Re: User Creation problem in AD
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Sun, 14 Jan 2007 01:51:51 +0100
I'm not saying now, the beta of SMS v4 is the cause, but I do hope you have
not installed a BETA product in your prod. env.
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:euWCfS3NHHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
just checking....
WHEN did you install SMS v4 and extend the AD schema?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:2A1A9745-91FB-4472-B6B5-0AA3C948F3F7@xxxxxxxxxxxxxxxx
Hi jorge
i can able 2 create OU, not able 2 change password and create a new
user.
I ran Netdom query fsmo, it shows my schema owner, Domain Role Owner, RID
Pool manager, PDC Role, Infrastructure Owner as IS-DC1 very clear &
everything is live. i dont have novell & not used.
My environment is win 2k3 enterprise dc with sms v4 beta having 10
clients
win xp pro for testing the GPO, Win updates, SMS deployment for our
production purpose. The server is using proxy connecton for accessing
internet very rarely.
pls provide a clearcut solution without format or demote the adc, because
my
sms is working fine as extended Active directory.
regards
rajaguru
"Jorge de Almeida Pinto [MVP - DS]" wrote:
Basically:
you cannot create security principals --> possible issue RID pool / RID
master
you cannot change a password of an existing user --> very strange
are you able to create an OU?
can't you change password of any user or just a single or few users?
when you execute: NETDOM QUERY FSMO what do you see? are all those
servers
live?
do you have Novell? Or did you have it?
so IS-DC1 is the Rid Master and ON THAT DC you are experiencing issues?
you say the problem started a few days ago...
can you explain more about your environment, what was changed prior to
that,
other activities...etc etc..
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:3E25FB58-186D-4C59-A4F1-B717FBEFFCBC@xxxxxxxxxxxxxxxx
hi paul
I ran dnslint tool & find the result below. its something very much
different one. is any connection with RID because im not able to
create
new
user and not able to reset the password for existing users. Or is any
worm
blocking?. Because while rest the password the error shows:
"Windows cannot complete the password change for Rajaguru because:The
system
cannot find the file specified.". For a new user "An error occured.
Contact
ur system administrator". Im so much confused. pls help.
Pls find the log report of DNSlint:
dnslint /ad /s 192.168.1.11
Root of Active Directory Forest: XX.com
Active Directory Forest Replication GUIDs Found:
DC: XX-DC1
GUID: 04cd239b-b2cd-45cc-837a-03793aaa25be
Total GUIDs found: 1
The following 1 DNS servers were checked for records related to AD
forest
replication:
DNS server: xxdc1.XXcom
IP Address: 192.168.1.11
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: xxdc1.XX.com
Hostmaster: hostmaster
Zone serial number: 89
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
xxdc1.XXcom 192.168.1.11
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 04cd239b-b2cd-45cc-837a-03793aaa25be._msdcs.XX.com
Alias: xxdc1.XX.com
Glue: 192.168.1.11
Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
Legend: warning, error
DNSLint developed by Tim Rains
Regards
Rajaguru
"Paul Bergson [MVP-DS]" wrote:
I went back over the output from dcdiag and just don't see anything
that
would cause a problem creating an object.
Have you tried creating this object from the dc and not a
workstation?
You can try running dnslint to see if there are any issues with dns.
From your dc try running dnslint /ad /s "ip address of
your
dc"
http://support.microsoft.com/Default.aspx?kbid=321045
Also, post the ipconfig /all from your dc
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:EFC66FB7-7B7F-4707-9CF1-E560ABDCB5BF@xxxxxxxxxxxxxxxx
Hi Paul,
Again i ran DCDiag as specified by you, but the same report which i
already
posted to jorge. Any other reasons for that. kindly provide a clear
solution.
regards
rajaguru
"Paul Bergson [MVP-DS]" wrote:
Problems like this that I have seen before tie to the RID pool but
that
is
coming up clean, I could detail how to request a new rid pool but
without
knowing what is going on that would be a bad idea.
I see no errors other than issues with dhcp, which would be
unrelated.
Any chance you could re-run the dcdiag with a /e flag as well.
