Over 1 million tech questions and answers.

Cannot find domain controller for this domain

Q: Cannot find domain controller for this domain

Hi all - I have a problem with my domain.

I have 1 domain "europe1" with the PDC in the UK.
I have 2 bdc's for europe1 in the a location in france.

europe1 is the accounts domain and is trusted by lots of resource domains.

The problem is this : Open user manager for domains on either one of the BDC's, it tries to retrive the list of users but gives the error "cannot find a domain controller for this domain".
If I try to retrieve a list of users from any one of the trusting domains it works no problem.

As a test we built a new bdc and it worked with no problems.

Any idea's what is wrong with our original BDC's ??

Thanks in advance

RELEVANCY SCORE 200
Preferred Solution: Cannot find domain controller for this domain

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Cannot find domain controller for this domain

Have you done the standard what I term Microsoft solutions.

Reapply service pack the BDC's
Apply the latest Network card driver and reapply the service pack.

Only other thing I can think to check is can the BDC's resolve the PDC computer name.

Hope this is some what helpful.

Scott

Read other 1 answers
RELEVANCY SCORE 106.4

I have a Machine with windows 7 x64 pro which was connected to a domain controller that is dead and not available anymore.
I want to continue to use this computer standalone and keep all the software and configurations already installed, however i need to change my pass and i am not able to do it getting this msg : configuration
information could not be read from the domain controller, either because the machine is unavailable, or because access is denied.
How can i solve this (change the pass or copy all the user settings to local) without the domain controller server?
thank you
vitor

Read other answers
RELEVANCY SCORE 98.8

I am trying to add a win 7 pro pc to a domain and I get this error " an attempt to resolve the DNS name of a domain controller in the domain being joined has failed"
I am running win server 2003 can anyone help?

A:error an attempt to resolve the DNS name of a domain controller in the domain being joined has failed

Ok I got it to work I put in the DNSserver address agine same as I did yesterday ( I must have put it in 3 or 4 times) and it din''t work I did it agine today and it worked the frist time. Thank you every one for your help
 
Derrick

Read other 13 answers
RELEVANCY SCORE 98.4

dear all

i have a problem in adding addtional domain controller in my forest domain.

when i try to add additional; domain controller after working few miniutes it gives meessage THE ACTIVE DIRECTORY WIZARD IS UNABLE TO CONVERT THE COMPUTER TO DOMAIN CONTROLLER ACESSES DENIED

ENTER THE USER NAME AND PASSWORD OF AN ACCOUNT WITH SUFFFICIENT PREVILAGE TO CREATE AN ADDITIONA DOMAIN CONTROLLER .

But the user name has full permission he is administrator

please help me
 

Read other answers
RELEVANCY SCORE 97.6

Hello everybody,
On some of my computers, when I tried to log in, I get the error say that it cannot find the domain controller, so I must log in locally. But the others log in OK. And when I log in locally (on the computers that has the error), I can ping the domain controller, that's mean I don't have any connection problems, but why it cannot find the domain controller? Have anybody had a problem similar to me? Do you have any quick solution for this?

Thanks in advance
 

A:Cannot find domain controller

Did you add the WINS address under Advanced TCP/IP settings?
 

Read other 3 answers
RELEVANCY SCORE 97.6

I've been trying to join a new Windows 7 Professional machine to a domain controller running Windows 2003 Server with no luck.  We currently have 4 Windows XP machines running on that domain without any issues, but when I try to add the Windows 7 computer,
here is what happens:

A computer account on the domain could not be found (confirmed it is already there)
I put in the computer name and domain again, and Administrator credentialsNow it tells me: "An attempt to resolve the DNS name of a DC in the domain being joined has failed."
I currently have DNS on the Windows 7 PC set to the Domain Controller and have IPv6 unchecked under Network Properties.  I can even ping the domain name (resolves to IP of the domain controller).  It looks like it can, indeed, find the domain from
the message in step 1, so am I missing something here?
Thanks in advance for any help!

A:Cannot join Windows 7 to domain even after setting DNS to domain controller IP

Hi,
You need flush your DNS cache in client side first.
Then, let?s create the following registry value for a try:
HKLM\System\CurrentControlSet\Services\LanManWorkstation\Parameters
 
 - Created a DWORD DomainCompatibilityMode = 1
 - Created a DWORD DNSNameResolutionRequired = 0
Reboot the machine and check the result again.Alex Zhao
TechNet Community Support

Read other 17 answers
RELEVANCY SCORE 97.6

Hello everyone,

So on my work laptop yesterday i got disconnected from the network, and upon trying to reconnect i had internet access but no network access, ran through some diag, was able to ping my other work station, ip,dns and dg where all fine, checked for dns records issue, none found. so i removed it from the domain and tried re-adding it, and this is where the problem is no matter what i do i cannot add this laptop on the domain. i get full internet access on the network but no network access. i know the Dns server is functioning perfectly and cant be the issue, i have also flushed dns, rebuilt tcp/Ip stack and removed all lan and wlan profiles. i am also getting a certificate error when trying to access the network on wlan.

