object picker cannot open problem

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
we're trying to add a group to a user in active directory.
Our domain is 2003 but we're using windows 2000 prof. and windows 2000
tools. Our system adm. is telling us that the problem is about
connecting windows 2003 domain with 2000 tools. I don't believe him and
I'm trying to prove the real cause.
When I open the user's details and choose "member of" and click on
"add" I get the following error:
"Object picker cannot open because no locations from which to choose
objects could be found. " and after clicking ok "parameter incorrect"

I've found in the technet following articles:
816818
--------------------------------------------------------
In our domain reaching the registry with 3rd party softwares is
disabled from policy.
and remote registry services are working on all dcs. But we can't
connect to dcs registries with regedit
we get the following error:
"Unable to connect to xxxdc. Make sure that this computer is on the
network has remote administration enabled, and that both computers are
running the remote registry service"

the computer is on the network, I don't know where to check remote
administration and the remote registry service are running on both
computers.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
284914
-----------------------------------------------------------------
Remote registry services are started on both dc's and our computers
But we can't reach the dc registries from our computers as aI stated
above. And we got no error if We connect from active directory and
users mmc to the operations master as stated in this KB
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
263231
----------------------------------------------------------------
It's about adapters and bindings most used most be on top
checked that and LAN adapters are on top
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
842715
----------------------------------------------------------------
Missing shares (c$ admin$ ipc$)
These shares exist on dcs. But access denied for ipc$ I don't know if
it's normal
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I am quiet sure that this is not a windows 2000 adminpak problem.
Please help me to resolve this issue
Thank you
Ermanu
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

If you are running the Windows 2000 Administration Tools on a Windows 2000
PC (or server) then you *can* administer a 2003 domain. The only issue is
that you cannot add (install) the 2000 tools to XP or 2003, or the 2003
tools to 2000.

This sounds like a DNS problem. The picker calls a DC or GC (depending on
query type, i.e. Entire Directory is GC, domain is DC). Look to DNS as the
issue:

-- All domain members are DNS clients and therefore *must* point to the
internal DNS server that is authorative for the AD namespace.
-- All domain members require the DHCP Client, NetBIOS over TCP/IP Helper
services running -regardless of whether or not they're DHCP clients.

Look at installing the support tools and running netdiag and dcdiag against
the DCs. Also, run nltest and nslookup from the workstations to see if
there's an issue there.

Note. Ping and standard A and/ or PTR records do not prove DNS is working
(fully). You must test the SRV records for
_ldap._tcp.dc._msdcs.domain-name.com. In nslookup you must set the type to
SRV first (set type=srv).


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/