RE: logon to domain while dc is colsed

As far I know you cannot use the Group Policies without a DNS server
installed, and you need to have it working properly.

Please read this article that I always use as a reference document:
http://www.windowsnetworking.com/articles_tutorials/Troubleshooting-Group-Policy-Processing.html

This article contains one point that is saying:
Check if the affected machines can correctly perform DNS resolution.
Probably half of all Group Policy processing issues are related to DNS
problems such as corrupt resource records on DNS servers, misconfigured DHCP
options on DHCP servers, users changing DNS settings on their machines, and
so on. Remember that to process Group Policy a computer must first obtain a
list of GPOs that apply to it. To do this, they need to query a domain
controller. And to locate a domain controller, they need correct client DNS
settings so they can obtain SRV records by querying the DNS server. So if DNS
is broken then Group Policy is also. Tools for verifying and testing DNS
include ipconfig, nslookup, netdiag, and Network Diagnostics in Help and
Support.

After that, you can use the tools that I already told you before, to check
if the policies replication is working or not.

Regards,

Adriana




"youssef" wrote:

thank you for your replay
please note that i dont assign DNS on both server and client !
does it make the problem ??

"Adriana Viola" wrote:

Hi Youssef, just a quick question. Did you check if the GPO's were applied
properly?

You could check which GPO's are running, installing this tool in your
server,:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

You also you could use the tool "gpresult"
(http://technet2.microsoft.com/WindowsServer/en/Library/91ea614c-f797-432c-a186-0cd8642904b81033.mspx)
to check if the GPO'S have been replicated and applied properly on the
clients.

If don't, run the gpupdate to force the replication.

Let me know if the problem is still persisting.

Regards,

Adrinaa





"youssef" wrote:

i upgraded my network to domain ok?
then i created user accounts ok?
then i discovered that the users can log on to the domain (SPF) domain while
DC is colsed .!!
and also the group policy didnt apply to them !!
i want to prevent loging to domain while it is closed and i want to apply
the group policy .
what can i do ?
thank you
youssef

.

Relevant Pages

  • AD replication with DNS config problem
    ... Group Policy Infrastructure failed due to the error listed below. ... Domain Controller functions like joining a domain, logging onto a ... and Active Directory replication will not be available until the DNS ... The wizard encountered an error while trying to determine if the DNS server ...
    (microsoft.public.cert.exam.mcsa)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... AD-Integrated DNS does not do zone transfers between the ... your DNS server will bypass ...
    (microsoft.public.windows.server.active_directory)
  • Re: event id 1054 and other group policy problems
    ... Before you demote the first DC from BBB have ... of the clients can't access it because of the DNS). ... > Windows cannot query for the list of Group Policy objects. ... I have the ip address of the dns server in AAA as primary> dns on HYPER, ...
    (microsoft.public.win2000.active_directory)
  • Re: Servers hang on boot
    ... The last DC at that site (not a DNS server). ... EventID: 0x00000457 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.networking)
  • Re: DNS Redesign Issue
    ... set the new child domain DNS server as primary for the domain controllers? ... -If you are going to create a new AD Integrated Zone in each child domain, ...
    (microsoft.public.windows.server.dns)
Loading