Re: Unable to add users to local groups on member workstations
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 16:34:00 -0500
Ah fun...
Anyway the network trace I was talking about wasn't a tracert, it was a sniff of the network traffic with netmon or wireshark or something.
Your DNS issues would have been glaringly obvious in the traces...
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Brian P. wrote:
Hi Joe & Paul,.
Thanks very much for your help, but I determined what the problem was this morning.
It was a DNS issue. The DHCP service for our network is currently running on a Watchguard Firebox, as I have not yet made the transition to DHCP on the server. The DHCP service was passing the EXTERNAL DNS server IPs to all of the clients on our network, rather than the IP of the DC.
Basically, the workstations were looking for our DC on the internet rather than the LAN. Once I fixed DHCP on the Firebox, computer management worked normally on the workstations.
Thanks again for the help,
Brian
"Brian P." wrote:
Hi Joe,
Unfortunately, none of the workstations are allowing me to add domain users to local groups. The result of the network trace is 1 hop (1ms) directly to the AD controller.
I have also tried removing & re-adding machines to the domain (successfully), but I am still unable to add domain users to the machine groups.
Thanks,
Brian
"Joe Richards [MVP]" wrote:
You are likely looking at doing a network trace then to try and work out what isn't working. I suggest doing two traces, one to a machine that works and one to a machine that doesn't work and then look at the deltas.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Brian P. wrote:Paul & Joe, thanks for the replies!
Paul, the answer to your question is no. The software firewalls on the DC and workstations are turned off. The only firewall we have is between our network and the internet. There is nothing filtering LAN traffic.
Joe, I have looked at the event logs (security, especially) and there isn't anything out of the ordinary. I have only applied critical MS patches to the DC, but if you know of one in particular which could cause a problem like this, please let me know.
Any other ideas or thoughts would be greatly appreciated.
Thanks again,
Brian
"Paul Bergson [MVP-DS]" wrote:
Do you have your local firewall turned on?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Brian P." <BrianP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:6DDC48F1-722A-4F28-BE1F-3FC4B18E8890@xxxxxxxxxxxxxxxxThis looks promising as far as adding users to groups, but I think that this
problem is part of a bigger authentication issue.
For example (and I don't expect your help with this non-MS issue) I have
been trying to remotely install Symantec BackupExec agents on a few member
workstations from the DC where BackupExec is installed. I am unable to, as
the credentials are rejected every time (even the domain admin account does
not work).
Do you know of anything else that might cause a member workstation to have
problems retrieving the domain user/group lists from a DC?
Thanks for your help,
Brian
"Joe Richards [MVP]" wrote:
I don't know what is going on in the gui, but if you don't mind command
line tools, look at LG which will allow you to remotely manage the local
groups on the members...
http://www.joeware.net/win/free/tools/lg.htm
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Brian P. wrote:Hello,
I recently set up an AD domain (Win2003) and have been able to
successfully add workstations to it. After adding workstations, I was
formerly able to add domain users to their local security groups
(Administrators, Backup Operators, etc.) through the local computer
management console.
Now, when attempting to add users to groups on the local machine I am
unable to even see the domain. The only "location" listed is the local
machine name.
I can ping the DNS name of the ADC from the member workstations
successfully, and am able to add users to the local security groups if I add
them via "Connect to another computer" in the Computer Management console on
the ADC.
I have a feeling this is something simple that I'm overlooking, but I'd
greatly appreciate any assistance.
Thanks!
Brian P.
- References:
- Re: Unable to add users to local groups on member workstations
- From: Joe Richards [MVP]
- Re: Unable to add users to local groups on member workstations
- From: Paul Bergson [MVP-DS]
- Re: Unable to add users to local groups on member workstations
- From: Brian P.
- Re: Unable to add users to local groups on member workstations
- From: Joe Richards [MVP]
- Re: Unable to add users to local groups on member workstations
- From: Brian P.
- Re: Unable to add users to local groups on member workstations
- From: Brian P.
- Re: Unable to add users to local groups on member workstations
- Prev by Date: Re: Account Operators users changing others Account Operators user
- Next by Date: Re: ldap DC less Query
- Previous by thread: Re: Unable to add users to local groups on member workstations
- Next by thread: ADUC - need to remove smtp address from all contacts
- Index(es):
Relevant Pages
|
Loading
