-
August 24th, 2006, 03:36 PM
#1
Junior Member
XP client domain account problem
Hi! First post...Here we go...
I am the present caretaker of a client/server Windows domain. 1 file/DC running 2003, 8 clients running XP Pro.
The issue: I am having difficulty in adding domain group accounts to the file structure on the clients. 1) I checked the PC's to ensure domain membership (Right-click My Computer--> Properties)-->Computer Name-->Change. Looks OK... 2) Right-click on any folder-->select "Sharing & Security"-->select "Security" tab-->"Add". In the text area that lists "From this location", I have the local PC name. I need the domain name.
OK...So I join a workgroup, and restart client. Logon as local admin, join domain. Restart client again. Logon as domain admin. Check "From this location" again in "Sharing & Security" (File structure stated above). I still get the local PC name....
I made some changes to sync NTP on the DC with outside time server per Microsoft guidelines((HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config----Polling values, MaxPosPhaseCorrection & MaxNegPhaseCorrection DWORD values) with the clients(running NT5DS---W32Time). Clients and DC are synched on time presently.
Before making changes to DC, I could see domain name listed in "From this location" on clients. After a period of time, they would lose domain membership. After making the changes to DC, I can't get domain name listed in "From this location". Hence, cannot add group accounts...
Any assistance or advice would be greatly appreciated. Tks in advance......
-
August 24th, 2006, 03:58 PM
#2
Any errors in the eventlogs of the clients and/or server?
When you removed the clients from the domain did you also remove the computer account?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 24th, 2006, 04:20 PM
#3
just to clarify: the domain name disappear just "from location" ? if you press "locations" button you can or can not still find the domain name?
if you have only one DC and sync this DC time with a external time source you didnt caused no harm, because since all stations will sync with DC so, even if you get the wrong time, everybody will be in sync. The only problem i can see if the external time source change the time back and forward a lot of time (a buggy time source) but i dont think that is the case.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 24th, 2006, 05:16 PM
#4
Junior Member
SirDice: First thing I checked was event log on client & server. No errors to help troubleshoot. Thought maybe a corrupt SID so blasted computer account from AD and joined domain "fresh". That didn't solve the issue.
cacosapo: When I click "Locations", only the local PC name listed. No domain container.... The time sync between clients/server seems to be accurate.
Thanks for your time in helping me to troubleshoot this problem..
-
August 25th, 2006, 02:47 PM
#5
1st. guess:
Is there another computer with the same SID? perhaps you had cloned one XP and kept the same sid.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 25th, 2006, 03:59 PM
#6
Junior Member
That is an interesting point! It got me thinking.... Found 2 tools from PsTools---PsGetSid, and NewSid. (GetSid from Resource Kit) This should help me troubleshoot further.
Tried renaming a PC with different NETBIOS name & then joining domain. Initially, I was able to see domain listed under "From this location". I proceeded to test on other PC's, but with no luck. Looked on PC(about 15 minutes later) that I initially had success on to see if domain still listed under "From this location". It had fallen off to local account.
I will try the SID route in more detail. If not successful, will resort to sniffing traffic.
BTW, anyone know what reg keys to look at for SID's in registry? (Interested in pickin' someone brain....Didn't find anything that jumped out at me via Google, or searching antionline)
Many thanks!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|