User Access
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I have inherited a small school with many problems. They are running 2003
Server and have 2000Pro Desktops.
I can add users and computers to the domain (at the server) with no problem.
I can join computers to the domain with no problem. However, when adding user
to the administrator group on the local machine, I have problems. I can
choose the correct domain from the drop down box at the to and then
authenticate to the domain. But when I choose the user I want to add and
select apply or OK, I get an error message that the domain does not exist or
cannot be contacted.
Why? I can see the domain and it's users!
Any insight on this would be helpful.
I have inherited a small school with many problems. They are running 2003
Server and have 2000Pro Desktops.
I can add users and computers to the domain (at the server) with no problem.
I can join computers to the domain with no problem. However, when adding user
to the administrator group on the local machine, I have problems. I can
choose the correct domain from the drop down box at the to and then
authenticate to the domain. But when I choose the user I want to add and
select apply or OK, I get an error message that the domain does not exist or
cannot be contacted.
Why? I can see the domain and it's users!
Any insight on this would be helpful.
More about : user access
Archived from groups: microsoft.public.win2000.security (More info?)
The first thing I would check is to make sure that dns is configured
correctly in the domain with the biggest problem being that ISP dns servers
are in the list of preferred dns servers for domain computers as shown via
Ipconfig /all. See the link below for more details.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
Also check Event Viewer on the domain controllers and the domain computer
where you are having a problem doing this. There are a few invaluable
support tools such as netdiag and dcdiag that can be installed from the
install cdrom in the support/tools folder. I would run netdiag on the domain
computer where you are having a problem and in particular look for
errors/warnings/failed tests for dc discovery, dns, kerberos, and
trust/secure channel that would help troubleshoot the problem. Most
problems are related to improper dns configuration in the domain. --- Steve
"Fergie" <Fergie@discussions.microsoft.com> wrote in message
news:C9321F12-6912-4F85-A245-55035015BD77@microsoft.com...
>I have inherited a small school with many problems. They are running 2003
> Server and have 2000Pro Desktops.
> I can add users and computers to the domain (at the server) with no
> problem.
> I can join computers to the domain with no problem. However, when adding
> user
> to the administrator group on the local machine, I have problems. I can
> choose the correct domain from the drop down box at the to and then
> authenticate to the domain. But when I choose the user I want to add and
> select apply or OK, I get an error message that the domain does not exist
> or
> cannot be contacted.
> Why? I can see the domain and it's users!
>
> Any insight on this would be helpful.
The first thing I would check is to make sure that dns is configured
correctly in the domain with the biggest problem being that ISP dns servers
are in the list of preferred dns servers for domain computers as shown via
Ipconfig /all. See the link below for more details.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-...
Also check Event Viewer on the domain controllers and the domain computer
where you are having a problem doing this. There are a few invaluable
support tools such as netdiag and dcdiag that can be installed from the
install cdrom in the support/tools folder. I would run netdiag on the domain
computer where you are having a problem and in particular look for
errors/warnings/failed tests for dc discovery, dns, kerberos, and
trust/secure channel that would help troubleshoot the problem. Most
problems are related to improper dns configuration in the domain. --- Steve
"Fergie" <Fergie@discussions.microsoft.com> wrote in message
news:C9321F12-6912-4F85-A245-55035015BD77@microsoft.com...
>I have inherited a small school with many problems. They are running 2003
> Server and have 2000Pro Desktops.
> I can add users and computers to the domain (at the server) with no
> problem.
> I can join computers to the domain with no problem. However, when adding
> user
> to the administrator group on the local machine, I have problems. I can
> choose the correct domain from the drop down box at the to and then
> authenticate to the domain. But when I choose the user I want to add and
> select apply or OK, I get an error message that the domain does not exist
> or
> cannot be contacted.
> Why? I can see the domain and it's users!
>
> Any insight on this would be helpful.
Archived from groups: microsoft.public.win2000.security (More info?)
Fergie wrote:
> I have inherited a small school with many problems. They are running
> 2003 Server and have 2000Pro Desktops.
> I can add users and computers to the domain (at the server) with no
> problem. I can join computers to the domain with no problem. However,
> when adding user to the administrator group on the local machine, I
> have problems. I can choose the correct domain from the drop down box
> at the to and then authenticate to the domain. But when I choose the
> user I want to add and select apply or OK, I get an error message
> that the domain does not exist or cannot be contacted.
> Why? I can see the domain and it's users!
>
> Any insight on this would be helpful.
In addition to Steven's reply - are you absolutely sure you want to do this?
If these are regular end-user accounts, you may be opening up a big can of
worms by granting them local admin rights.
Fergie wrote:
> I have inherited a small school with many problems. They are running
> 2003 Server and have 2000Pro Desktops.
> I can add users and computers to the domain (at the server) with no
> problem. I can join computers to the domain with no problem. However,
> when adding user to the administrator group on the local machine, I
> have problems. I can choose the correct domain from the drop down box
> at the to and then authenticate to the domain. But when I choose the
> user I want to add and select apply or OK, I get an error message
> that the domain does not exist or cannot be contacted.
