Re: Password Problem - Server
- From: compsosinc@xxxxxxxxx
- Date: 7 Feb 2007 10:29:31 -0800
On Feb 6, 4:53 pm, "SBS in Silicon Valley"
<user...@xxxxxxxxxxxxxxxxxx> wrote:
<compsos...@xxxxxxxxx> wrote in message
news:1170797337.286076.156290@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 6, 4:03 pm, "SBS in Silicon Valley"
<user...@xxxxxxxxxxxxxxxxxx> wrote:
See my post comments inserted below.
- Show quoted text -
1. At a workstation, a user can login to the domain using their
credentials. We are not sure if this user in in the Domain Admins
group. I think we should try a user who is?
This has nothing to do with your problems or issues.
2. At the same workstation, we cannot login to the Administrator
account on the domain. We get error that password is incorrect like we
do at the server.
If you cannot log onto a workstation with the administrators account then
you won't be able login at the server either. It does sound like your
inputting an incorrect password.
3. At the server, we cannot login with (3) different Domain Admin
accounts or the Administrator account.
Given the facts as you describe it looks like a few things here. The
password on the administrators account has been changed.or I would say
that
some messed around with the Domain GPO's and removed the Domain Admins
from
the log on locally policy that is preventing the administrator from
logging
onto a workstation or on the server. Those other Domain Administrator
accounts are experiencing the same symptons.
Try this. Log onto a workstation as the user or a user who is a local
administrator on that machine. Open the Local Policy editor and check the
policy "Log on locally" and see if the Domain Administrators goup is
included in the policy.
Thank you for all of your input. I will be on-site tomorrow and will
follow your instructions. As a heads up, if the Domain Administrators
group is included in the local policy of the workstation, what does
that mean?
If you can log onto a workstation as the local machine administrator and
check the local policies and do not see the "Administrators" or "Domain
Administrators" group in the Log On Locally policy then this means someone
has messed around with the policies. I'm not too sure if this is your issue
as a user can logon the workstation which usually means that the Domain
Users are part of the Log on Locally policy and that Domain Administrator
should be a member of that group. Which leads me to think it is a password
issue.
And if the Domain Admins group has been removed, what can we do? This
should not affect the local Administrator account on the server,
should it, since it is a member of the Adminstrators and Domain Admins
group?
Given what I just wrote above I'm suspecting that the password on the
administrators account is worng and that the administrators account has been
locked out after several failed attempts. Now why the other user accounts
that you claim are members of the Domain Administrators group cannot login
either I'm suspecting they have been removed from the Domain Administrators
group. Can these users log onto that same workstation where the
Administrator cannot?
Also, assuming the Domain Admins group is toast, that would obviously
mean any user who is a member of the "Domain Admins" group should not
be be able to login to the domain. But is login informatiojn cached on
the workstation? I should probably reboot the workstation first...
You need to update the Log on Locally policy and add the Domain
Administrators group to that policy. You can do it from the DC if you can
log on and push the GPO throughoutthe domain.
- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
Thanks again for your help yesterday. I was able to determine using
the adminpak.msi (for 2003 Server) on an XP machine on the LAN, that
the password had been changed by a software vendor. At lease I was
able to go into the AD UsSers & Computers and reset the Administrator
password and it worked. I also had to reset my Vendor account password
as it was not working...strange-unless I had erroneous note of my
password, which I do change occasionally. Anyway, both work now.
Concerning adding the "Domain Admins" group to the "Log on Locally"
policy, I checked (2) workstations' Local Security Policy for the "Log
on Locally" and the following Users are listed: Adminstrators, Backup
Operators, Guest, Power Users, Users. If I go to add the "Domain
Admins" user account to a local machine, it is not listed under the
available users list;however, all othe accounts in the Active
Directory that I recognize are listed-such as the built-in
Administrators account. Can the "Domain Admins" account be added this
way? More importantly, should it be-or was this just because of this
problem we had to resolve? Thanks
.
- Follow-Ups:
- Re: Password Problem - Server
- From: SBS in Silicon Valley
- Re: Password Problem - Server
- References:
- Password Problem - Server
- From: compsosinc
- Re: Password Problem - Server
- From: SBS in Silicon Valley
- Re: Password Problem - Server
- From: compsosinc
- Re: Password Problem - Server
- From: SBS in Silicon Valley
- Re: Password Problem - Server
- From: compsosinc
- Re: Password Problem - Server
- From: SBS in Silicon Valley
- Password Problem - Server
- Prev by Date: Re: Private Domain Name #1 (.local) vs Public Domain Name #2 (.com
- Next by Date: Re: Private Domain Name #1 (.local) vs Public Domain Name #2 (.com
- Previous by thread: Re: Password Problem - Server
- Next by thread: Re: Password Problem - Server
- Index(es):
Relevant Pages
|
