Kurt said:
Much better said. To add, when the logon box pops up, it is the netbios
name of the domain that appears in the domain list. If a domain is
"domain.org", usually (but not always) the netbios name will be "DOMAIN".
Since you mentioned a migration and the fact that the "'correct' domain
isn't an option in the domain list", it suggests that the netBIOS name may
a leftover from the old domain. If the old domain was "old.com" with
NetBios name "OLD", the new domain could very well be "new.com" with
NetBIOS name "OLD".
And in general, with AD domains one may logon with any of the
following (if the machine is in that domain OR the domain is
trusted by the machine's domain):
Username: Domain\Username
Username: (e-mail address removed)
That last one COULD be wrong if the UPN suffixes have been
redefined* but in general this is what most people would see.
The UPN (second choice above) and the NetBIOS versions disable
the "domain" edit box the moment the '/' or '@' separators are typed.
* The most common reasons for redefining (adding) UPN suffixes are
the cases where the admin of a forest of domains wishes every user
to logon with the same UPN suffix (e.g., parentroot.com instead of the
various children.parentroot.com domain names) OR the enternal name
is something local (e.g., domain.local) but the admin wants to allow
users to logon with the "external" or "public" name which is likely the
same as their email address, e.g., domain.com.
In fact in both cases it is common to have the standard suffix be used
for all email addresses. The key issue is that in this case all USERNAMES
must be unique across the entire forest so that the unified UPN suffixes
won't need to be different to make the names unique.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
...kurt
Herb Martin said:
Kurt said:
The NetBIOS name of the domain could have been completely different from
it's DNS name. In fact, that's exactly what happens when you "upgrade"
migrate an NT4 domain to AD. You give the AD domain a "something.suffix"
FQDN, but the netBIOS name stays the same as the old NT4 domain.
Well, in that sense practically ALL NetBIOS names are different
from the Domain's DNS name since one really should not use
special characters (including "."s) in NetBIOS names so a domain
named "DOMAIN" in NetBIOS is almost always going to be
"DOMAIN.com" in DNS.
(And one must/should never use a single tag DNS name either.)
What most people do, is to use the MAIN tag for the NetBIOS
version (the default is to use the Leftmost tag when DCPromo
does it) and use the full DNS name for the DNS version of course.
This is generally true on upgraded domains if people think it
through but is not actually a requirement -- just confusing if they
do not.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
...kurt
I suspect you are correct, but why would the workstations still be
logging into an old domain that doesn't exist? If you check the
workstations they show as being joined to the 'correct' domain, but
during login the 'correct' domain isn't an option in the domain list.
Only the local machine and the old seemingly non-existent domain.
I can't even begin to describe all the crazy things that I'm seeing
with configuration of the boxes, but half the workstations can't be
logged in unless the user is an admin and on and on. nslookup resolves
names to multiple IP addresses in some cases and things such as this.
Again, I can fix all this and know why most of it is happening, but I
can't quite figure out what the deal is with the domain situation.
The story goes that there was a
2000 server with AD. At some point, a 2003 server was setup and AD
was installed on that. Both servers are acting as domain
controllers, but it would appear that they are both domain
controllers for the same domain, that being the domain that was setup
on the 2003 server. However, the workstations login to a domain that
I'm told was the domain that was created on the 2000 server when AD
was installed.
Possibly two separate domains w/ the same name?
hth
DDS W 2k MVP MCSE
Got asked to come in and take a look at a Windows Server install and
saw some things that just aren't making sense. The story goes that
there was a 2000 server with AD. At some point, a 2003 server was
setup and AD was installed on that. Both servers are acting as
domain controllers, but it would appear that they are both domain
controllers for the same domain, that being the domain that was setup
on the 2003 server. However, the workstations login to a domain that
I'm told was the domain that was created on the 2000 server when AD
was installed. The whole thing is a real mess. DNS is a mess, DHCP is
a mess. Nothing is making sense. I can fix the obvious stuff, but
not sure what effect this will have on whatever other weirdness was
created behind the scenes.
It looks as if someone was trying to run dcpromo on the 2000 box at
somepoint. Perhaps this didn't complete? I'm pretty much ready to
save the data and blow out both boxes and reinstall the OS in the
interest of time.
C_Name /f:c:\dcdiag.log