Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Windows 2000 AD / NT 4.0 Account Operators

Windows 2000 AD / NT 4.0 Account Operators

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Windows 2000 AD / NT 4.0 Account Operators

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
jake   08-03-2005 at 09:43:14 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

We currently have a windows 2000 AD domain. Our parent company is
still on a NT 4.0 domain structure. We have a 2 way external trust
between us. They needed control over AD account administration so we
added them to the Account Operator group. Everything is working, but
every time they create a new user the get the following error:

Windows cannot verify that the user name is unique because the
following error occurred while contacting the global catalog: Logon
Failure: unknown user name or bad password

Windows will create the user account, but the use can log on only after
the user name is verified to be unique. Make sure the global catalog
is available.

We have 2 domain controllers and both have a copy of the GC.

Any ideas?

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   08-05-2005 at 06:38:19 AM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

"" wrote:
> We currently have a windows 2000 AD domain. Our parent
> company is
> still on a NT 4.0 domain structure. We have a 2 way external
> trust
> between us. They needed control over AD account
> administration so we
> added them to the Account Operator group. Everything is
> working, but
> every time they create a new user the get the following error:
>
> Windows cannot verify that the user name is unique because the
> following error occurred while contacting the global catalog:
> Logon
> Failure: unknown user name or bad password
>
> Windows will create the user account, but the use can log on
> only after
> the user name is verified to be unique. Make sure the global
> catalog
> is available.
>
> We have 2 domain controllers and both have a copy of the GC.
>
> Any ideas?

may sound like a DNS related problem.

Check the event logs of the DCs and run DCDIAG /V on each to what
might wrong

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Activ [...] 04310.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1339966

Reply to Anonymous
jake   08-05-2005 at 12:51:01 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

All of the DC's on our domain passed (cannot speak for our parent
company's DC's). I'm not sure, but believe that there might be a
problem with the way an account from an externally trusted domain
authenticates to our GC when they create a new user via the MMC. We
created a test account on our domain and tested account creation via
MMC and everything worked fine (no errors). I've also tested doing a
standard delegation (not using the Account Operators - Local group) -
same error. Is there an issue with adding accounts to the Account
Operators group from an externally trusted domain?

Reply to jake
Anonymous   08-07-2005 at 01:35:50 PM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

Are you adding acounts or a global group from the external domain?


--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

The pen is mightier than the sword, and considerably easier to write with.
-- Marty Feldman
"Jake" <TerryWikoff@gmail.com> wrote in message
news:1123249861.143440.67010@g14g2000cwa.googlegroups.com...
> All of the DC's on our domain passed (cannot speak for our parent
> company's DC's). I'm not sure, but believe that there might be a
> problem with the way an account from an externally trusted domain
> authenticates to our GC when they create a new user via the MMC. We
> created a test account on our domain and tested account creation via
> MMC and everything worked fine (no errors). I've also tested doing a
> standard delegation (not using the Account Operators - Local group) -
> same error. Is there an issue with adding accounts to the Account
> Operators group from an externally trusted domain?
>

Reply to Anonymous
jake   08-08-2005 at 01:48:10 AM
- 0 +

Archived from groups: microsoft.public.win2000.active_directory (More info?)

 

Just user accounts for now. They will be creating global groups if
needed.

Reply to jake
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Windows 2000 AD / NT 4.0 Account Operators
Go to:

There are 1066 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 2.475 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them