> Why? I can see the domain and it's users!
>
> Any insight on this would be helpful.
In addition to Steven's reply - are you absolutely sure you want to do this?
If these are regular end-user accounts, you may be opening up a big can of
worms by granting them local admin rights.
Archived from groups: microsoft.public.win2000.security (More info?)
I concur...there really isn't any reason for a "normal" user to be a member
of the local administrators group. Any application that they may need
"administrative" access can be handled through GPO's.
Also, the issue with seeing the domain..DNS DNS DNS.
Make sure your Primary/Preferred DNS (All machines) is your Active Directory
DNS server and nothing else. Also check your forward lookup zone on your
DNS server to verify that you have the 4 primary SRV records, MSDCS, SITES,
UDP, TCP. If they are not there, then you have DNS issues. DNS issues do
not render your Domain unusable, however, it will raise problems. At no
point in time should anything point to an outside ISP unless you configure
the forwarders. If you remove any references in your TCP/IP properties,
always make sure you run these four commands:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon
Again, all DNS references in TCP/IP settings should ONLY point to your AD
DNS server and nothing else.
Michael MSCE
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uliX9jnwEHA.3416@TK2MSFTNGP09.phx.gbl...
> Fergie wrote:
>> I have inherited a small school with many problems. They are running
>> 2003 Server and have 2000Pro Desktops.
>> I can add users and computers to the domain (at the server) with no
>> problem. I can join computers to the domain with no problem. However,
>> when adding user to the administrator group on the local machine, I
>> have problems. I can choose the correct domain from the drop down box
>> at the to and then authenticate to the domain. But when I choose the
>> user I want to add and select apply or OK, I get an error message
>> that the domain does not exist or cannot be contacted.
>> Why? I can see the domain and it's users!
>>
>> Any insight on this would be helpful.
>
> In addition to Steven's reply - are you absolutely sure you want to do
> this?
> If these are regular end-user accounts, you may be opening up a big can of
> worms by granting them local admin rights.
>
>
I concur...there really isn't any reason for a "normal" user to be a member
of the local administrators group. Any application that they may need
"administrative" access can be handled through GPO's.
Also, the issue with seeing the domain..DNS DNS DNS.
Make sure your Primary/Preferred DNS (All machines) is your Active Directory
DNS server and nothing else. Also check your forward lookup zone on your
DNS server to verify that you have the 4 primary SRV records, MSDCS, SITES,
UDP, TCP. If they are not there, then you have DNS issues. DNS issues do
not render your Domain unusable, however, it will raise problems. At no
point in time should anything point to an outside ISP unless you configure
the forwarders. If you remove any references in your TCP/IP properties,
always make sure you run these four commands:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon
Again, all DNS references in TCP/IP settings should ONLY point to your AD
DNS server and nothing else.
Michael MSCE
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uliX9jnwEHA.3416@TK2MSFTNGP09.phx.gbl...
> Fergie wrote:
>> I have inherited a small school with many problems. They are running
>> 2003 Server and have 2000Pro Desktops.
>> I can add users and computers to the domain (at the server) with no
>> problem. I can join computers to the domain with no problem. However,
>> when adding user to the administrator group on the local machine, I
>> have problems. I can choose the correct domain from the drop down box
>> at the to and then authenticate to the domain. But when I choose the
>> user I want to add and select apply or OK, I get an error message
>> that the domain does not exist or cannot be contacted.
>> Why? I can see the domain and it's users!
>>
>> Any insight on this would be helpful.
>
> In addition to Steven's reply - are you absolutely sure you want to do
> this?
> If these are regular end-user accounts, you may be opening up a big can of
> worms by granting them local admin rights.
>
>
Related ressources:
- ForumI cant access my c drive in user account in my laptop
- ForumI have lost access to my files by adding a new user
- ForumHas any home user been able to network 2 pc and access their HD's
- ForumNET USE LPT1: \\ User \Printer /PERSISTENT:YES gives me an access denied
- ForumWhich shared folder a Domain User has access to
- ForumCan't access my files on user account
- ForumHow to design a group policy to prohbit user to access Int..
- ForumCat access router takes me to user agreement page
- ForumCan't Access User Account Controls
- ForumCannot access old User Profile files
- ForumServer 2008 User Cannot Access Internet HELP!!!
- ForumBest solution for multi- user & large file access to a NAS
- ForumRestrict internet access by user
- ForumType net user in cmd prompt then reply is access denied
- ForumWindows 7 can I restrict a user accounts internet access ?
- ForumParallel and com ports not appearing in device manager
- ForumWeb Server - User Access and Priviledges.
- ForumDo not DISPLAY a Folder when a user does not have access r..
- ForumBest way to give a temp user FTP access to a single folder..
- ForumHow to hide folders that a user doesn't have access to
- More resources
!