Using my local admin here are some print screens of first the issue when trying to add the laptop back to the domain, then Ping results to my DNS server .

after removing the machine from the domain it now no longer picking up the correct DNS server.

Would assigning a new DNS record resolve the issue???

he following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "bareesc.bareescentuals.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.bareesc.bareescentuals.com

Common causes of this error include th... Read more

A:An active directory domain controller for the domain could not be contacted

Funny enough, we've found a handful of users on our network today unable to access local resources for the same reason!

Your DNS settings are being hijacked. They should point at your DC, but instead are pointed at a malicious DNS server hosted somewhere in Israel. Give your computer a good bath before letting play with the other children again.

We're currently in the process of mediation around here, too.

Hope that helps!

Read other 2 answers
RELEVANCY SCORE 95.6

Hello everyone. I really hope that you can help me. You are my last hope.

I maintain about 30 domain computers. Recently when users try to log in on most of them the following error appears frequently:

"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. if the message continues to appear, contact your system administrator for assistance."

I have seen that this error appears only in the computers with Windows XP and not in the computers with Windows Vista or 7. We have 2 domain controllers.

Please let me tell you about the ways I tried to resolve this problem and their results:

- on some computers, after several restarts the users are able to log in, but if they restart or shutdown after that the error appears again; this worked for some computers, but I do not know if the error will appear again in the future.
- on some computers, when i disabled the windows firewall or allowed all kind of ICMPs it was resolved, but this did not work for all the computers and I do not know if the error will appear again in the future.
- I unjoined and then rejoined some computers from the domain and it was resolved but after restarting the error appears again.
- If I unplug the network cable the users can log in but after restart the error appears again.
- I have tried to reset the user password and computer on the Active Directory for some users and... Read more

A:windows cannot connect to the domain, either because the domain controller is down...

Read other 16 answers
RELEVANCY SCORE 95.6

I have an employee that gets this upon every boot on his assigned laptop. I have utterly no idea what it means or how to correct it. Help needed please.
 

A:Error: Domain controller could not be found for the specified domain.

Check the machine account. You might also delete it and recreate it. This may require a domain admin to rejoin the machine to the domain.
 

Read other 2 answers
RELEVANCY SCORE 95.6

Hello,

We have a server set up with serval computers t. I formated a pc that was on the domain and now trying to attach it back to domain and i get the message.

Domain Contriller could not be contacted
I putted all the settings same as the other pc's..

i'm also getting the message " ip adress already in use. but i'm using the same ip as the pc had before i formated the pc. is this the reason that i get the message , Domain Contriller could not be contacted

i also can ping from the pc. to the server

Any Ideas?

thanks for the help
 

A:Problem:A domain controller for the domain could not by contacted

sorry i mean i also get the message " a duplicate name exist on the network"
 

Read other 1 answers
RELEVANCY SCORE 95.6

Hi,

I want to ask question regarding the DC group policy. Is it possible to track or find out that on which system a GP is not applied?

Actually we are applying a group policy in our company and at the same time we want to keep track that if a group policy is not applied on any system or some body has changed the group policy on his/her system we can figure out that particular system on which the GP was not applied.

Is it possible?
 

Read other answers
RELEVANCY SCORE 92.8

Windows
2012 

IP settings           172.17.2.36

Subnet mask       255.255.0.0

Gatevay                 172.17.2.1

DNS                       8.8.8.8

                           
     

Windows 7

Obtain
IP address automatically  

----------------------------------

----------------------------------

DNS
                       8.8.8.8

 
                                

The
error code reads 

------------------------------------------------------------------------------------------------------------------------------------------------

The
following error occored wen DNS was queried for the servise location (SRV)

resource
record used to locate an Active Directory Domane Controller (AD DC) for Domain

"dalek.local
".

 

the
error was: "This operation returned because the timeout period expired."

