Re: groups missing

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: David Everett [MSFT] (deverett_at_online.microsoft.com)
Date: 03/19/04 

Date: Thu, 18 Mar 2004 18:11:40 -0600

If all 10 of these groups are in the Users container in AD make sure that
each group has matching permissions in the AD. You can use dsacls to dump
this and compare.

     dsacls cn=ggroup1,cn=users,dc=domain,dc=local > ggroup1.txt

If you make a new group in the same container, does that new group show up
in the object picker after replication has occurred?

What happens if you type the name of the group in and click "Check Name"
does it populate the group or give an error?

If it populates, Add it, close the Security page and go back to see if the
group is listed as SID or does it still resolve?

Does this happen if you are logged on as a user or does domain admin have
the problem too?

When you say the DCs can find them do you mean within Active Directory Users
and Computers or when you try and add them to a Resource, like Share
permissions on the DCs?

Any chance the groups not showing up are Global Distribution groups and not
Global Security groups? 

-- 
David Everett
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
"Brad" <noone@nowhere.com> wrote in message
news:OYB1LlSDEHA.2804@tk2msftngp13.phx.gbl...
> The problem is when I share a folder on a server and try to add the Groups
> that need access.  I have around 10 groups for one department, and when I
> try to find one of them, I only see 3 or those 10.  All member servers
with
> Windows 2000/2003 cannot find these groups.  The DC's I have can find the
> groups.  DNS and WINS are all set correctly.
>
> I don't have any NT 4 Workstations.  I have about 99% Windows XP.  We have
a
> few 98 boxes, but not many.
>
> "David Everett [MSFT]" <deverett@online.microsoft.com> wrote in message
> news:eyA2JzGDEHA.1128@TK2MSFTNGP11.phx.gbl...
> > What is the RestrictAnonymous registry setting set at on the W2K3 DCs?
> > This value is located under
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
> >
> > If your workstations are NT 4.0 then you may not be able to view objects
> > from the object picker if RestrictAnonymous is set to anything higher
than
> 0
> > on the DCs.
> >
> > Is RestrictAnonymous is higher than 0 and the workstations are NT 4.0
you
> > can do the following to lower this setting on the W2K3 DCs:
> >
> > Set "Network access: Do not allow anonymous enumeration of SAM accounts"
> to
> > Disabled in the Default Domain Controller Policy.  After the change is
> made
> > run "gpupdate /force" at the command prompt and reboot the W2K3 DCs.
> > -- 
> > David Everett
> > Microsoft Corporation
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > "Brad" <noone@nowhere.com> wrote in message
> > news:#L7lar6CEHA.3256@TK2MSFTNGP09.phx.gbl...
> > > 2003 AD network, 4 NT4 BDC's, 2 AD DC's.  All working fine for months
> > > until....
> > >
> > > Today I'm trying to share a few folders on a server, and for some
reason
> > I'm
> > > missing a bunch of global groups.  When I go to the add users/groups
for
> > > file sharing, I just don't see these groups.  I can browse out to the
AD
> > > through Network Places and see them, and my PDC emu (AD 2K3) can see
> them,
> > > as well as the other DC's.  Very strange.  No weird errors in any
> server.
> > > Ran DCDIAG and NETDIAG and no errors show up.
> > >
> > > My workstation can't even find these groups!
> > >
> > > This is usually a pretty routine task, however it's gotten a little
> > > complicated.
> > >
> > > Any ideas on what to look at???
> > >
> > > Thanks
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: groups missing
    ... > If all 10 of these groups are in the Users container in AD make sure that ... > each group has matching permissions in the AD. ... >> The problem is when I share a folder on a server and try to add the ... >> rights. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SYSVOL GPOs re:copying
    ... If you create a test user account on each DC, does it successfully replicate to each of the other DCs? ... Stop FRS on each of the new DCs. ... open a command prompt and change directory into the GPMC scripts folder. ... The effort and/or risk in fixing this server seems to exceed the ...
    (microsoft.public.win2000.active_directory)
  • Re: PDC Is not replicating !!
    ... server on the replication DC. ... I have ACE server installed. ... > DCs replicating by disabling replication when USN rollback is ... > If you used imaging to copy your production environment into a lab ...
    (microsoft.public.win2000.active_directory)
  • Re: Sites & Services - DSAccess w/E2K3 SP2
    ... I don't believe the firewalls are the issue as they are set to any-any among ... the all the DCs and exchange server. ... All the DCs replicate information in a mesh ... Immediately after upgrading to Exchange 2003 SP2, ...
    (microsoft.public.exchange.admin)
  • User autentification and access to "sister" domain resources
    ... I am in process of designing brand new AD structure for our customer. ... 2003 Servers - pretty classic design ... All DCs are Global Catalogs. ... user_from_domainA gets IP address from siteB DHCP server ...
    (microsoft.public.win2000.active_directory)