JSI Tip 6049. When you run DCdiag.exe on your Windows 2000 domain controller, you receive 'LDAP bind error 31'?

The subject error will occur if the properties of the Domain Controller object in Active Directory are corrupted.

To fix this problem:

1. Open a CMD prompt on the domain controller.

2. Type nltest /sc_change_pwd:<DomainName> and press Enter.

3. Shutdown and restart the computer.

4. Log on with administrative privileges.

5. Open a CMD prompt.

6. Type nltest /sc_change_pwd:<DomainName> and press Enter. If you receive a Not a server trust account error:

A. Install the Windows 2000 Support Tools.

B. Start / Programs / Windows 2000 Support Tools / Tools / ADSI Edit.

C. Expand Domain.

D. Expand DC=<DomainName>,DC=<DomainSuffix>.

E. Expand CN=Domain Controllers.

F. In the right-hand pane, right-click the domain controller object and press Properties.

G. Select the Attributes tab.

H. In the Select a property to view drop-down box, press userAccountControl.

I. Type 532480 into the Edit Attribute text box and press the Set button.

J. Close ADSI Edit.

K. Shutdown and restart your domain controller.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.