(error
code 0x000005b4 ERROR_TIMEOUT)

 

The
query was for SRV record_ldap._tcp.dc._msdcs.dalek.local.

the
DNS server used  by this com... Read more

Read other answers
RELEVANCY SCORE 92.4

When I logon to our network I get "Domain controller for this domain could not be found:. The event viewer records event ID 5719 in the system log:
No Windows NT Domain Controller is available for domain PGMS_LAW. (This event is expected and can be ignored when booting with the 'No Net' Hardware Profile.) The following error occurred:
The RPC server is unavailable.
According to MS support the way to resolve this is to disable LMHOSTS lookup box. This was not enable on any machines and now I'm stuck. Does anyone have any ideas?
 

A:Domain controller for this domain could not be found

Simplest thing to try is remove it from the domain (make sure you have a local account with admin rights FIRST). Then re-add it to the domain.
Can you see/use network resources otherwise? Are the lights on on the NIC? Have you tried a different cable/network port?
Maybe remove/re-add the NIC. Check all the properties, correct IP/subnet/gateway/etc.......
 

Read other 1 answers
RELEVANCY SCORE 78

We have over 110 laptop users all logging on using cached domain login information.

Recently I've had a couple ring up saying that they can't log on to their laptops remotely as they get a message saying the domain controller is not available so all I've been able to do is get them to drive all the way on to our Head Office so i can reconnect their computer on to the domain and then get them to log on and then off the domain to create a cache of their logon details.

Any ideas the previous cached information has not allowed them to log on?

I'm guessing it has become corrupt but not sure how.

Read other answers
RELEVANCY SCORE 78

How do I run a domain network?
 

A:Domain controller?

Read other 6 answers
RELEVANCY SCORE 78

I'll be adding a new Domain Controller to our network this evening. It's not currently connected to anything right now, so I need to know if I actually have to join the machine to the domain, or can I just plug it in and bring it up as a new DC on the domain? In other words, do I have to go through the process of going in to Active Directory on the existing DC and actually adding a new computer to the domain and then bring it up as a DC, or does it automatically join when I make it a DC on the network?

Steph
IT Intern
 

A:New Domain Controller

Read other 12 answers
RELEVANCY SCORE 78

Ok here is my situation, I have 2 pc's running Win 2000 and a third running 2000 server, how do I get the 2 machines to join into the domain.....I installed AD and now have a domain called "something.local." does this make sense to anyone? also I am behind a linky router and have given my 2 pc's a static ip of "192.168.x.x" do I have to run a DHCP server on the 2000 server machine? I am completly lost and could use some help....I know Active Directory is not for the timid, maybe I bit off more than I can chew!!!
 

A:Domain Controller

In control panel, open system, under identification, change it, and add the domain name, apply, and you'll get a message as to whether it was sucessful or not.
 

Read other 1 answers
RELEVANCY SCORE 78

how many domain controller can be added in windows server 2003
 

A:domain controller

You will need at least one per domain.
 

Read other 1 answers
RELEVANCY SCORE 78

Ok here is my situation, I have 2 pc's running Win 2000 and a third running 2000 server, how do I get the 2 machines to join into the domain.....I installed AD and now have a domain called "something.local." does this make sense to anyone? also I am behind a linky router and have given my 2 pc's a static ip of "192.168.x.x" do I have to run a DHCP server on the 2000 server machine? I am completly lost and could use some help....I know Active Directory is not for the timid, maybe I bit off more than I can chew!!!
 

A:Domain Controller

You do not have to run DHCP from your server. You could run it from your router, or not at all. The key to getting your Win2k machines onto the domain is that you must build Domain User accounts on your server for them. This server must be configured as a Domain Controller. They must then change their Network Identification to join the Domain and log into the Domain Controller (your server) using the accounts that you have built for them under the Active Directory Groups and Computers area. (Start-->Programs-->Administrative Tools-->Active Directory Users and Computers.

When you boot your Win2k clients, be sure when the logon screen appears, that you use the drop-down box to select your domain not the local computer.

I use my Win 2k server as a Domain Controller and a file/backup server which I have found the most useful role for my small home network.

Hope this helps--

Telepro
 

Read other 2 answers
RELEVANCY SCORE 78

Having trouble accessing Active Directory users/computers it times out and says it cannot connect to the domain controller and when I boot up takes forever and on the internet it takes minutes to switch screens.

