-
May 22nd, 2006, 08:41 AM
#1
Active Directory New Issue
Hi everyone!
i am experiencing some issues over the network.... first one is realting to active directory, whenever i Use to create a new account in the directory i recive a message (please find the enclosed screenshot).
Also i have experienced that few users are unable to logged into the Domain they are receiving a message related to Time syncronization with the Domain, due to which they can't use the domain services......
I would appreciate your quick help. by the way server running windows 2003.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
May 22nd, 2006, 09:53 AM
#2
fanacool,
No screen shot that i can see. But i would say for the other problem that one of your domain controllers is not synchronised time wise with your other DC's. This is very important for an AD. If you havent set up the time server on all your DC then you may have the second problem you are describing.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 22nd, 2006, 10:25 AM
#3
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
May 22nd, 2006, 10:33 AM
#4
Fanacool
A silly question do you have a globale catalogue server?
Looks to me you need to check out the state of network connections between your DC. I am assuming you have more than one DC but it would be good if you could give us more information on your set up. Type of windows AD 2000 or 2003. set up of your DC and the different roles ect.
you can also check out this e-book. The definitive guide to active directory troubleshooting
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 22nd, 2006, 10:43 AM
#5
Windows 2003
I have only one Domain Controller...... and i haven't setup any time server, rather i remember i have never ever configured a time server in the domain and it was running perfectly alright....
Well i faced similar problem a day ago (time synrconization one), what i did was it joined that computer on workgroup and then re-join it to my domain and things went ok on that client but the client troubling today is pretty tough..... giving me too much hard time.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
May 22nd, 2006, 10:47 AM
#6
In that case you would probably want to check to see if you have set the DC as global catalogue. See also my edit in my last post
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 22nd, 2006, 10:51 AM
#7
Need a little help about this global catalogue thing.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
May 22nd, 2006, 11:02 AM
#8
here you go :
understanding globale catalogues
From microsoft technet.
Read that and the other link I supplied it should help explain things a bit.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 24th, 2006, 01:56 PM
#9
If you only have on DC then it should be holding all the FSMO roles i wulod imagaine, it depends on your network config, need more information.
If this is the case then sounds ike AD on the DC could be corrupt, you could do a restore ?
or use sites and services to change the fsmo roles to make sue there is a GC available ?
Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !
The Head foundation
Please give generously
-
May 24th, 2006, 05:11 PM
#10
By default Active Directory Domain Controllers will only allow users to log in if the time is syncronized within a certain period of time. In other words, I believe this default time is 5 minutes.
So if the server time is 9:00am and the PC time is 9:20am , in many cases it will not allow to connect due to the time difference. This is a "feature" that microsoft added to help with securiyt issues.
I would use a NTP server address and have your server synch with it, then set up your policy to synch all pcs with the server time.
I use time.nist.gov for my external NTP server and have no problems.
Hope this helps some.
As for the global catalog, you should have one installed by default with Active Directory, did you move the GC role to another server by chance?
\"Common Sense, isn\'t that common\"
\"It is a lot easier to raise a child then it is to repair an adult\"
-Kruptos
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|