Re: Some users unable to log into domain.

Actually, it is not. As of now, this is the only desktop which has
joined the domain, which I am using to test. As it stands now (through
some more investigation), only one account login is able to currently
access the domain, and all other accounts receive the same error
message.

If one login was able to contact the domain, why wouldn't another be
able to from the same rig?

Thanks,
Gerard
Steven Platt wrote:
It just means that it can't contact the domain controller to authenticate.
The reason you can login with that other user is probably because at one
point the computer could contact the domain controller and authenticate.
When you authenticate for the first time, by default, Windows will cache the
login information. Hence, even if the computer cannot contact the domain
controller it will still login. Is this computer in question perhaps a
wireless computer?

-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150734401.323372.243320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Testing to slowly move over 40-50 computers to a domain.. but only
dealing with one XP box other than the server for now.

Anyway, I am able to log into the domain on my PC, using one username.
(No roaming or managed profiles), and experience no problems. The
security is just as it should be.

Now, I want to log into this same PC with one of the higher-access
accounts(as well as the domain's admin account itself), and it fails
under the error message

'Cannot log you in now because the domain <DOMAIN NAME> is not
available'

This is strange for a few reasons, mainly:
1) I can switch back to the reduced access account and it does work
fine.
2) Ive tried two logins featured under the domain admins group, as well
as added these individual user accounts to the access of this computer
[I did create an entry for this PC in an OU titled desktops] just
incase there was a problem with the domain admins group, and do no
avail.
3) I removed these users from alternate groups, on the chance that
another group which they were in would diminish their status as a
domain admin for some reason.
4) I confirmed that this user has full logon times, and 'Log On To...'
is set to allow connections to all computers.



I'm completely lost at this point. The only other security option I
attempted to enable was "deny log on locally" which I disabled.Any help
is appreciated....


.

Relevant Pages

  • Re: NT4->2003 Computer Account Migration Problem
    ... win2k3 domain, domain admin is by default the computer's local admin. ... and remigrate the computers using a specific account to perform migration ... Add NT Domain Admin to Win2k3Dom Domain admins group and Win2k3Dom ...
    (microsoft.public.windows.server.migration)
  • Re: Domain user with local administrators right
    ... domain account to the domain admins group, this is in turn a member of the ... with this domain account (selecting the domain from the drop down box under ... If the server is a domain controller, then there is no local administrators ... group so membership of domain admins should suffice. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Administrators Group in Local Users and Groups
    ... I have verified that an Account Operator can indeed log into a DC. ... I imagine adding themselves to the domain admins group would require a trick ... add your self to the local administrators ...
    (microsoft.public.windows.server.active_directory)
  • Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>
    ... After I did this I made sure I could still login ... into the db with the "dba" account we've set up. ... With respect to developers that are also domain admins ... ...
    (microsoft.public.sqlserver.security)
  • Re: Newbie question re: security principles
    ... Add yourself to the Domain Admins group. ... placed in the local administrators group of computers when they join ... With that account you should have administrator rights on ...
    (microsoft.public.win2000.active_directory)