Using XP Pro and Windows Server 2003. This is happenning on the admin PC. Thanks

A:Domain Controller

Hello & welcome to TSF,

you need to do this to both systems


do you have a Windows Xp cd, not the restore cd's that come with some systems, the cd will have the Windows logo & 3D hollowgram/image on it

if you do not maybe you can barrow one from a friend/family member/co-worker as long as it is the same version that is on your system

if you have (Windows XP Home Ed. sp2 ) then the cd will have to be that / if you have a cd with (Windows XP Home Ed. )you will have to slipstream (SP2 ) onto a disk that you create
this also applies for (SP3)

this also applies to (Windows XP Professsional )

http://www.helpwithwindows.com/Windo...p2-bootcd.html

now if you do have the Windows XP cd with sp2 please follow these steps

--------------------------------------------

performing a (sfc) system file checker

It is a scan that checks the core files & dlls of the (os) operating system and replaces them if they are corrupt or missing with the correct original version

start

#1 then select (run) , then press enter
a window will open
#2 type in ( cmd ) then press enter
another window will open
#3 type in ( sfc )then press enter
another window will open
#4 type in (sfc /purgecache) then enter / your pc will work like crazy / this helps in rebuiding the cache file (notice the space between (sfc & /)
#5 type in (sfc /scannow ) then press enter ( notice the space between the (sfc & / )

now a scan will start , have your... Read more

Read other 1 answers
RELEVANCY SCORE 77.6

I wants to perform the specific application under domain admin right for domain user account
I have try create shortcut and type:"runas /user:ComputerName\Username /savecred "C:\path\to\file.exe""
Then, I can run it and pop up the Attention. but  the application is appear "APPSCRASH", when press"Yes" 
If I type local / domain administrator account, it can run application normally.
How to fix it? The application is typing of the dead

Read other answers
RELEVANCY SCORE 77.6

Hello everyone,

We are running into a somewhat peculiar issue that I have been unable to find any information about and I was hoping someone here could point me in the right direction.



Several of our Windows 7 laptops (We're working on moving to W10) have become unable to change the password for a domain account from the Change a Password screen after hitting CTRL ALT DEL. Usually when someone would select to change their password,
it would take them to the text boxes with the domain\username pre-populated, I'm sure you are familiar.

Recently, when following the same steps, an account selection screen comes up with the option to use a smart card or simply type in the username. While we are working on implementing smart cards, they are not yet in use and in fact should not even
show any options for them yet. After opting to type in a user account, rather than populating the username field with domain\username, the field remains blank with grey text saying "provider\user name" instead. If the user types in their domain\username
and attempts to change the password, they get a generic error stating it is unable to change the password.



Users are still able to use a co-workers machine to change their password from the same screen by substituting the username. Most of the affected machines are from users that work in the same team, even though those same users can change their passwords
elsewhere just fine. It appears to be isolated to specific ... Read more

Read other answers
RELEVANCY SCORE 77.6

Hello,
Currently we are in the middle of a migration project. We are migrating users from child domains to the root domain of one organization.
The user accounts are migrated with powershell using Move-ADObject cmdlet. This works as expected. The SIDHistory attribute is updated correctly.
Recently we received complaints from some *migrated* users - they lost their default/custom file associations. This happens only on Windows 8/Windows 8.1.
What happens:

the user is migrated and logs onher profile loads and everything's preserved (as expected)the user clicks on a .jpeg file (previously associated with program XYZ)OS asks the user to choose a program to open the file withthe user chooses a default program XYZ and the file openswhen the user clicks on a .jpeg file again - OS asks to choose a program again
i.e. the settings are not preserved.

Our investigation shows that it is connected with the UserChoice registry key and the HASH value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SomeExt

According to this blog 
the HASH is calculated based on user's SID. But after the migration the user has new SID and the HASH becomes invalid and we hit this:
"However In Win 8, the registry changes are verified by a hash (unique per user and app)  that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry."
Currently deleting the UserChoice key for all a... Read more

A:File associations are lost when user account is migrated from one domain to another domain (SID changes)

Hello Petar K. Georgiev,
Please check the following article to change the registry key to change back to the default file type associations.
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html
Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Fangzhou CHENPlease remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Read other 2 answers
RELEVANCY SCORE 77.2

Hi,

I hit major problems yesterday when a power surge killed my server (despite ups/surge protection!). We have a small set up of 15 win2k machines and one Windows server 2003 all connected under a domain.

Basically all user machines were unaffected but my only method of getting us up and running was installing a fresh version of 2003 server on a new machine. i followed this guide and configured it to use the same domain as last time (hoping that all the client machines would carry on as they were before the server out). i've managed to set up access to shared drives hosted on the network. That is working.

