Some user account can't log on

  • Thread starter Thread starter David
  • Start date Start date
D

David

Hi.
I have a W2000 DC and AD. I have created an OU and a
couple of user account, but for some reason, some user can
log on succesfully and rest can't do it.
I copied one of the correct user (can log on), changing
the name but no way.

Somebody knows something about this stuff.
Thanks
 
In
David said:
Hi.
I have a W2000 DC and AD. I have created an OU and a
couple of user account, but for some reason, some user can
log on succesfully and rest can't do it.
I copied one of the correct user (can log on), changing
the name but no way.

Somebody knows something about this stuff.
Thanks
Click to expand...

Are you getting any errors in the Event viewer?
How are they loggin in? Legacy or UPN method?
What error do they get?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi.

In the event viewer:
The computer ACAPULCO tried to connect to the server
\\LONDON using the trust relationship established by the
NWTRADERS domain. However, the computer lost the correct
security identifier (SID) when the domain was
reconfigured. Reestablish the trust relationship. Event
ID;: 5513

The computer VANCOUVER tried to connect to the server
\\LONDON using the trust relationship established by the
NWTRADERS domain. However, the computer lost the correct
security identifier (SID) when the domain was
reconfigured. Reestablish the trust relationship. Event
ID;: 5513

I dont know the diferent between Legacy and UPN. After
install Active Directory in my new OU I created the users

The message when can't log on is: can't access domain
which is diferent to the message I get when I try to do
with a user which not exist (I suppose it can connect to
know that).

Any information you need, ask me, please.
Bye
 
In
David said:
Hi.

In the event viewer:
The computer ACAPULCO tried to connect to the server
\\LONDON using the trust relationship established by the
NWTRADERS domain. However, the computer lost the correct
security identifier (SID) when the domain was
reconfigured. Reestablish the trust relationship. Event
ID;: 5513

The computer VANCOUVER tried to connect to the server
\\LONDON using the trust relationship established by the
NWTRADERS domain. However, the computer lost the correct
security identifier (SID) when the domain was
reconfigured. Reestablish the trust relationship. Event
ID;: 5513

I dont know the diferent between Legacy and UPN. After
install Active Directory in my new OU I created the users

The message when can't log on is: can't access domain
which is diferent to the message I get when I try to do
with a user which not exist (I suppose it can connect to
know that).

Any information you need, ask me, please.
Bye
Click to expand...

Wow. Are you a trainer? These machine names are the basis of most of the W2k
and W2k3 classes used by Microsoft.

These errors kind of tell me that you either reconfigured London or you had
a problem with London and have a ghost image of London and blew it back down
over top the old image and the original image does not have these child
domains added yet.

Can you give me more specifics and details on what happened? I've set these
classes up 1000's of times and the only time I've seen this error is either
with an incorrect method to set it up or something specific happened on
London.

It could also be a SIMPLE matter of not using London for DNS in all the
machines' IP properties, since London in a classroom setup such as this is
the DNS server (in most classes).

Which class is this? Looks like MOC 1572?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi again.
Yes, you right, Course 2152c.

I'm not a trainer. I've been working making another things
without problem until I used dcpromo to demote the DC
(previous copy). I promote again (I'm have not used my
back up) and it start to go wrong.
I have no a ghost image or something like that.
In all clients I use london (192.168.0.1) as DNS server.


I'm thinking in reinstall all again, but I would like to
know more about this problem.
Well, anything help will be ok.
 
In
David said:
Hi again.
Yes, you right, Course 2152c.
Click to expand...

I thought so. :-)
I'm not a trainer. I've been working making another things
without problem until I used dcpromo to demote the DC
(previous copy). I promote again (I'm have not used my
back up) and it start to go wrong.
Click to expand...

That is the WHOLE problem. AD is SID/GUID specific besides references being
held in the forest root for all child domains or references for all computer
accounts and member servers in their specifi domain.

If the student machines (Vancouver, Denver, Acapulco, etc) are either joined
to the domain or are part of a child domain of Nwtraders.msft (London) and
you demoted London and then re-promoted it, even if you used the same
computer and domain name for London, it is NOW a totally NEW and DIFFERENT
domain. Then the computer accounts and/or child domains will have lost their
identity in the forest root or domain they were once joined to.

To fix, and if these are just member servers, you would either have to
dis-join and re-join the machines (if member servers).

If the students (or you) made them child domains (Namerica, Samerica, etc),
then you would have to demote these machines with the dcpromo /forceremoval
switch (need a dcpromo.exe update to make this work) and then re-promote the
child domains. If you don't have the DCPROMO update, then you would have to
literally reinstall the machines from scratch. There is also a manual method
to do this.

So depending on your scenario, they are your choices.
I have no a ghost image or something like that.
In all clients I use london (192.168.0.1) as DNS server.
Click to expand...

As most of the classes do.

I'm thinking in reinstall all again, but I would like to
know more about this problem.
Well, anything help will be ok.
Click to expand...

I hope my explanation above helps in understanding what happened.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
David said:
I will work on it and will try to fix it.
Thanks.
Click to expand...

No problem.
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top