Newly created AD users cannot login
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Windows 2000 sp3 PDC (one BDC and one member server exists)
Over the last week or so, any newly created user in Active Directory is
unable to login. All other users that have already been created can login
fine.
Any change to the new accounts does not seem to replicate (rename, etc);
however I can change the password on other established accounts and it works
fine.
The PDC was restarted and the new users could log in but the problem came
back the next day.
I looked at Replication monitor and the only error is to the BDC stating DSA
operation is unable to proceed because of DNS lookup failure. The PDC itself
shows Server has seen all changes for this directory partition through USN:
xxxxx
Event viewer on the PDC shows an eventid 5774 about registering a DNS record
failing because DNS name does not exist.
Basically, it seems that the PDC isn't replicating its own changes.
Any help would be appreciated.
Windows 2000 sp3 PDC (one BDC and one member server exists)
Over the last week or so, any newly created user in Active Directory is
unable to login. All other users that have already been created can login
fine.
Any change to the new accounts does not seem to replicate (rename, etc);
however I can change the password on other established accounts and it works
fine.
The PDC was restarted and the new users could log in but the problem came
back the next day.
I looked at Replication monitor and the only error is to the BDC stating DSA
operation is unable to proceed because of DNS lookup failure. The PDC itself
shows Server has seen all changes for this directory partition through USN:
xxxxx
Event viewer on the PDC shows an eventid 5774 about registering a DNS record
failing because DNS name does not exist.
Basically, it seems that the PDC isn't replicating its own changes.
Any help would be appreciated.
More about : newly created users login
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hello,
This seems to be a DNS issue.
Ensure all clients/servers and domain controllers within your domain has
there TCP/IP DNS Servers, set to the server hosting dns for your active
directory, it should be one of the domain controllers. Use nslookup to
troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
answers. as well try e.g ocp.domainname.com , verify you get the name
resolved successfully
Active Directory is depended on DNS.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> Windows 2000 sp3 PDC (one BDC and one member server exists)
> Over the last week or so, any newly created user in Active Directory is
> unable to login. All other users that have already been created can login
> fine.
>
> Any change to the new accounts does not seem to replicate (rename, etc);
> however I can change the password on other established accounts and it
> works
> fine.
>
> The PDC was restarted and the new users could log in but the problem came
> back the next day.
>
> I looked at Replication monitor and the only error is to the BDC stating
> DSA
> operation is unable to proceed because of DNS lookup failure. The PDC
> itself
> shows Server has seen all changes for this directory partition through
> USN:
> xxxxx
>
> Event viewer on the PDC shows an eventid 5774 about registering a DNS
> record
> failing because DNS name does not exist.
>
> Basically, it seems that the PDC isn't replicating its own changes.
>
> Any help would be appreciated.
Hello,
This seems to be a DNS issue.
Ensure all clients/servers and domain controllers within your domain has
there TCP/IP DNS Servers, set to the server hosting dns for your active
directory, it should be one of the domain controllers. Use nslookup to
troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
answers. as well try e.g ocp.domainname.com , verify you get the name
resolved successfully
Active Directory is depended on DNS.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> Windows 2000 sp3 PDC (one BDC and one member server exists)
> Over the last week or so, any newly created user in Active Directory is
> unable to login. All other users that have already been created can login
> fine.
>
> Any change to the new accounts does not seem to replicate (rename, etc);
> however I can change the password on other established accounts and it
> works
> fine.
>
> The PDC was restarted and the new users could log in but the problem came
> back the next day.
>
> I looked at Replication monitor and the only error is to the BDC stating
> DSA
> operation is unable to proceed because of DNS lookup failure. The PDC
> itself
> shows Server has seen all changes for this directory partition through
> USN:
> xxxxx
>
> Event viewer on the PDC shows an eventid 5774 about registering a DNS
> record
> failing because DNS name does not exist.
>
> Basically, it seems that the PDC isn't replicating its own changes.
>
> Any help would be appreciated.
