Re: User Creation problem in AD

this one is really strange...

please post the output of:
DCDIAG /C /D /V

don't change anything in the output and mail it to me offline -->

Jorge DOT de DOT Almeida DOT Pinto @ gmail DOT com

also post any event IDs in the event log with errors/warnings

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4988CF7D-C04B-454E-B239-B303475E4245@xxxxxxxxxxxxxxxx
Hi jorge
i ran the command it shows the following.

For FSMO:
Schema owner xx-dc1.xx.com
Domain role owner xx-dc1.xx.com
PDC role xx-dc1.xx.com
RID pool manager xx-dc1.xx.com
Infrastructure owner xx-dc1.xx.com
The command completed successfully.

For DC:
List of domain controllers with accounts in the domain
XX-DC1
The command completed successfully.

what could be the exact problem. psl help.

regards
rajaguru



"Jorge de Almeida Pinto [MVP - DS]" wrote:

execute:
NETDOM QUERY FSMO
NETDOM QUERY DC

whats the output?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt" <SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:4F7F7F1B-6CED-4DCD-ACCB-DCA05D3A8AB1@xxxxxxxxxxxxxxxx
Hi
i clarified, we have one & only one DC win 2k3 as DNS, DHCP & SMS V4
Beta
configured on it. its being used as Pre-production purpose to implement
SMS
to our official work. still SMS is working fine for Distributing S/W,
OS
installation, Patch management etc.

im not able 2 create or modify user from AD.Hope this information is
helpful
to you to solve this issues.
Regards
Rajaguru

"Jorge de Almeida Pinto [MVP - DS]" wrote:

not sure if I already asked....

does it happen on every DC?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:00E540C1-A913-437D-A929-D3A7A2CF824A@xxxxxxxxxxxxxxxx
Hi jorge
SMS V4 beta was installed morethan 3 months before, still its
working
fine.
but my AD users & computers is not allow me 2 create or modify any
user.
this
is my problem. i checked & uninstall sms v4 beta, AD users is not
working.
so
in this case i hope, the SMS is not the problem.

regards
Rajaguru


"Jorge de Almeida Pinto [MVP - DS]" wrote:

just checking....

WHEN did you install SMS v4 and extend the AD schema?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:2A1A9745-91FB-4472-B6B5-0AA3C948F3F7@xxxxxxxxxxxxxxxx
Hi jorge
i can able 2 create OU, not able 2 change password and create a
new
user.

I ran Netdom query fsmo, it shows my schema owner, Domain Role
Owner,
RID
Pool manager, PDC Role, Infrastructure Owner as IS-DC1 very clear
&
everything is live. i dont have novell & not used.

My environment is win 2k3 enterprise dc with sms v4 beta having
10
clients
win xp pro for testing the GPO, Win updates, SMS deployment for
our
production purpose. The server is using proxy connecton for
accessing
internet very rarely.

pls provide a clearcut solution without format or demote the adc,
because
my
sms is working fine as extended Active directory.

regards
rajaguru


"Jorge de Almeida Pinto [MVP - DS]" wrote:

Basically:

you cannot create security principals --> possible issue RID
pool /
RID
master
you cannot change a password of an existing user --> very
strange

are you able to create an OU?
can't you change password of any user or just a single or few
users?
when you execute: NETDOM QUERY FSMO what do you see? are all
those
servers
live?
do you have Novell? Or did you have it?


so IS-DC1 is the Rid Master and ON THAT DC you are experiencing
issues?

you say the problem started a few days ago...

can you explain more about your environment, what was changed
prior
to
that,
other activities...etc etc..

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory
Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question -->
http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and
confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:3E25FB58-186D-4C59-A4F1-B717FBEFFCBC@xxxxxxxxxxxxxxxx
hi paul
I ran dnslint tool & find the result below. its something very
much
different one. is any connection with RID because im not able
to
create
new
user and not able to reset the password for existing users. Or
is
any
worm
blocking?. Because while rest the password the error shows:

"Windows cannot complete the password change for Rajaguru
because:The
system
cannot find the file specified.". For a new user "An error
occured.
Contact
ur system administrator". Im so much confused. pls help.

Pls find the log report of DNSlint:
dnslint /ad /s 192.168.1.11
Root of Active Directory Forest: XX.com
Active Directory Forest Replication GUIDs Found:
DC: XX-DC1
GUID: 04cd239b-b2cd-45cc-837a-03793aaa25be

Total GUIDs found: 1
The following 1 DNS servers were checked for records related
to
AD
forest
replication:
DNS server: xxdc1.XXcom
IP Address: 192.168.1.11
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: xxdc1.XX.com
Hostmaster: hostmaster
Zone serial number: 89
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
xxdc1.XXcom 192.168.1.11

Alias (CNAME) and glue (A) records for forest GUIDs from
server:
CNAME: 04cd239b-b2cd-45cc-837a-03793aaa25be._msdcs.XX.com
Alias: xxdc1.XX.com
Glue: 192.168.1.11

Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
Legend: warning, error

DNSLint developed by Tim Rains

Regards
Rajaguru



"Paul Bergson [MVP-DS]" wrote:

I went back over the output from dcdiag and just don't see
anything
that
would cause a problem creating an object.

Have you tried creating this object from the dc and not a
workstation?

You can try running dnslint to see if there are any issues
with
dns.


From your dc try running dnslint /ad /s "ip
address
of
your
dc"

http://support.microsoft.com/Default.aspx?kbid=321045

Also, post the ipconfig /all from your dc

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and
confers
no
rights.

"Several Login attempt"
<SeveralLoginattempt@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:EFC66FB7-7B7F-4707-9CF1-E560ABDCB5BF@xxxxxxxxxxxxxxxx
Hi Paul,
Again i ran DCDiag as specified by you, but the same report


.

Relevant Pages

  • Re: FMSO question
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... DC1 I threw in the mix. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FMSO question
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... DC1 I threw in the mix. ...
    (microsoft.public.windows.server.active_directory)
  • Re: User Creation problem in AD
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... still SMS is working fine for Distributing S/W, ...
    (microsoft.public.windows.server.active_directory)
  • Re: User Creation problem in AD
    ... its being used as Pre-production purpose to implement SMS ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.windows.server.active_directory)
  • Re: minimum and recommended hardware requirement
    ... SMS Site Server System Requirements ... Windows 2000 Datacenter Server ... Microsoft's SMS 2003 support for server operating systems requires ...
    (microsoft.public.sms.setup)
Loading