However i am now having these problems on all client machines

Client machines cannot connect to shared printers from another client machine. - Logging on as an administrator to their machine locally (not domain) you can add and print. Simply changing their policies to admin does not allow them access.
Each machines is still connected to the domain (so it says) but if you take them off and try to put them back on the domain i get this error:the following error occurred attempting to join the domain " ". network path was not found
If somebody can help me out i would be very gratefull. I'm alright with basic networking but have never installed Win server from fresh. I like to think i've just missed a simple checkbox or similar!? I've basically followed the guide and have done little else in way of changes, so you should be able to get a good i... Read more

A:Complete Domain Issue! Shared printers & adding domain

Read other 16 answers
RELEVANCY SCORE 77.2

Here is the scoop ... Two networks connected via frame relay line. Two different PDCs and domain names. Can ping internal IP address, but can not browse through Network Neighborhood. Set up WINS on both and when trying to get them to share info I get Connection was aborted by the remote WINS in the event log. I can see the IP addresses for the remote network through the DHCP manager. Any ideas on what I should do to be able to browse the remote network and also set it up so that I can administer it remotely, would be greatly appreciated.
 

A:{Advice Offered} - Domain Browsing in a Multi-Domain Environment

Read other 6 answers
RELEVANCY SCORE 77.2

I'm running into a problem with connecting to network drives over a VPN. The common difference is whether or not the computer is part of the domain by default.

1) Computers connecting to VPN using local account on computer: Prompted for a domain login when attempting to use the network drives. Can get in.

2) Computers connecting to VPN using a domain account (but on another network): Unable to connect. Specific error changed based on below info.
A) Computer logged on and connected to an outside network. Never connected to domain network: Can't find folder error.
B) Connects to domain network at some point before connecting to an outside network and using VPN: Might be in use error, attached.

A:VPN Network Shared Drive Error Domain/Non-Domain Differences

Sounds more like the network the VPN connection puts you in has trouble making kerberos connections to domain controllers, but NTLM connections work fine (kerb might be blocked). The errors are likely bogus if you can get #1 to work - if the computer is connected to a domain it's going to want to use Kerb before NTLM, and if the machine still has (what it thinks is) a viable kerb ticket, it's going to try and validate that with a DC (to achieve auth), and if this fails, so does the connection.

This may not actually be the case, of course, but it sure has the symptoms of it.

Read other 1 answers
RELEVANCY SCORE 77.2

Dear Community,

My company use around 700 desktops and laptops on a domain. our file server has a home share drive that the AD links to and then maps when a user logs onto any machine when using their domain account. my problem when I log onto my normal laptop
it says network name is no longer available. when I log onto another machine it connects and maps normally. all other servers UNC name works normally. I can ping it by DNS and IP and can RDP to it but not see any shares.

Please can you help?

Read other answers
RELEVANCY SCORE 77.2

hi

i have changed the domain of the computer (from say old.net to new.net).
there is a folder shared on another machine on old.net domain. the user X was able to access it. aftter changing his domain from old.net to new.net he no longer can access that shared folder.
User X has working credentials for both domains.

on accessing it it asks for credentials. upon entering his correct user name in the format (old.net\X) he is not able to access it.

i had exactly same setup with another user Y and he was able to access data .

is there anything that i am missing ?

also accessing that folder first time asked for credentials but now it doesnt asks .. why ? there is nothign in credentials manager.

regards

A:cannot access shared folder after changing domain with old domain cred

Hello,

Have you removed/re-added the User's credentials (from the PC with shared folder) with the new domain name?
Also, make sure that the shared folder has Everyone permission in the Security Tab.

Read other 1 answers
RELEVANCY SCORE 77.2

hi,

when i add win 7 client machine to a domain i got this error " an attempt to resolve the DNS name of a domain contrller in the domain being joined has failed" how to solve it . plz help
 

Read other answers
RELEVANCY SCORE 77.2

I'm trying to get rid of an old w2k server that is the DC and DNS server. I added DC and DNS to an existing w2k3 server and it looks like it replicated all the AD data ( I see users and machines listed ) but when I unplug the old server and login to the network at a workstation I don't get access to the internet trying to use the new server as the DNS server or to local network stuff. I think I may have both a DC and DNS server configuration problems.

Thanks in advance

14Mike
 

A:New Domain Controller problem

Are you using the new DC as the DHCP server? If so you will need to do an ipconfig/release ipconfig/renew from the workstations so they get the new DNS information otherwise the workstations will be using the old DNS server for their lookups.

And did you demote the old server? You can't just unplug a DC from a network, AD has to know it is gone.
 

Read other 2 answers
RELEVANCY SCORE 77.2

I have recently set up a domain controller for a new site and one issue we are having is being able to RDP into the machine. This is on Windows Server 2012 R2. After using the IP to RDP into the machine, I can input my credentials, it then shows the certificate warning, then says connected to session and waits a couple seconds and then just closes. No error, no blank screen, just closes. I checked the Event logger on the server and it showed:
An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80070102)
I do want to say that the main Domain Controller does have Windows Server 2012 Standard and NOT R2 and anyone and everyone can RDP into that no problem.