This
will
run diagnostics against all your dc's in the enterprise (Unless of
course
you have large numbers) the /s is to designate which dc to run
this
on.
It
isn't needed if you run this diagnostics directly on a dc, only if
you
are
running from a workstation.
DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
Hopefully Jorge can jump back in on this, because I don't see a
problem
here.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:4F972E4E-C1BA-4AD2-B651-349A1F4D28CE@xxxxxxxxxxxxxxxx
Hi Jorge
pls find the details:
Domain Controller Diagnosis
===============================================Printing out
pDsInfo
GLOBAL:
ulNumServers=1
pszRootDomain=XX.com
pszNC=
pszRootDomainFQDN=DC=XX,DC=com
pszConfigNc=CN=Configuration,DC=XX,DC=com
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=XX,DC=com
iSiteOptions=0
dwTombstoneLifeTimeDays=180
dwForestBehaviorVersion=0
HomeServer=0, XX-DC1
SERVER: pServer[0].pszName=XX-DC1
pServer[0].pszGuidDNSName=04cd239b-b2cd-45cc-837a-03793aaa25be._msdcs.XX.com
pServer[0].pszDNSName=is-dc1.XX.com
pServer[0].pszDn=CN=NTDS
Settings,CN=XX-DC1,CN=Servers,CN=SMS-456,CN=Sites,CN=Configuration,DC=XX,DC=com
pServer[0].pszComputerAccountDn=CN=XX-DC1,OU=Domain
Controllers,DC=XX,DC=com
pServer[0].uuidObjectGuid=04cd239b-b2cd-45cc-837a-03793aaa25be
pServer[0].uuidInvocationId=04cd239b-b2cd-45cc-837a-03793aaa25be
pServer[0].iSite=2 (SMS-456)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=2154c560 01c73002
pServer[0].ftRemoteConnectTime=214b4f80 01c73002
pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=XX,DC=com
ppszMasterNCs[1]=DC=DomainDnsZones,DC=XX,DC=com
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=XX,DC=com
ppszMasterNCs[3]=CN=Configuration,DC=XX,DC=com
ppszMasterNCs[4]=DC=XX,DC=com
SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[0].pszXXTG=CN=NTDS
Settings,CN=XX-DC1,CN=Servers,CN=SMS-456,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[0].iSiteOption=0
pSites[0].cServers=0
SITES: pSites[1].pszName=SMS1
pSites[1].pszSiteSettings=CN=NTDS Site
Settings,CN=SMS1,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[1].pszXXTG=CN=NTDS
Settings,CN=XX-DC1,CN=Servers,CN=SMS-456,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[1].iSiteOption=0
pSites[1].cServers=0
SITES: pSites[2].pszName=SMS-456
pSites[2].pszSiteSettings=CN=NTDS Site
Settings,CN=SMS-456,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[2].pszXXTG=CN=NTDS
Settings,CN=XX-DC1,CN=Servers,CN=SMS-456,CN=Sites,CN=Configuration,DC=XX,DC=com
pSites[2].iSiteOption=0
pSites[2].cServers=1
NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=XX,DC=com
pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=4b4bbb47-c051-4c67-947d-d6b4a70eea32,CN=Partitions,CN=Configuration,DC=XX,DC=com
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.XX.com
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].aszReplicas=
NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=XX,DC=com
pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=33f0511a-9de7-4815-9019-882e5b0acb10,CN=Partitions,CN=Configuration,DC=XX,DC=com
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.XX.com
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].aszReplicas=
NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=XX,DC=com
pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=XX,DC=com
pNCs[2].aCrInfo[0].pszDnsRoot=XX.com
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].aszReplicas=
.
- References:
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Paul Bergson [MVP-DS]
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Paul Bergson [MVP-DS]
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Paul Bergson [MVP-DS]
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: User Creation problem in AD
- From: Several Login attempt
- Re: User Creation problem in AD
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: User Creation problem in AD
- Prev by Date: Re: AD or DNS failure
- Next by Date: Migrating and existing root domain to be a child of a new root domain
- Previous by thread: Re: User Creation problem in AD
- Next by thread: Re: User Creation problem in AD
- Index(es):
Relevant Pages
|
