Cant access policies

  • Thread starter Thread starter Ash Ridley
  • Start date Start date
A

Ash Ridley

Hi,

I have a Windows 2000 domain which I have recently extended the schema to
allow 2003 domain controllers, I have since added 2 2003 DC's

However I've noticed (and I dont know if this was a problem before the
schema extension and if so for how long) that if I try and access any
policies on any of the DC's I get the following error - I am logged in as
the top level administrator

Failed to open the group policy object. You may not have appropriate rights

The network path was not found

I've worked through an MS article on manually setting the permissions on the
policy files/directories as well as the active directory objects but this
hasnt made any difference, I've also noticed that if I use one of the new
2003 servers as the primary DNS all my active directory operations fail (but
using the old 2000 DC is ok)

I'm not sure if its related but I've also just noticed that users dont have
access to shares on the 2003 box even though they have appropriate
permissions

Appreciate any suggestions
 
How do you have dns configured? Integrated? Do you only have your AD dns
defined on the nic's or do you have your ISP as well? If so forward
requests to your ISP.

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The script also automagically outputs the test details to a
text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The script is at http://www.pbbergs.com click on downloads, download it and
save it to c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks for the reply, I'll give that a try

Paul Bergson said:
How do you have dns configured? Integrated? Do you only have your AD dns
defined on the nic's or do you have your ISP as well? If so forward
requests to your ISP.

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The script also automagically outputs the test details to a
text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The script is at http://www.pbbergs.com click on downloads, download it and
save it to c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Back
Top