Re: exdeploy dsscopescan problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Gary Cooper (gc_at_hrizns.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 15:16:03 -0500

The reason I pointed to name resolution is the "account unknown" tag. Since
Usrmgr has the SID and can't get the properties of it from AD. In almost
all cases in the past for me, that was a WINS/DNS issue. Can you add
another account now from AD other than the one you are having issues with?
Is UsrMgr able to resolve it after you close UsrMgr and reopen it? Maybe it
is something about that specific account?

If so, try doing an LDP dump of that user object and posting it .

"confused" <confused@discussions.microsoft.com> wrote in message
news:958331AD-9164-4E9F-A594-EA1D8323F0D1@microsoft.com...
>
>
> "Gary Cooper" wrote:
>
>> Check for name resolution issues. Since you said you can add the account
>> to
>> the local machine (admin group I assume), then when you look again it can
>> not resolve the SID, that sounds like that server is not using the same
>> DNS/WINS services the others are.
>>
>
>
> it is a small lab testing setup so it is very simple - one wins dns
> server
> for the whole forest - and it is pointing to it, like everyone else. It
> can
> resolve machine names and domain names backwards and forwards and, i don't
> see how other domain accounts would be able to log on locally if it were a
> name resolution issue.
>
>
>
>> "confused" <confused@discussions.microsoft.com> wrote in message
>> news:A8959FC4-CF71-4976-8512-BE97D12033B5@microsoft.com...
>> > When trying to run dsscopescan, i get an error that I cannot connect
>> > to
>> > my
>> > exchange 5.5 server. My setup is as follows:
>> >
>> > - two site exchange 5.5 org. 1 server in each site, running 5.5/SP4 on
>> > winnt4 sp6a
>> > - windows 2003 forest with empty root domain and four child domains;
>> > all
>> > domains are windows 2000 mixed functional level except the child domain
>> > that
>> > includes the exchange server i cannot connect to via exdeploy
>> > - i am running exdeploy with an enterprise/schema admin account that
>> > has
>> > service admin rights to all exchange site and configuration levels and
>> > to
>> > the
>> > exchange org object.
>> > - i can log on locally to the exchange 5.5 server with this account
>> > - i can run the exdeploy dsscopescan on the 5.5 server in the other
>> > site
>> > successfully
>> > - when i try to bind to the 5.5 server using ldp.exe and the accounts
>> > ldap
>> > name:
>> > cn=administrator,cn=lab_domain,cn=admin
>> > it fails.
>> > - one last observation - on the 5.5 server, the forest root account i
>> > am
>> > using for exdeploy can be added as a local admin. However, when i
>> > reopen
>> > usrmgr on the local machine, the account in the administrators group
>> > says
>> > 'Account unknown'.
>> >
>> > thanks.
>>
>>
>>

Relevant Pages

  • Re: exdeploy dsscopescan problem
    ... > another account now from AD other than the one you are having issues with? ... > Is UsrMgr able to resolve it after you close UsrMgr and reopen it? ... but this time i've checked name resolution up and down. ... and the exchange server that works is configured exactly the same. ...
    (microsoft.public.exchange.setup)
  • Re: EFS Decryption Problem
    ... Was it only used to match up to the backed up userprofile, ... I thought the account's SID and password was involved in generating the ... a new account is created). ... instance of Windows would have a different SID even after restoring the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Update still failing with 80240020 and 8024000c
    ... There is still indication that the SID ... reporting because I think that ultimately it is going to be their accounts ... with the System account yesterday. ... In your case the System account would be ...
    (microsoft.public.windowsupdate)
  • RE: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... argument to get_sid, it returns a sid. ... The sysxlogins.name column stores the NT account ... One way to get SQL Server to agree with the renamed NT ... check "Script all objects", on the Formatting tab UNcheck "Generate the ...
    (microsoft.public.sqlserver.security)
  • Re: is there a simple to get "userid" in a windows domain?
    ... suspect a minor change to the way I access ntSecurityDescriptor would give ... Is it possible to get a User SID from ... >> than the account names when referring to the account. ... >> Eric Fitzgerald ...
    (microsoft.public.security)