Also the logs on the Client machine trying to RDP into the DC comes up with this error:
Remote Desktop Service start failed. The relevant status code was 0x800706b5.

Anyone have any ideas?
 

A:RDP issues into a new Domain Controller

I'd start at the beginning. Have you verified that the services are running?
 

Read other 9 answers
RELEVANCY SCORE 77.2

I need to run the script below but the problem I have is that the command needs to run while you are logged onto the desktop of the domain controller but I am are not granted that access. Any suggestions would be wonderful. thanks


' This script will add assigned groups to NT clients local groups
' List any modifications and initialize

'script type:vbscript
Option Explicit

'number for sGroupArray entry below under "Initialize Group Array"

Dim oNet
Dim oGroup
Dim sComputerName
Dim sGroup
Dim sGroupName
Dim strDomainGroup(4)
Dim RetVal

strDomainGroup = "WinNT://NENA/Domain Admins"

' Create Network Object to get computer name.
For i = 1 To 3 '3 computer names
Set oNet = CreateObject("Wscript.Network")
Set sComputerName = oNet.ComputerName

sGroup = ("WinNT://SWSA/$Admin-GS-NBCPCADM" & i)
sGroup = ("WinNT://SWSA/$Admin-LS-NBCPCADM" & i)
sGroup = ("WinNT://SWSA/Software-Install" & i)
Next

'Get group object for the above computer

Set oGroup = GetObject("WinNT://" & sComputerName & "/administrators,group")

'Add all the groups from the array into the clients administrators group.

For Each sGroupName In sGroupArray

RetVal = oGroup.IsMember("" & sGroupName & "")
If Not RetVal Then oGroup.Add ("" & sGroupName & "")

RetVal = oGroup.IsMember("" & strDomainGroup &a... Read more

A:vbscript to run without having to log in to the domain controller

Finally, I have it figured out how to do it...I reset the AD password since it is Windows 2000.
 

Read other 1 answers
RELEVANCY SCORE 77.2

Hi,

This is my first post here so I hope it's in the most appropriate area.

I was hoping that someone could answer this question for me.

I'm working on an NT4.0 domain controller and I need to know how to add more than eight workstations to a user account in the "Logon To" dialog.

As deault you can only assign a user account to eight workstations. I'm sure there must be a tweak for this, and most probably in the registry.

Basically I need to create an account that allows my admin guys to administer workstations but not have access to the domain controller with that account. Therefore I am taking the course of allowing them to logon to specific workstations and servers only and I need a lot more than eight!

Any dudes/dudettes out there that have any ideas?

Thanks

Sonicist

UK
 

A:NT4.0 Domain Controller tweaking

So you can't create more than 8 local accounts on the workstations that have admin rights? I haven't run into this one before.
 

Read other 2 answers
RELEVANCY SCORE 77.2

Hello everyone!
Today I have received a High severity alert for Suspected DCSync attack. The origin of this attack was a workstation that ATP tell us that has it's right private IP and a secondary IP, the one of our DC. How it can be possible? I've investifated on DNS,
on AV client logs, and other auditing tools and everything looks ok. No evidences for any risk on this computer or secondary IP address assigned to this workstation. How it can be possible?
Thank you.

Read other answers
RELEVANCY SCORE 77.2

Hello everyone,

I'm in a predicament. Our small company uses a domain controller which every user logs into for access to the network and their local profiles. The profiles are NOT coming/stored on the server side however, they are simply local, but users are given rights to certain file server areas. The machine used as the DC is VERY old and we're not confident it will stay running much longer.
What's the best way to migrate users to a new server?
We have a new machine, with a proper Windows 2003 server installed. We set up another domain (OfficeNet2). I was under the impression we simply needed to "promote" the new server to become the new Domain Controller - however, we're not sure how to do this, and do we need to "copy" the old user login information from the old server to the new (If that's even required?)
Any help or ideas would be GREATLY appreciated!
Thanks!
Katt
All users are XP PRO SP3 (with a few MACs) and both servers are Win2003.
 

A:Migrating from one Domain Controller to Another

Actually it would have been easier if you kept the new server on the same domain -

http://forums.techguy.org/windows-server-2003-2008/823462-domain-controller-advice-needed.html

If you have the ability to do it you may want to just do that. I have some links in this thread that wshow you how to have 2 DCs in one domain and to promote the new one.

When you have 2 different domains it becomes a bit more convoluted and you have to do some trusting and domain migrations.
 