Archived from groups: microsoft.public.win2000.active_directory (More info?)
All tried all of your suggestions (nslookup) and the DC replied or resolved
each time. Is there a utility I can run to check the DNS configuration?
"Chriss3 [MVP]" wrote:
> Hello,
> This seems to be a DNS issue.
> Ensure all clients/servers and domain controllers within your domain has
> there TCP/IP DNS Servers, set to the server hosting dns for your active
> directory, it should be one of the domain controllers. Use nslookup to
> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
> answers. as well try e.g ocp.domainname.com , verify you get the name
> resolved successfully
>
> Active Directory is depended on DNS.
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> > Windows 2000 sp3 PDC (one BDC and one member server exists)
> > Over the last week or so, any newly created user in Active Directory is
> > unable to login. All other users that have already been created can login
> > fine.
> >
> > Any change to the new accounts does not seem to replicate (rename, etc);
> > however I can change the password on other established accounts and it
> > works
> > fine.
> >
> > The PDC was restarted and the new users could log in but the problem came
> > back the next day.
> >
> > I looked at Replication monitor and the only error is to the BDC stating
> > DSA
> > operation is unable to proceed because of DNS lookup failure. The PDC
> > itself
> > shows Server has seen all changes for this directory partition through
> > USN:
> > xxxxx
> >
> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
> > record
> > failing because DNS name does not exist.
> >
> > Basically, it seems that the PDC isn't replicating its own changes.
> >
> > Any help would be appreciated.
>
>
>
All tried all of your suggestions (nslookup) and the DC replied or resolved
each time. Is there a utility I can run to check the DNS configuration?
"Chriss3 [MVP]" wrote:
> Hello,
> This seems to be a DNS issue.
> Ensure all clients/servers and domain controllers within your domain has
> there TCP/IP DNS Servers, set to the server hosting dns for your active
> directory, it should be one of the domain controllers. Use nslookup to
> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
> answers. as well try e.g ocp.domainname.com , verify you get the name
> resolved successfully
>
> Active Directory is depended on DNS.
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
> > Windows 2000 sp3 PDC (one BDC and one member server exists)
> > Over the last week or so, any newly created user in Active Directory is
> > unable to login. All other users that have already been created can login
> > fine.
> >
> > Any change to the new accounts does not seem to replicate (rename, etc);
> > however I can change the password on other established accounts and it
> > works
> > fine.
> >
> > The PDC was restarted and the new users could log in but the problem came
> > back the next day.
> >
> > I looked at Replication monitor and the only error is to the BDC stating
> > DSA
> > operation is unable to proceed because of DNS lookup failure. The PDC
> > itself
> > shows Server has seen all changes for this directory partition through
> > USN:
> > xxxxx
> >
> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
> > record
> > failing because DNS name does not exist.
> >
> > Basically, it seems that the PDC isn't replicating its own changes.
> >
> > Any help would be appreciated.
>
>
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Not really,
But you could use:
nltest /DSQUERYDNS
To verify DC Specific records.
nltest is included within Windows Support Tools found on your Windows Server
CD.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3BB46BF1-2EEF-47B7-B123-6EBD88BE32E0@microsoft.com...
> All tried all of your suggestions (nslookup) and the DC replied or
> resolved
> each time. Is there a utility I can run to check the DNS configuration?
>
> "Chriss3 [MVP]" wrote:
>
>> Hello,
>> This seems to be a DNS issue.
>> Ensure all clients/servers and domain controllers within your domain has
>> there TCP/IP DNS Servers, set to the server hosting dns for your active
>> directory, it should be one of the domain controllers. Use nslookup to
>> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
>> answers. as well try e.g ocp.domainname.com , verify you get the name
>> resolved successfully
>>
>> Active Directory is depended on DNS.
>>
>> --
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Tips
>>
>> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
>> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
>> > Windows 2000 sp3 PDC (one BDC and one member server exists)
>> > Over the last week or so, any newly created user in Active Directory is
>> > unable to login. All other users that have already been created can
>> > login
>> > fine.
