRoot attribute: dc01.mydomain.com
Check with your network administrator to make sure this dNSRoot
attribute is correct, and if not please change the attribute to the
value below.
dNSRoot should be: t
It appears this partition (DC=t) failed to get completely created.
This cross-ref
(CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configurat
ion,DC=mydomain,DC=com)
is dead and should be removed from the Active Directory.
......................... t failed test CrossRefValidation
....
I used the LDP tool from the windows support tools. I searched for the dnsRoot attribute in "cn=partitions,cn=configuration,dc=mydomain,dc=com", with the filter "(&(objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))"
I got the result:
***Searching...
ldap_search_s(ld, "cn=partitions,CN=Configuration,DC=mydomain,DC=com", 1, "(&
(objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 3 entries:
>> Dn: CN=65502be3-fc90-442a-83d8-4b3b91e82439,CN=Partitions,CN=Configuration,DC=mydomain,DC=com
1> dnsRoot: ForestDnsZones.mydomain.com;
>> Dn: CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration,DC=mydomain,DC=com
1> dnsRoot: ad01.mydomain.com;
>> Dn: CN=f0ef5771-6225-4984-acd9-c08f582eb4e2,CN=Partitions,CN=Configuration,DC=mydomain,DC=com
1> dnsRoot: DomainDnsZones.mydomain.com;
It looks like the bad partition has the name of my first domain controller 'ad01.mydomain.com'.
I have googled for a while and have not been able to find any help or documentation about application partitions in Active Directory.
Does anyone have any advice on how to cleanup this partition (or what the partition is for)?
Does anyone know the repercussions for deleting this partition?
Fire up your trusty ADSIEdit (adsiedit.msc, it's in the support tools) and connect to the Configuration context of your domain, then "Partitions"; there you should have five entries (assuming the domain name is "domain.com"):
Anything else is useless, unless you explicitly created a directory partition for it; in a standard AD setup there isn't anything else there. If one of these entries is missing, you're in troubles.
You should also find your spurious partition there; it should be safe to delete it.
Just to be on the safe side, it would be a good idea to take a proper AD backup (i.e. a DC's system state) before deleting it.