The Current DC Is Not In The Domain Controller's OU

AIS Monitoring Platform has discovered that the Domain Controller Diagnostic test for MachineAccount check failed with error local machine account is missing. This indicates that the current DC is not in the domain controller’s OU. These issues may occur if the computer account is not updated correctly during the domain controller promotion procedure (Dcpromo). The problem may occur if domain controllers were moved from their original organizational unit to a child organizational unit of the Domain Controllers organizational unit. The machineaccount test of the Dcdiag tool performs a Lightweight Directory Access Protocol (LDAP) query with a scope that is set to LDAP_SCOPE_ONELEVEL to verify that the computer account of the domain controller is present in the Domain Controller organizational unit. If the domain controller is moved to a child organizational unit, the test fails.

Sections on this page

Last modified April 17, 2020