October 7th, 2006, 12:19 AM
Why not try my suggestion of demote/promote? Surely this would be a less tedious excersise? Ive had a similar problem and trying to get to the bottom of it can be a right bollocks. Especially if youve got no event logs for information!
October 7th, 2006, 02:20 AM
I'll give the demote/promote thing a try...I don't have event logs though as you'll see in a few posts up.
Yes I created the user accounts this way this time, and in all the previous domain setups I've done. I have no problem joining the domain, or even logging in as the Administrator, just user accounts give me this problem.
Gonna try DCpromo, and your sugesstions as well.
Thanks for the help
October 7th, 2006, 05:24 PM
The problem is that you have not configured the two GPO's yet
The first is "default domain controllers sec policy and the other is "default domain sec policy".
Just log on to DC with admin and go to "default domain controllers security policy" then go to
computer config-->windows settings-->security settings-->Local policies-->user right assignment
then double click "Allow log on locally option" and add Domain user group and to be on the safer side also add individual domain users to it. So this will allow these users to log on to domain controller machine only.
And for users to log on to domain from workstations, log on to dc with admin account do the same thing as above but this time with "default domain security policy"
Then go to start -->run and type "gpupdate /force"
This should solve ur first problem.
October 7th, 2006, 05:37 PM
I don't want them to log onto the Domain controller though...I was just testing if the Domain controller itself would recognize the users.
October 7th, 2006, 06:41 PM
But did my reply solve your problem?
October 7th, 2006, 06:56 PM
I haven't tried it yet....but I believe your first part will not solve the problem as allowing users to log on locally, only allows them to log onto the the domain controller itself. Which is what I don't want to do, at least for now, might do it later so I can set up roaming profiles.
I'm not so sure its a problem with users being denied access to the machines, but the machines themselves not able to find the Domain controller. If you go up a few posts you'll see that the event log errors refer to the computer unable to find a domain controller.
October 10th, 2006, 03:35 AM
when you change your cpmputer mode from "workgroup" to "domain" ,
there have to input the username and password
can you pass this process?
Bless my homeland forever...
October 15th, 2006, 05:31 AM
Just wanted to update you guys on this.
I got it going the other day.
The problem ended up being that I had another domain Controller that was running, and I didn't know about it. So basically I had a conflict going on, and I was trying to log onto a domain where I had no users, and that my DNS was not pointing to.
Thanks for the help guys.