Sign in with
Sign up | Sign in
Your question

Newly created AD users cannot login

Last response: in Windows 2000/NT
Share
Anonymous
March 17, 2005 2:19:03 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Windows 2000 sp3 PDC (one BDC and one member server exists)
Over the last week or so, any newly created user in Active Directory is
unable to login. All other users that have already been created can login
fine.

Any change to the new accounts does not seem to replicate (rename, etc);
however I can change the password on other established accounts and it works
fine.

The PDC was restarted and the new users could log in but the problem came
back the next day.

I looked at Replication monitor and the only error is to the BDC stating DSA
operation is unable to proceed because of DNS lookup failure. The PDC itself
shows Server has seen all changes for this directory partition through USN:
xxxxx

Event viewer on the PDC shows an eventid 5774 about registering a DNS record
failing because DNS name does not exist.

Basically, it seems that the PDC isn't replicating its own changes.

Any help would be appreciated.
Anonymous
March 17, 2005 11:29:47 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
This seems to be a DNS issue.
Ensure all clients/servers and domain controllers within your domain has
there TCP/IP DNS Servers, set to the server hosting dns for your active
directory, it should be one of the domain controllers. Use nslookup to
troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
answers. as well try e.g ocp.domainname.com , verify you get the name
resolved successfully

Active Directory is depended on DNS.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> Windows 2000 sp3 PDC (one BDC and one member server exists)
> Over the last week or so, any newly created user in Active Directory is
> unable to login. All other users that have already been created can login
> fine.
>
> Any change to the new accounts does not seem to replicate (rename, etc);
> however I can change the password on other established accounts and it
> works
> fine.
>
> The PDC was restarted and the new users could log in but the problem came
> back the next day.
>
> I looked at Replication monitor and the only error is to the BDC stating
> DSA
> operation is unable to proceed because of DNS lookup failure. The PDC
> itself
> shows Server has seen all changes for this directory partition through
> USN:
> xxxxx
>
> Event viewer on the PDC shows an eventid 5774 about registering a DNS
> record
> failing because DNS name does not exist.
>
> Basically, it seems that the PDC isn't replicating its own changes.
>
> Any help would be appreciated.
Anonymous
March 17, 2005 11:29:48 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

All tried all of your suggestions (nslookup) and the DC replied or resolved
each time. Is there a utility I can run to check the DNS configuration?

"Chriss3 [MVP]" wrote:

> Hello,
> This seems to be a DNS issue.
> Ensure all clients/servers and domain controllers within your domain has
> there TCP/IP DNS Servers, set to the server hosting dns for your active
> directory, it should be one of the domain controllers. Use nslookup to
> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
> answers. as well try e.g ocp.domainname.com , verify you get the name
> resolved successfully
>
> Active Directory is depended on DNS.
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> > Windows 2000 sp3 PDC (one BDC and one member server exists)
> > Over the last week or so, any newly created user in Active Directory is
> > unable to login. All other users that have already been created can login
> > fine.
> >
> > Any change to the new accounts does not seem to replicate (rename, etc);
> > however I can change the password on other established accounts and it
> > works
> > fine.
> >
> > The PDC was restarted and the new users could log in but the problem came
> > back the next day.
> >
> > I looked at Replication monitor and the only error is to the BDC stating
> > DSA
> > operation is unable to proceed because of DNS lookup failure. The PDC
> > itself
> > shows Server has seen all changes for this directory partition through
> > USN:
> > xxxxx
> >
> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
> > record
> > failing because DNS name does not exist.
> >
> > Basically, it seems that the PDC isn't replicating its own changes.
> >
> > Any help would be appreciated.
>
>
>
Anonymous
March 18, 2005 2:43:36 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Not really,
But you could use:
nltest /DSQUERYDNS
To verify DC Specific records.
nltest is included within Windows Support Tools found on your Windows Server
CD.


--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3BB46BF1-2EEF-47B7-B123-6EBD88BE32E0@microsoft.com...
> All tried all of your suggestions (nslookup) and the DC replied or
> resolved
> each time. Is there a utility I can run to check the DNS configuration?
>
> "Chriss3 [MVP]" wrote:
>
>> Hello,
>> This seems to be a DNS issue.
>> Ensure all clients/servers and domain controllers within your domain has
>> there TCP/IP DNS Servers, set to the server hosting dns for your active
>> directory, it should be one of the domain controllers. Use nslookup to
>> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
>> answers. as well try e.g ocp.domainname.com , verify you get the name
>> resolved successfully
>>
>> Active Directory is depended on DNS.
>>
>> --
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Tips
>>
>> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
>> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
>> > Windows 2000 sp3 PDC (one BDC and one member server exists)
>> > Over the last week or so, any newly created user in Active Directory is
>> > unable to login. All other users that have already been created can
>> > login
>> > fine.
>> >
>> > Any change to the new accounts does not seem to replicate (rename,
>> > etc);
>> > however I can change the password on other established accounts and it
>> > works
>> > fine.
>> >
>> > The PDC was restarted and the new users could log in but the problem
>> > came
>> > back the next day.
>> >
>> > I looked at Replication monitor and the only error is to the BDC
>> > stating
>> > DSA
>> > operation is unable to proceed because of DNS lookup failure. The PDC
>> > itself
>> > shows Server has seen all changes for this directory partition through
>> > USN:
>> > xxxxx
>> >
>> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
>> > record
>> > failing because DNS name does not exist.
>> >
>> > Basically, it seems that the PDC isn't replicating its own changes.
>> >
>> > Any help would be appreciated.
>>
>>
>>
!