Active Directory Users and Computers cannot find the domain

[Steve March]

Help!

I just converted my NT 4 domain to Windows 2003 Active Directory.
Everything seems to work and users can login and use resources but I have
problems using the Active Directory Users and Computers from remote
desktops. We are in mixed-mode with pre-Windows compatibility selected.
The AD Users and Computers snap-in on the PDC that I converted to Windows
2003 AD works fine but from user's desktops when they run the AD Users and
Computers you get the following error:

Naming information cannot be locate because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly
configured and is currently online.

It happens on my XP SP1a PC and it belongs to the same domain. I have full
access rights as well.

I can get around it by right-clicking and choosing "connect to a domain
controller" and then everything shows up. But I get more errors when I try
to edit the Account tab stating:

The specified domain either does not exist or could not be contacted.

then

The pre-windows 2000 domain name for the user cannot be displayed.


It may be a WINS or DNS issue but I am not sure. Our DNS server is a
windows 2000 server and our WINS servers are NT 4 servers. You can ping the
newly converted PDC by name and I've tested this on the same subnet as the
PDC and from other remote subnets.

Any ideas?

 

[Eric Fleischman [MSFT]]

Hey Steve,

I would tackle this as a DNS issue, as I agree it sounds like one.
Some things to do/check:
1) Point your 2003 DCs (all of them) to a single DNS server, and only one.
Any secondaries on their NIC's, remove em.
2) On that single DNS server (which should be 2000 or 2003 I hope) create a
new forward lookup zone by the name of the domain (what is your domain
name?) and go to the properties on this new zone. Ensure that dynamic
updates are set to either "yes" or "secure only". Either should be just
fine.
At this point you can ipconfig /flushdns, ipconfig /registerdns, net stop
netlogon, net start netlogon
and I'd do that on each DC to force new DNS registrations.
If you look at the forward lookup zone on the DNS server, it should have 4
subfolders (each starting with a _ )
3) If you're still not up and running, I'd run a netdiag /v on the DC's and
see what is failing.

Hope this is a start!
~Eric

 

[Steve March]

After being on the phone with Microsoft for 7 hours the problem was fixed.
It was not a DNS problem. It had to do with the NT4Emulator registry value
we entered so the upgraded PDC doesn't get flooding with requests.

The problem arose to do a registry change we did on the new PDC to prevent
it from handle all logon requests from Windows 2000/XP clients that would
overload the server. The issue is best explained in the following article:

http://support.microsoft.com/default.aspx?scid=kb;[LN];284937

Until more Windows 2003 domain controllers become available and we start to
decommission NT 4 domain controllers, you must perform the following
registry change on your own computer to be able to use the Active Directory
Users and Computers tool.

After you install the Windows 2000 or 2003 Administration Tools package,
follow these steps:

1. On the computer that is running Windows 2000/XP Professional or a member
server, start Registry Editor (Regedt32.exe).

2. Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters

3. Click Add Value on the Edit menu, and then add the following registry
value:

Value name: NeutralizeNT4Emulator
Data type: REG_DWORD
Radix: Hex
Value data: 0x1 (Just type a '1')

4. Quit Registry Editor.

Thanks,
Steve March

Hey Steve,

I would tackle this as a DNS issue, as I agree it sounds like one.
Some things to do/check:
1) Point your 2003 DCs (all of them) to a single DNS server, and only one.
Any secondaries on their NIC's, remove em.
2) On that single DNS server (which should be 2000 or 2003 I hope) create a
new forward lookup zone by the name of the domain (what is your domain
name?) and go to the properties on this new zone. Ensure that dynamic
updates are set to either "yes" or "secure only". Either should be just
fine.
At this point you can ipconfig /flushdns, ipconfig /registerdns, net stop
netlogon, net start netlogon
and I'd do that on each DC to force new DNS registrations.
If you look at the forward lookup zone on the DNS server, it should have 4
subfolders (each starting with a _ )
3) If you're still not up and running, I'd run a netdiag /v on the DC's and
see what is failing.

Hope this is a start!
~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.

Help!

I just converted my NT 4 domain to Windows 2003 Active Directory.
Everything seems to work and users can login and use resources but I have
problems using the Active Directory Users and Computers from remote
desktops. We are in mixed-mode with pre-Windows compatibility selected.
The AD Users and Computers snap-in on the PDC that I converted to Windows
2003 AD works fine but from user's desktops when they run the AD Users and
Computers you get the following error:

Naming information cannot be locate because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly
configured and is currently online.

It happens on my XP SP1a PC and it belongs to the same domain. I have full
access rights as well.

I can get around it by right-clicking and choosing "connect to a domain
controller" and then everything shows up. But I get more errors when I try
to edit the Account tab stating:

The specified domain either does not exist or could not be contacted.

then

The pre-windows 2000 domain name for the user cannot be displayed.


It may be a WINS or DNS issue but I am not sure. Our DNS server is a
windows 2000 server and our WINS servers are NT 4 servers. You can ping the
newly converted PDC by name and I've tested this on the same subnet as the
PDC and from other remote subnets.

Any ideas?