Read other 1 answers
RELEVANCY SCORE 77.2

Hi All,

My small company is running in a XP workgroup environment. For security needs I am switching over to a windows domain. Our recently engaged IT professional initially pushed back on the domain controller idea - citing the cost in terms of degradation of performance during log in as well as an increase in care and feeding of users. After being informed of the security requirements, he is on board with the domain controller plan. My question to the experts here is: What am i getting myself into running my small bus network (<10 office + 10 classroom systems) in a domain as opposed to workgroup? Will this be an operational headache?

Much thanks!
Mark
 

A:Fear of domain controller

If the business stays small no its not an operational nightmare. In fact I am a domain advocate as there are alot of centralized things you can do on a domain that you can't with workgroups.

I.E. A domain login account allows 1 person to log onto all 20 user PC's instead of having to setup all 20 users at each PC. On top of that password changes if you change a password on the domain it changes it at each station you log in to. Also this allows for ALOT of flexibility if you ever have turnover you simply disable the account in the one spot and the person can't log in anywhere.

As far as longer login times I think thats close to hog wash. In a 20 user environment in 1 building if you have a long log in to your domain your looking at someone who setup a pretty horrid domain controller (or possibly someone who does not know about DNS and Active Directory). Now if this is a domain log in over a WAN yes it can bump up login times but then you need to look at your WAN connections.
 

Read other 1 answers
RELEVANCY SCORE 77.2

At one time we had an mixed environment.

After the NT box was removed we had 2 Windows 2000 servers (PDC, BDC).

About 5 months ago we replaced our PDC with a 2003 server and no longer operate in a PDC/BDC environment.

Well now it looks like we'll be replacing the old Windows 2000 server with a Windows 2003 server.

The new server with have the same name and IP address as the old 2000 server.

My question I guess is do I need to demote the existing DC and then take it off the network, put my 2003 server on the network and do a dcpromo?
 

A:Domain Controller Question

Read other 10 answers
RELEVANCY SCORE 77.2

The title says it all. Can Windows 7 Professional be modified to run as a domain controller and use Active Directory? If so please point the way to a tutorial if you know of one. Thank you.

A:Can Win 7 Pro be modified to run as a domain controller and use A.D?

No. If it could Microsoft would be on you faster then Winnie-the-pooh stalking a jar of honey.
The only way you are going to have a domain controller is by using Windows Server.

Read other 1 answers
RELEVANCY SCORE 77.2

Nevermind. . . I forgot to reset firewall settings in Norton 360.


We have a small network using Windows Server 2003. I'm having trouble setting up a new workstation, using Windows XP. It was finally working, then suddenly it cannot locate the domain controller and access our file server. In windows explorer, "My Network Places", it does not even see the server.

I've tried to check all settings I can think of and they are set the same as workstations that work just fine.

Problem seems to be the same whether I connect wired or wireless. No difference.

Any suggestions would be helpful. Thanks.

A:Domain controller could not be contacted

This issue can occur because the Sysvol directory is not shared out on the domain controller.To verify that the Sysvol directory is shared out, type "net share" at command prompt to see if the Sysvol share is showing.

Read other 1 answers
RELEVANCY SCORE 77.2

I want to install this administration software for my Network called Ranger for networks. To do this I am required for my PC to become a Domain Controller. I want this software installing on an exact PC which is running XP SP3. How do I make that PC the Domain Controller of my Network.
 

A:Domain Controller Setup

Posted via Mobile Device
you can't. A domain controller is setup on a Windows server OS.
 

Read other 1 answers
RELEVANCY SCORE 77.2

I'm having a problem with my NT4 domain controller. Last night when I left everything was working perfectly but this morning we got problems- only the PDC can log into the domain, all of the others are using cached profiles. When i go to server manager on the NT system it doesnt show any of the computers logged in, but when I change it to not view only domain members all of the little icons light up telling me that all of the computers are on the network. I tried taking two off the domain and then putting them back on. I had to manually delete their accounts from the PDC and when I tried to rejoin they said that the network path could not be found. All of the computers can browse the other computers and file servers that should be in the domain (and are listed under the domain in the network explorer but, according to the PDC, are not me,bers of the domain) and can ping the PDC. The PDC can also ping the gateway. Unfortunately, due to bad timing and politics, I am alone on this issue.

It's not a critical problem but will pose issues in the future if I let it go unresloved. Password changes and new acounts will have to be made locally which is simpy not feasable.

(oh yeah and, yes i've restarted the PDC... that ws the first thing i tried)
 

Read other answers
RELEVANCY SCORE 77.2

I've posted 2 threads on this forum and have NOT gotten a response... I'm sure someone on this forum is smarter than me!!

