Re: exdeploy dsscopescan problem

From: confused (confused_at_discussions.microsoft.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 11:59:02 -0700

"Gary Cooper" wrote:

> Check for name resolution issues. Since you said you can add the account to
> the local machine (admin group I assume), then when you look again it can
> not resolve the SID, that sounds like that server is not using the same
> DNS/WINS services the others are.
>

it is a small lab testing setup so it is very simple - one wins dns server
for the whole forest - and it is pointing to it, like everyone else. It can
resolve machine names and domain names backwards and forwards and, i don't
see how other domain accounts would be able to log on locally if it were a
name resolution issue.

> "confused" <confused@discussions.microsoft.com> wrote in message
> news:A8959FC4-CF71-4976-8512-BE97D12033B5@microsoft.com...
> > When trying to run dsscopescan, i get an error that I cannot connect to
> > my
> > exchange 5.5 server. My setup is as follows:
> >
> > - two site exchange 5.5 org. 1 server in each site, running 5.5/SP4 on
> > winnt4 sp6a
> > - windows 2003 forest with empty root domain and four child domains; all
> > domains are windows 2000 mixed functional level except the child domain
> > that
> > includes the exchange server i cannot connect to via exdeploy
> > - i am running exdeploy with an enterprise/schema admin account that has
> > service admin rights to all exchange site and configuration levels and to
> > the
> > exchange org object.
> > - i can log on locally to the exchange 5.5 server with this account
> > - i can run the exdeploy dsscopescan on the 5.5 server in the other site
> > successfully
> > - when i try to bind to the 5.5 server using ldp.exe and the accounts ldap
> > name:
> > cn=administrator,cn=lab_domain,cn=admin
> > it fails.
> > - one last observation - on the 5.5 server, the forest root account i am
> > using for exdeploy can be added as a local admin. However, when i reopen
> > usrmgr on the local machine, the account in the administrators group says
> > 'Account unknown'.
> >
> > thanks.
>
>
>

Relevant Pages

  • Re: When is an Admin not an Admin?
    ... I made sure I was in Domain Admins on the W2K server, ... server and local machine policies, but I still can't find anything that's ... > admin rights on the local machine. ... > are local Administrators but the domain Administrators group ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Local Machine vs. Domain Group Policy
    ... To offer a counter viewpoint to some of those expressed, I have in the past and wouldn't be surprised in the future to have the same viewpoint of your admin. ... Lots of people like to think that GPOs are the panacea and they quite frankly are not, I have had to deal with mad levels of issues with GPOs over the years. ... In a single TS Server environment or even one with 40 I wouldn't hesitate to tell you to use local settings versus slapping a ton of new policies in the directory that I now have to make sure replicate properly and work. ... Can I create a new GPO using GPMC and link it to to a local machine? ...
    (microsoft.public.win2000.active_directory)
  • Re: Local Machine vs. Domain Group Policy
    ... The new GPO would include a deny apply exception for administrator accounts. ... Our network admin does not want to create an OU and give me rights to it. ... Second is manageability - what if You will have second or third TS server? ... Can I create a new GPO using GPMC and link it to to a local machine? ...
    (microsoft.public.win2000.active_directory)
  • Re: Checking internet connection without a winbox
    ... on using the one that responded quickest? ... For instance, I have my own caching name server, with local machine ... Though individual applications get the system to resolve addresses for ...
    (Fedora)
  • Re: Wrong Mailbox size displayed
    ... Try moving the mailbox to another server. ... The local machine displayed 75MB while the server (under Exchange System ... Any suggestions to resolve this problem are greatly appreciated. ...
    (microsoft.public.exchange.admin)