Re: Domain admin login problem
- From: Several Login attempt <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 23:10:02 -0700
very sorry for the delay. ib between my parent DC Enterprise admin rollback
his backup & solve this issues. But i want to know the exact solution for
that. i need ur help. I checked the toll Whoami in one of my client machines
and as follows.
WHOAMI Tool Result:
[User] = "XXX\rks-raja" S-1-5-21-2138881074-472888602-626221133-1123
[Group 1] = "XXX\Domain Users" S-1-5-21-2138881074-472888602-626221133-513
[Group 2] = "Everyone" S-1-1-0
[Group 3] = "BUILTIN\Users" S-1-5-32-545
[Group 4] = "BUILTIN\Administrators" S-1-5-32-544
[Group 5] = "NT AUTHORITY\INTERACTIVE" S-1-5-4
[Group 6] = "NT AUTHORITY\Authenticated Users" S-1-5-11
[Group 7] = "LOCAL" S-1-2-0
[Group 8] = "XXX\Domain Admins" S-1-5-21-2138881074-472888602-626221133-512
[Group 9] = "XXX\Group Policy Creator Owners"
S-1-5-21-2138881074-472888602-626221133-520
[Group 10] = "XXX\rks-wel-000-su"
S-1-5-21-2138881074-472888602-626221133-1118
[Group 11] = "XXX\rks-uhc-000-su"
S-1-5-21-2138881074-472888602-626221133-1116
[Group 12] = "XXXXXXXX\Schema Admins"
S-1-5-21-52512393-1442564255-1191012301-518
[Group 13] = "XXXXXXXX\Enterprise Admins"
S-1-5-21-52512393-1442564255-1191012301-519
[Group 14] = "XXX\DHCP Administrators"
S-1-5-21-2138881074-472888602-626221133-1108
[Group 15] = "XXX\DHCP Users" S-1-5-21-2138881074-472888602-626221133-1107
(X) SeChangeNotifyPrivilege= Bypass traverse checking
(O) SeShutdownPrivilege= Shut down the system
(X) SeUndockPrivilege= Remove computer from docking station
(O) SeSecurityPrivilege= Manage auditing and security log
(O) SeBackupPrivilege= Back up files and directories
(O) SeRestorePrivilege= Restore files and directories
(O) SeSystemtimePrivilege= Change the system time
(O) SeRemoteShutdownPrivilege= Force shutdown from a remote system
(O) SeTakeOwnershipPrivilege= Take ownership of files or other objects
(O) SeDebugPrivilege= Debug programs
(O) SeSystemEnvironmentPrivilege= Modify firmware environment values
(O) SeSystemProfilePrivilege= Profile system performance
(O) SeProfileSingleProcessPrivilege= Profile single process
(O) SeIncreaseBasePriorityPrivilege= Increase scheduling priority
(X) SeLoadDriverPrivilege= Load and unload device drivers
(O) SeCreatePagefilePrivilege= Create a pagefile
(O) SeIncreaseQuotaPrivilege= Increase quotas
(X) SeImpersonatePrivilege= Impersonate a client after authentication
(X) SeCreateGlobalPrivilege= Create global objects
Regards
rajaguru
"AJ" wrote:
Hi,.
So my understanding is that you are able to log on with the Built In
"Administrator" account, but if you try to log on as a user who is a
member of the "Domain Admins" group he is unable to logon.
Going by this understanding I would want a Whoami dump of the user. If
the user cannot log on to DC, try logging on to a client workstation
and then run the following from the cmd
Whoami /all >whoami.txt
You can download the Whoami.exe from the following link
http://www.microsoft.com/downloads/details.aspx?FamilyID=3e89879d-6c0b-4f92-96c4-1016c187d429&DisplayLang=en
Please send the dump to me in mail as the reply would be quicker then.
AJ Sarkaria
Several Login attempt wrote:
if i logon as domain Admin the error message is:
"Unable to log you on becase of an authentication restriction". There is no
error code for that. even i checked the event viewer log. But i can logon as
Administrator Account.
Trust this clarify.
regards
rajaguru
"AJ" wrote:
Hi,
Question for you: How can you logon to the DC as a Local Admin? There
is no Local Admin on a DC...
Also your question is no clear. What I understand is that You are not
able to logon on do DC as a Domain Admin? If yes then send me a mail
with the error message that you get along with the details of actually
what is happening...
Thanks
AJ
Several Login attempt wrote:
hi
i checked all GPO & Local Policies & Event Viewer of Backup DC & all Client
machines. Even i tried to create a new user, the same error message.
Pls help
rajaguru
"Burhan" wrote:
may use GPO.
Default domain controller policy - Computer Configuration-Windows
Settings-Securtiy Settings-Local Policy/UserRighAssigment // Allow logon
locally
burhan/mcsa
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>,
haber iletisinde þunlarý
yazdý:62E2D724-99D1-47C9-A97D-AABD27B7A736@xxxxxxxxxxxxxxxx
No i don't have enterprise admin rights bcaz my n/w structure is as:
One parent Domain in remote pertaining somany DCs in various location.. In
that, my Additional DC gives the Problem. I contacted my parent DC Admin
person, the same problem is also arised in some of the other DCs.
So i want a clear solutio at the earliest. Pls
Rajaguru
"Burhan" wrote:
IS domain admins have entrprise admin right??
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>,
haber iletisinde ?unlary
yazdy:4579B7C2-059B-4FBF-A1C0-7EA52BD71FEA@xxxxxxxxxxxxxxxx
we installed win 2k3 server as a primary & additional DCs. if the
Domain
admin login account is not permitted to the Additional DC. I checked
all
Local & domain Controller, domain Security Policies & etc.
If i login as Local Admin, the additional DC accept. if i login as
Domain
Admin, the Additional DC Shows the error message as:
"Unable to logon, because the account restricted".
How to solve the problem? if anyone pls help me.
Rajaguru
rajaguru_a@xxxxxxxxxxxxxx
- Follow-Ups:
- Re: Domain admin login problem
- From: AJ
- Re: Domain admin login problem
- References:
- Re: Domain admin login problem
- From: Burhan
- Re: Domain admin login problem
- From: Burhan
- Re: Domain admin login problem
- From: AJ
- Re: Domain admin login problem
- From: Several Login attempt
- Re: Domain admin login problem
- From: AJ
- Re: Domain admin login problem
- Prev by Date: Re: Replication Errors
- Next by Date: Re: AD/Simple bind - Why "user DN" fails, but "UPN-format" works?
- Previous by thread: Re: Domain admin login problem
- Next by thread: Re: Domain admin login problem
- Index(es):
Relevant Pages
|