I asked if anyone can tell me why I can not access my servers on the network from my pc or any pc on the network when I shut down my PDC and leaving the BDC on at a different segment.

I am trying to test for a disaster recovery plan. If my PDC burns up the BDC should be able to authenticate all users and they should have access to all other servers as usual... correct?

Appreciate the help!~
 

Read other answers
RELEVANCY SCORE 77.2

I am tryin to add a user to a computer running W2k pro and when I type in the name and domain all I get is an error that says
"the trust relationship between this workstation and the primary domain failed"

This is a new workstation just added to the network, the user I am adding is myself and I have admin rights. For some reason all the users have to be local, I have checked the IP,DNS, and gateway. I can see the computer on the network.
 

A:Domain Controller does not trust me!

Hi tushkahoma
It seems that although you have local admin rights at the workstation, you may not have domain admin rights in order to join the domain.

Paul V
 

Read other 2 answers
RELEVANCY SCORE 77.2

I have two servers running NT 4.0 the problem is that the backup domain controller cannot log on to the primary domain controller. I've tried setting trust relationships and I get the "this server is already on the Domain" message.
 

A:Domain Controller Situation

If you have a Primary and Backup domain controllers in the same domain there is no need to set up a trust.

Trusts are used to define relationships between two seperate domains.

Can you explain in more detail what you are trying to do when you say

"the backup domain controller cannot log on to the primary domain controller"

Cheers

Craig
 

Read other 3 answers
RELEVANCY SCORE 77.2

- Windows 2000 Network. PDC has Win2k Server.
- All Win2k computers can connect to the domain w/o problem
- NT 4.0 (SP6a) machine used to connect fine but can't recently.
- Only recent change to the PDC was the installation of SP4.
- I can ping the PDC by IP address but not by name

Stuff I have tried:
- I tried switching it to a workgroup, rebooting, then switching
them back to the domain but now they give "Unable to connect to
the domain controller for this domain. Have your administrator
check your computer account on the domain." The computer account is on the PDC and a member of "Domain Computers"
and "Pre-Windows 2000 Compatible Access"
- I tried unchecking the "Enable LMHOSTS Lookup" check box in
Network\Protocols -> TCP/IP Protocol -> Properties -> WINS Address, as recommended by MSKB Article 271925 but that did not help.
- I tried changing the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters values for EnableSecuritySignature and RequireSecuritySignature, then restarting Net Logon as recommended by
http://content.techweb.com/winmag/library/1999/0501/sol00074.htm, but that did nothing.
- Lastly I tried what was recommended in MSKB Article 293127 which was:
Change the HKEY_LOCAL_MACHINE\System\CurretnControlSet\COntrol\Lsa
\restrictanonymous DWORD value to 0, but I haven't rebooted yet since I don't want to boot everyone else who is currently on the domain... I am not holding ... Read more

A:NT 4.0 can't connect to domain controller

Read other 8 answers
RELEVANCY SCORE 77.2

I am new here and I hope someone will be able to advise me regarding the problem I am having.

I am responsible of a small office network that is based on one domain controller which also works as the DNS.

Yesterday, I was planning to join a new PC to our domain name and usually when I do this I change the administrator's password temporarily to use it on the new PC and then change it back to the original one. (it is a secuitry phobia issue!)

After successful join to the domain I changed the AD administrator password back to the original one and tested it immediately and it worked just fine.

I locked the server and few hours later I wanted to make a change in the AD and I was very surprised that the administrator password is not working anymore.

(Please note that other users passwords haven't change)

My questions here are:

1- Are there any type of (hacking) tools that can be run from a local network pc (which have local administrative privilages) that can hack the domain controller this way and change the administrator's password or harm the domain controller?

2- Could this be a problem/bug from the windows 2003 OS itself?

3- Is there any legitimate way to reset the password in this case?

4- Is the built in windows 2003 firewall reliable and what do you recommened for software secuitry.

This happened once before (about a year ago) and the network was smaller so I finally decided to resintall wndows 2003 and start from scratch. But this time I just w... Read more

A:Problem on my Domain Controller

One aspect of maintaining servers is to create additonal administrator accounts so you can use them to edit/change the default administator account if its profile becomes corrupt or you have issues with passwords.

Q1 not that I am aware of
Q2 doubtful
Q3 use another admin account
Q4 software firewalls are OK but you get better protection from a hardware router/firewall. Not sure what you mean by software security. That is what share and ntfs permissions are about.
 

Read other 2 answers