| Author |
Message |
Rene
Guest
|
 Posted:
Sat Jan 08, 2005 4:43 am Post subject:
My domain account is upsetting me |
|
|
I am a Visual Studio .Net developer and currently log on to my local
computer as an Administrator.
To accomplish the above, I basically added my *Domain* account (Server 2003)
to my Local Administrator group (Windows XP professional) using the "Network
Identification Wizard". This was done easily (*with the wizard*)
Now, I want to change my evil ways and logon as a restricted user because I
realize that there is no justification not to do so. The problem is that
when I try to add my *Domain* user name to local groups I get the stupid
dialog telling me that my domain user account does not exists!! I try to
enter it as "MyDomain\MyUserName" and nothing. What's going on??? Why are't
the domain accounts listed???
Pleas help me!!!! |
|
| Back to top |
|
 |
Herb Martin
Guest
|
| Posted:
Sat Jan 08, 2005 8:37 am Post subject:
Re: My domain account is upsetting me |
|
|
"Rene" <nospam@nospam.com> wrote in message
news:uCrDSoQ9EHA.3076@TK2MSFTNGP15.phx.gbl...
| Quote: | I am a Visual Studio .Net developer and currently log on to my local
computer as an Administrator.
|
Been there...
| Quote: | To accomplish the above, I basically added my *Domain* account (Server
2003)
to my Local Administrator group (Windows XP professional) using the
"Network
Identification Wizard". This was done easily (*with the wizard*)
Now, I want to change my evil ways and logon as a restricted user because
I
realize that there is no justification not to do so. The problem is that
when I try to add my *Domain* user name to local groups I get the stupid
dialog telling me that my domain user account does not exists!! I try to
enter it as "MyDomain\MyUserName" and nothing. What's going on??? Why
are't
the domain accounts listed???
|
Probably due to your machine not authenticating with
a DC -- you would still get on with cached credentials
(if you had ever done it successfully once.)
Most likely cause is a DNS issue...but if not that it
is still likely an authentication problem.
It could be something on the Domain (Admin) side so
you may not be able to fix it, but make sure you computer
uses ONLY the internal DNS server set and that
no one (harumph!) has changed the NIC->IP properties
to point to External DNS servers or even a mixture of
External/Internal.
Here's the full story but you may need an admin to check
the server side:
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server:DC-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
|
|
| Back to top |
|
|
Rene
Guest
|
| Posted:
Sat Jan 08, 2005 11:17 am Post subject:
Re: My domain account is upsetting me |
|
|
You got it!! It was that DNS thing that was causing all this problems,
everything is working fine now, even my logon time went from somewhere
around 2 minutes to about 10 seconds.
The thing that gets me is the partial problem, I thought that I had
everything configured right because I was successfully logging to the server
and able to browse files, print documents etc. I would have preferred that
nothing worked from the begging that way I could have tackled the problem
and not move forward until everything was working 100% and not 50%.
Anyway, its working fine now and I can continue testing my program against
the server. Thanks for everything.
"Herb Martin" <news@LearnQuick.com> wrote in message
news:u2UaEtS9EHA.3416@TK2MSFTNGP09.phx.gbl...
| Quote: | "Rene" <nospam@nospam.com> wrote in message
news:uCrDSoQ9EHA.3076@TK2MSFTNGP15.phx.gbl...
I am a Visual Studio .Net developer and currently log on to my local
computer as an Administrator.
Been there...
To accomplish the above, I basically added my *Domain* account (Server
2003)
to my Local Administrator group (Windows XP professional) using the
"Network
Identification Wizard". This was done easily (*with the wizard*)
Now, I want to change my evil ways and logon as a restricted user because
I
realize that there is no justification not to do so. The problem is that
when I try to add my *Domain* user name to local groups I get the stupid
dialog telling me that my domain user account does not exists!! I try to
enter it as "MyDomain\MyUserName" and nothing. What's going on??? Why
are't
the domain accounts listed???
Probably due to your machine not authenticating with
a DC -- you would still get on with cached credentials
(if you had ever done it successfully once.)
Most likely cause is a DNS issue...but if not that it
is still likely an authentication problem.
It could be something on the Domain (Admin) side so
you may not be able to fix it, but make sure you computer
uses ONLY the internal DNS server set and that
no one (harumph!) has changed the NIC->IP properties
to point to External DNS servers or even a mixture of
External/Internal.
Here's the full story but you may need an admin to check
the server side:
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server:DC-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
Pleas help me!!!!
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sat Jan 08, 2005 3:31 pm Post subject:
Re: My domain account is upsetting me |
|
|
"Rene" <nospam@nospam.com> wrote in message
news:O5u1NFU9EHA.2552@TK2MSFTNGP09.phx.gbl...
| Quote: | You got it!! It was that DNS thing that was causing all this problems,
everything is working fine now, even my logon time went from somewhere
around 2 minutes to about 10 seconds.
|
Good, that makes it fun when the suggestion
works right away.
| Quote: | The thing that gets me is the partial problem, I thought that I had
everything configured right because I was successfully logging to the
server
and able to browse files, print documents etc. I would have preferred that
nothing worked from the begging that way I could have tackled the problem
and not move forward until everything was working 100% and not 50%.
|
Yes, intermittant or partial problems are much harder
to troubleshoot (usually) than complete failure.
| Quote: |
Anyway, its working fine now and I can continue testing my program against
the server. Thanks for everything.
|
You're welcome -- pass it on to others.
--
Herb Martin
| Quote: |
"Herb Martin" <news@LearnQuick.com> wrote in message
news:u2UaEtS9EHA.3416@TK2MSFTNGP09.phx.gbl...
"Rene" <nospam@nospam.com> wrote in message
news:uCrDSoQ9EHA.3076@TK2MSFTNGP15.phx.gbl...
I am a Visual Studio .Net developer and currently log on to my local
computer as an Administrator.
Been there...
To accomplish the above, I basically added my *Domain* account (Server
2003)
to my Local Administrator group (Windows XP professional) using the
"Network
Identification Wizard". This was done easily (*with the wizard*)
Now, I want to change my evil ways and logon as a restricted user
because
I
realize that there is no justification not to do so. The problem is
that
when I try to add my *Domain* user name to local groups I get the
stupid
dialog telling me that my domain user account does not exists!! I try
to
enter it as "MyDomain\MyUserName" and nothing. What's going on??? Why
are't
the domain accounts listed???
Probably due to your machine not authenticating with
a DC -- you would still get on with cached credentials
(if you had ever done it successfully once.)
Most likely cause is a DNS issue...but if not that it
is still likely an authentication problem.
It could be something on the Domain (Admin) side so
you may not be able to fix it, but make sure you computer
uses ONLY the internal DNS server set and that
no one (harumph!) has changed the NIC->IP properties
to point to External DNS servers or even a mixture of
External/Internal.
Here's the full story but you may need an admin to check
the server side:
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server:DC-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
Pleas help me!!!!
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in