Problems with AD configuration?

  • Thread starter Thread starter Fran
  • Start date Start date
F

Fran

I had to rebuild a server over the weekend (Oh, joy.)
I have DNS and DHCP enabled and configured with Active Directory (this
is a one-server network with 10 workstations.)

When working on the workstations I was trying to add a domain group to
the local PC's administrators group. Although the domain was set up
and I was able to join the computer to the domain when I tried to add
a domain group to the locak PC's administrators group the system said
that the domain could not be contacted. When I went BACK into the
ADVANCED tab (on the client computer) the LOOK IN box was now grayed
out.

I searched MS for an answer and they said to check that SysVol and
NetLogon were shared. In Net Use it shows that Sysvol and Netlogon are
shared.

I'm sure this is something I missed doing but I'm lost.

I installed Windows 2000 server, installed DHCP and DNS (dns was
installed by the Active Directory wizard). I ran Netdiag /fix and
dcdiag /fix.

Still have the problem. Any thoughts???

Fran
 
reboot the workstation then login and try again

I am assuming you did not reboot the machine after you have added it to the
domain reboot first then re-login with the domain account and try nesting
the group.

hth
rgds
Steve
 
Actually, I did reboot. It was required when I joined the domain.

I also found that article on the MS site about fixing this problem.
The article states:
----------------------------------<clip>---------------------------------------
If the Sysvol is not shared, use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters

Double-click the SysvolReady value, and change the data value from 0
to 1. Shutdown and restart the domain controller.

When the computer has restarted, open a CMD prompt and type:

nslookup and press Enter.

set q=srv and press ENTER.

_ldap._tcp.<FQDN> where <FQDN> is the domain controller's Fully
Qualified Domain Name.
----------------------------------<clip>---------------------------------------

When I try this I get errors.
When I type NSLOOKUP and hit enter I get: "*** Can't find server
name for address 192.168.94.10: Non-existent domain"
When I type in the line "_ldap._tcp.HDServer.DomainName.com (where
DomainName.com represents the real domain) I get:
Server: UnKnown
Address: 192.168.94.10
*** UnKnown can't find _ldap._tcp.hdserver.DomainName.com:
Non-existent domain.

This must be my configuration error as I set up another server here at
the office for testing and I get the very same issue(s) so I must be
doing something initally wrong.

(At least I'm consistent, huh?)

Fran
 
Hi Fran

Okay had to check you had re-booted.
Was this a complete break fix rebuild of the DC at all if so did you restore
active directory or create a new domain.
Was everything set up as it used to be ?

Are you getting any errors in the event logs on the DC at all . Check all of
them.
Also run a netdiag on the workstations to see if any error are reported and
check the IP configuration of the workstations.

Also can you install the support tools on the server and then from the
support tools cmd prompt run DCdiag /V might be an idea to pipe it to a text
file to review as the verbose mode ( /v) can generate a lot of information
and review this for errors

if so post them back here this will help us to try narrowing it down.

It looks as though there are no DC records for the domain registered in DNS.
You can force registration by either ipconfig /registerdns or stopping and
starting the netlogon service
Also you can run an net share on the server to see if the sysvol is shared.

Rgds
Steve
 
Back
Top