Re: User Creation problem in AD

execute:
NETDOM QUERY FSMO
NETDOM QUERY DC

whats the output?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4F7F7F1B-6CED-4DCD-ACCB-DCA05D3A8AB1@xxxxxxxxxxxxxxxx
Hi
i clarified, we have one & only one DC win 2k3 as DNS, DHCP & SMS V4
Beta
configured on it. its being used as Pre-production purpose to implement
SMS
to our official work. still SMS is working fine for Distributing S/W, OS
installation, Patch management etc.

im not able 2 create or modify user from AD.Hope this information is
helpful
to you to solve this issues.
Regards
Rajaguru

"Jorge de Almeida Pinto [MVP - DS]" wrote:

not sure if I already asked....

does it happen on every DC?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:00E540C1-A913-437D-A929-D3A7A2CF824A@xxxxxxxxxxxxxxxx
Hi jorge
SMS V4 beta was installed morethan 3 months before, still its working
fine.
but my AD users & computers is not allow me 2 create or modify any
user.
this
is my problem. i checked & uninstall sms v4 beta, AD users is not
working.
so
in this case i hope, the SMS is not the problem.

regards
Rajaguru


"Jorge de Almeida Pinto [MVP - DS]" wrote:

just checking....

WHEN did you install SMS v4 and extend the AD schema?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:2A1A9745-91FB-4472-B6B5-0AA3C948F3F7@xxxxxxxxxxxxxxxx
Hi jorge
i can able 2 create OU, not able 2 change password and create a new
user.

I ran Netdom query fsmo, it shows my schema owner, Domain Role
Owner,
RID
Pool manager, PDC Role, Infrastructure Owner as IS-DC1 very clear &
everything is live. i dont have novell & not used.

My environment is win 2k3 enterprise dc with sms v4 beta having 10
clients
win xp pro for testing the GPO, Win updates, SMS deployment for our
production purpose. The server is using proxy connecton for
accessing
internet very rarely.

pls provide a clearcut solution without format or demote the adc,
because
my
sms is working fine as extended Active directory.

regards
rajaguru


"Jorge de Almeida Pinto [MVP - DS]" wrote:

Basically:

you cannot create security principals --> possible issue RID pool /
RID
master
you cannot change a password of an existing user --> very strange

are you able to create an OU?
can't you change password of any user or just a single or few
users?
when you execute: NETDOM QUERY FSMO what do you see? are all those
servers
live?
do you have Novell? Or did you have it?


so IS-DC1 is the Rid Master and ON THAT DC you are experiencing
issues?

you say the problem started a few days ago...

can you explain more about your environment, what was changed prior
to
that,
other activities...etc etc..

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:3E25FB58-186D-4C59-A4F1-B717FBEFFCBC@xxxxxxxxxxxxxxxx
hi paul
I ran dnslint tool & find the result below. its something very
much
different one. is any connection with RID because im not able to
create
new
user and not able to reset the password for existing users. Or is
any
worm
blocking?. Because while rest the password the error shows:

"Windows cannot complete the password change for Rajaguru
because:The
system
cannot find the file specified.". For a new user "An error
occured.
Contact
ur system administrator". Im so much confused. pls help.

Pls find the log report of DNSlint:
dnslint /ad /s 192.168.1.11
Root of Active Directory Forest: XX.com
Active Directory Forest Replication GUIDs Found:
DC: XX-DC1
GUID: 04cd239b-b2cd-45cc-837a-03793aaa25be

Total GUIDs found: 1
The following 1 DNS servers were checked for records related to
AD
forest
replication:
DNS server: xxdc1.XXcom
IP Address: 192.168.1.11
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: xxdc1.XX.com
Hostmaster: hostmaster
Zone serial number: 89
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
xxdc1.XXcom 192.168.1.11

Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 04cd239b-b2cd-45cc-837a-03793aaa25be._msdcs.XX.com
Alias: xxdc1.XX.com
Glue: 192.168.1.11

Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
Legend: warning, error

DNSLint developed by Tim Rains

Regards
Rajaguru



"Paul Bergson [MVP-DS]" wrote:

I went back over the output from dcdiag and just don't see
anything
that
would cause a problem creating an object.

Have you tried creating this object from the dc and not a
workstation?

You can try running dnslint to see if there are any issues with
dns.


From your dc try running dnslint /ad /s "ip address
of
your
dc"

http://support.microsoft.com/Default.aspx?kbid=321045

Also, post the ipconfig /all from your dc

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:EFC66FB7-7B7F-4707-9CF1-E560ABDCB5BF@xxxxxxxxxxxxxxxx
Hi Paul,
Again i ran DCDiag as specified by you, but the same report
which
i
already
posted to jorge. Any other reasons for that. kindly provide a
clear
solution.

regards
rajaguru

"Paul Bergson [MVP-DS]" wrote:

Problems like this that I have seen before tie to the RID
pool
but
that
is
coming up clean, I could detail how to request a new rid pool
but
without
knowing what is going on that would be a bad idea.

I see no errors other than issues with dhcp, which would be
unrelated.

Any chance you could re-run the dcdiag with a /e flag as
well.
This
will
run diagnostics against all your dc's in the enterprise
(Unless
of
course
you have large numbers) the /s is to designate which dc to
run
this
on.
It
isn't needed if you run this diagnostics directly on a dc,
only
if
you
are
running from a workstation.

DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log

Hopefully Jorge can jump back in on this, because I don't see
a
problem
here.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and
confers
no
rights.

"Several Login attempt"


.

Relevant Pages
Loading