Can i lock access to AD with a security policy?

  • Thread starter Thread starter 13th_Victor
  • Start date Start date
1

13th_Victor

....Here goes...

I have a Windows 2000 server machine that is used to run
IIS it is not a DC...
I was hoping to add a domain user account to a local group
on the IIS box...

I can not

When I right click my computer > manage > Local Users and
Groups > I right click "theGroupName" > Properties > then
click Add... here is where the problems start, if the look
in pull down is not grayed out I select the domain then
the user, but when I click the ok button I get a pop up
that says "Processing of the object <username> failed with
the following error: The specified domain either does not
exist or can not be contacted" and then the look in grays
out for. I don't know about 15mins?

Now I have only been working on the network for about 6
weeks, and I can see that other local groups on this IIS
box that have domain users as members, so I think there is
a security policy that may have been activated after these
domain users where added to the local groups, and I know
that I can add domain users to local shares and grant them
NTFS permissions, so it not that the domain doesn't exist
or can be contacted?

Any one have an idea?
 
It could possibly be a network connectivity, dns configuration, or computer account
problem. I would run netdiag [on install cdrom, run setup in support/tools folder] on
that computer looking for any failed tests that may help pinpoint the problem such as
dns , dc list, or secure channel. Also check Event Viewer for any errors that may
give a clue. Incompatible security options in security policy can cause network
connectivity problems such as smb/digitally signing, or ipsec policy. Using netmon
while trying to accomplish your task may also reveal the problem. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;321708
 
Back
Top