Re: Add Domain Global Group To Local Group
- From: "Ron Lowe" <ron-msng@{d.e.l.e.t.e}lowe-family.me.uk>
- Date: Fri, 22 Jul 2005 10:06:27 +0100
"Lou R" <lour0314@xxxxxxxxx> wrote in message
news:1121976337.295019.142080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I just built my first domain controller using Server 2003. Joined some
> Win2K clients, and XP clients, to the domain, no problem.
>
> Next I defined a global group "Local Administrators" on the domain, to
> be domain users, but administrators on the client computers. Now I
> need to add the new group to the XP clients, to define its members as
> administrators on the clients.
>
> When I try to add the global group to the XP clients, in the local
> group Administrators, the Add dialog box only lets me select the local
> computer, it won't search for the domain. The "From this location:"
> list only shows the local computer name, I can't get it to show the
> domain. This is even when I'm logged in as the default domain
> adminstrator.
>
> Obviously I'm missing a concept somewhere. Any ideas?
>
This statement ring some bells:
> the Add dialog box only lets me select the local
> computer, it won't search for the domain. The "From this location:"
> list only shows the local computer name, I can't get it to show the
> domain.
This is a classic symptom of DNS misconfiguration.
Does it also take a long time for the clients to log on to the domain?
The reason the domain is not appearing is that the
client PC can't find the Domain Controller.
You need the client's DNS to point to the DNS server on the DC.
Here's my usual lecture on the topic:
XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
controllers:
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861
If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )
1) Ensure that the XP clients are all configured to point to the local
DNS server which hosts the AD domain. That will probably be the
win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's
DNS server.
( you should use the DHCP server to push out the local DNS server
address. )
2) Ensure DNS server on win2k is configured to permit dynamic updates.
3) Ensure the win2k server points to itself as a DNS server.
4) For external ( internet ) name resolution, specify your ISP's DNS server
not on the clients, but in the 'forwarders' tab of the local win2k DNS
server.
On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers:
HOWTO: Remove the Root Zone (Dot Zone)
http://support.microsoft.com/default.aspx?kbid=298148
The following articles may assist you in setting up DNS correctly:
Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
--
Best Regards
Ron Lowe
MVP - Windows Networking
.
- Follow-Ups:
- Re: Add Domain Global Group To Local Group
- From: Lou R
- Re: Add Domain Global Group To Local Group
- References:
- Add Domain Global Group To Local Group
- From: Lou R
- Add Domain Global Group To Local Group
- Prev by Date: Re: Unable to ping
- Next by Date: Getting wrong address with nForce4 network card
- Previous by thread: Add Domain Global Group To Local Group
- Next by thread: Re: Add Domain Global Group To Local Group
- Index(es):
Relevant Pages
|