>> >
>> > Any change to the new accounts does not seem to replicate (rename,
>> > etc);
>> > however I can change the password on other established accounts and it
>> > works
>> > fine.
>> >
>> > The PDC was restarted and the new users could log in but the problem
>> > came
>> > back the next day.
>> >
>> > I looked at Replication monitor and the only error is to the BDC
>> > stating
>> > DSA
>> > operation is unable to proceed because of DNS lookup failure. The PDC
>> > itself
>> > shows Server has seen all changes for this directory partition through
>> > USN:
>> > xxxxx
>> >
>> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
>> > record
>> > failing because DNS name does not exist.
>> >
>> > Basically, it seems that the PDC isn't replicating its own changes.
>> >
>> > Any help would be appreciated.
>>
>>
>>
Not really,
But you could use:
nltest /DSQUERYDNS
To verify DC Specific records.
nltest is included within Windows Support Tools found on your Windows Server
CD.
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
news:3BB46BF1-2EEF-47B7-B123-6EBD88BE32E0@microsoft.com...
> All tried all of your suggestions (nslookup) and the DC replied or
> resolved
> each time. Is there a utility I can run to check the DNS configuration?
>
> "Chriss3 [MVP]" wrote:
>
>> Hello,
>> This seems to be a DNS issue.
>> Ensure all clients/servers and domain controllers within your domain has
>> there TCP/IP DNS Servers, set to the server hosting dns for your active
>> directory, it should be one of the domain controllers. Use nslookup to
>> troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
>> answers. as well try e.g ocp.domainname.com , verify you get the name
>> resolved successfully
>>
>> Active Directory is depended on DNS.
>>
>> --
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Tips
>>
>> "draper25" <draper25@discussions.microsoft.com> skrev i meddelandet
>> news:3A026161-255F-4D2F-BC13-ACD36F88EE3E@microsoft.com...
>> > Windows 2000 sp3 PDC (one BDC and one member server exists)
>> > Over the last week or so, any newly created user in Active Directory is
>> > unable to login. All other users that have already been created can
>> > login
>> > fine.
>> >
>> > Any change to the new accounts does not seem to replicate (rename,
>> > etc);
>> > however I can change the password on other established accounts and it
>> > works
>> > fine.
>> >
>> > The PDC was restarted and the new users could log in but the problem
>> > came
>> > back the next day.
>> >
>> > I looked at Replication monitor and the only error is to the BDC
>> > stating
>> > DSA
>> > operation is unable to proceed because of DNS lookup failure. The PDC
>> > itself
>> > shows Server has seen all changes for this directory partition through
>> > USN:
>> > xxxxx
>> >
>> > Event viewer on the PDC shows an eventid 5774 about registering a DNS
>> > record
>> > failing because DNS name does not exist.
>> >
>> > Basically, it seems that the PDC isn't replicating its own changes.
>> >
>> > Any help would be appreciated.
>>
>>
>>
Related ressources:
- ForumNewly Created User Doesn't work
- ForumTerminal Services Login Problem
- ForumLogin to a domain in windows 7 Home Premium
- ForumIs every user a member of Users ?
- ForumHow to fix black screen of death windows 7 before login
- ForumCannot login from Linux client using SFU 3.5
- ForumWinXP hangs during login in domain user or logout as local..
- ForumWhat is the Best way to give AD domain User -x right to con..
- ForumDelegated Users cannot delete computer from Doamin in AD
- ForumWindows Server 2003 Domain Crashed - No backup!
- ForumCreating a Login for Internet Usage
- ForumHow to Auto- Login to server in a network
- ForumCant add new users in Windows XP SP2
- ForumCannot access local printer through Remote Desktop
- Forumuser account cannot be "deleted"
- ForumAdministrator Login Problem
- ForumParallel and com ports not appearing in device manager
- ForumNew users default Internet Explorer Connection settings
- Forumscript check users
- ForumWindows active directory, listing users applications/proce..
- More resources
!
