| Event Id | 2087 |
| Source | NTDS Replication |
| Description | Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. |
| Event Information | According to Microsoft: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controllers metadata with ntdsutil.exe. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controllers host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE. 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns. |
| Reference Links | Troubleshooting Active Directory replication failures that occur because of DNS lookup failures, event ID 2087, or event ID 2088 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.