Do a DCDIAG with the /e /i switches and look closely at the results. You should be seeing something there.
Also do a repadmin /showrepl Chris Bodnar, MCSE, MCITP Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: "Phil Hershey" <phers...@agia.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 03/30/2011 03:26 PM Subject: RE: Group Enumeration Issue Tried promoting from global to universal, but it didn’t help we apparently have bigger AD issues, symptoms of which are starting to bubble up. No events in security event log, although the Default Domain Controller audit policy clearly as logon events, account logon events and other items set to monitor both successful and failed events. (Tried to reply multiple times this morning, but kept being rejected by the list server for send an attachment, although there was never one.) From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, March 29, 2011 2:53 PM To: NT System Admin Issues Subject: RE: Group Enumeration Issue Promote it. Sent from my HTC Tilt 2, a Windows phone from AT&T From: Phil Hershey <phers...@agia.com> Sent: Tuesday, March 29, 2011 5:27 PM To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Subject: RE: Group Enumeration Issue Hi, Michael. Global distribution. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, March 29, 2011 2:23 PM To: NT System Admin Issues Subject: RE: Group Enumeration Issue What kind of group? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Phil Hershey [mailto:phers...@agia.com] Sent: Tuesday, March 29, 2011 4:59 PM To: NT System Admin Issues Subject: Group Enumeration Issue Odd problem that has just cropped up. Domain with 4 DC’s in 2 sites that are T3 connected, only about 350 users, native 2003 mode. We have a problem with resolving the members of a single one of our ~100 distribution groups. The server that holds all but one of the FSMO roles correctly shows all the member groups and users for this DL. If I go to the Members tab for this DL on any of the other DCs, the members box is empty. However if you try and add one of the groups or users that is actually already in this DL, you get a ‘account name is already a member of the local group’ error. REPLMON shows all successful replications, and a REPADMIN /syncall DC /force all shows completion without errors. Seems like we’ve got a problem with versioning on the DCs. They’re all Server 2003 32-bit Std Edition and fully patched. Any ideas? Thanks. Phil Hershey MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010 AGIA Insurance Services ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin