Re: Assign Domain Security Policy/Manage remote computer
From: Martin (x@y.z)
Date: 03/30/03
- Next message: Chaitanya D. Upadhyay [MS]: "Re: Giving a user limited rights"
- Previous message: Carrie Garth: "Re: windows update."
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Raymond Sinnappan [MS]: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Martin" <x@y.z> Date: Sun, 30 Mar 2003 19:08:16 +0100
Hi Steve,
You are correct, I do indeed have other DNS servers listed on my client - I
didn't realise I couldn't have any others. I did have the AD DNS server
listed first.
I rebooted, ran ipconfig /registerdns, dc list still failed.
I disjoined and then rejoned the domain from My Computer properties computer
name tab, by joining workgroup, reboot, then back to the domain and another
reboot.
dc list still fails :-(
Sunday now
I have tried the command netdiag /debug /test:dclist
This shows up what looks like an embarassing point on my part:
At the dc list test point it says
"You don't have access to DsBind to<dc server> [ERROR_ACCESS_DENIED]"
I guess this is because I'm logged locally to a client account, not to a
domain account. :-(
When I log on with a domain account, the dc list test passes :-)
However, when I do ipconfig /registerdns - as the local client adminstrator,
it still fails with a reference to prisoner.iana.org, even though there is
no reference to any DNS servers other than the AD one. When I try ipconfig
/registerdns as the domain user - it fails because the domain user does not
have sufficient rights on the client.
I logged in as domain adminstrator on the client, and ran ipconfig
/registerdns, and it's worked without an event log error. However, whilst I
still have an entry for the client in the forward DNS zone, I don't have one
in the reverse DNS zone - although I created that zone later than the
forward zone, it has existed whilst I did the latest ipconfig /registerdns
call. Any ideas?
I think I'm almost there now. Although the outstanding question is why I
get mention of prisoner.iana.org when I don't have any other DNS servers
registered now. I should point out, I have been working via a wired
interface, I really use the client via a wireless interface - I've not had
that plugged in for the last 48 hours - tried to simplify the scenario - but
that interface *does* still have the ISPs DNS servers registered. - I
wouldn't have thought that would have been influential though - again any
thoughts? I really need to do a lot of reading up on AD, but I need to
carry on with my main projects - content and commerce server, so that luxury
may have to wait. There's also the IPSec solution that I need to pick up
again. I see a helpful message from Raymond Sinnappan [MS] on that.
Martin
- Next message: Chaitanya D. Upadhyay [MS]: "Re: Giving a user limited rights"
- Previous message: Carrie Garth: "Re: windows update."
- In reply to: Steven L Umbach: "Re: Assign Domain Security Policy/Manage remote computer"
- Next in thread: Raymond Sinnappan [MS]: "Re: Assign Domain Security Policy/Manage remote computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
