Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Active Directory New Issue

  1. #1
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Active Directory New Issue

    Hi everyone!

    i am experiencing some issues over the network.... first one is realting to active directory, whenever i Use to create a new account in the directory i recive a message (please find the enclosed screenshot).

    Also i have experienced that few users are unable to logged into the Domain they are receiving a message related to Time syncronization with the Domain, due to which they can't use the domain services......

    I would appreciate your quick help. by the way server running windows 2003.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  2. #2
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    fanacool,
    No screen shot that i can see. But i would say for the other problem that one of your domain controllers is not synchronised time wise with your other DC's. This is very important for an AD. If you havent set up the time server on all your DC then you may have the second problem you are describing.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  3. #3
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Screenshot
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  4. #4
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Fanacool
    A silly question do you have a globale catalogue server?
    Looks to me you need to check out the state of network connections between your DC. I am assuming you have more than one DC but it would be good if you could give us more information on your set up. Type of windows AD 2000 or 2003. set up of your DC and the different roles ect.

    you can also check out this e-book. The definitive guide to active directory troubleshooting
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  5. #5
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Windows 2003
    I have only one Domain Controller...... and i haven't setup any time server, rather i remember i have never ever configured a time server in the domain and it was running perfectly alright....

    Well i faced similar problem a day ago (time synrconization one), what i did was it joined that computer on workgroup and then re-join it to my domain and things went ok on that client but the client troubling today is pretty tough..... giving me too much hard time.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  6. #6
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    In that case you would probably want to check to see if you have set the DC as global catalogue. See also my edit in my last post
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  7. #7
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Need a little help about this global catalogue thing.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  8. #8
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    here you go :
    understanding globale catalogues

    From microsoft technet.

    Read that and the other link I supplied it should help explain things a bit.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  9. #9
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    If you only have on DC then it should be holding all the FSMO roles i wulod imagaine, it depends on your network config, need more information.

    If this is the case then sounds ike AD on the DC could be corrupt, you could do a restore ?

    or use sites and services to change the fsmo roles to make sue there is a GC available ?
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    By default Active Directory Domain Controllers will only allow users to log in if the time is syncronized within a certain period of time. In other words, I believe this default time is 5 minutes.

    So if the server time is 9:00am and the PC time is 9:20am , in many cases it will not allow to connect due to the time difference. This is a "feature" that microsoft added to help with securiyt issues.


    I would use a NTP server address and have your server synch with it, then set up your policy to synch all pcs with the server time.

    I use time.nist.gov for my external NTP server and have no problems.

    Hope this helps some.

    As for the global catalog, you should have one installed by default with Active Directory, did you move the GC role to another server by chance?
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •