Re: My domain account is upsetting me
From: Herb Martin (news_at_LearnQuick.com)
Date: Sat, 8 Jan 2005 03:31:55 -0600
"Rene" <email@example.com> wrote in message
> You got it!! It was that DNS thing that was causing all this problems,
> everything is working fine now, even my logon time went from somewhere
> around 2 minutes to about 10 seconds.
Good, that makes it fun when the suggestion
works right away.
> The thing that gets me is the partial problem, I thought that I had
> everything configured right because I was successfully logging to the
> and able to browse files, print documents etc. I would have preferred that
> nothing worked from the begging that way I could have tackled the problem
> and not move forward until everything was working 100% and not 50%.
Yes, intermittant or partial problems are much harder
to troubleshoot (usually) than complete failure.
> Anyway, its working fine now and I can continue testing my program against
> the server. Thanks for everything.
You're welcome -- pass it on to others.
-- Herb Martin > > > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:u2UaEtS9EHA.3416@TK2MSFTNGP09.phx.gbl... > > "Rene" <firstname.lastname@example.org> wrote in message > > news:uCrDSoQ9EHA.3076@TK2MSFTNGP15.phx.gbl... > >> I am a Visual Studio .Net developer and currently log on to my local > >> computer as an Administrator. > > > > Been there... > > > >> To accomplish the above, I basically added my *Domain* account (Server > > 2003) > >> to my Local Administrator group (Windows XP professional) using the > > "Network > >> Identification Wizard". This was done easily (*with the wizard*) > >> > >> > >> Now, I want to change my evil ways and logon as a restricted user because > > I > >> realize that there is no justification not to do so. The problem is that > >> when I try to add my *Domain* user name to local groups I get the stupid > >> dialog telling me that my domain user account does not exists!! I try to > >> enter it as "MyDomain\MyUserName" and nothing. What's going on??? Why > > are't > >> the domain accounts listed??? > > > > Probably due to your machine not authenticating with > > a DC -- you would still get on with cached credentials > > (if you had ever done it successfully once.) > > > > Most likely cause is a DNS issue...but if not that it > > is still likely an authentication problem. > > > > It could be something on the Domain (Admin) side so > > you may not be able to fix it, but make sure you computer > > uses ONLY the internal DNS server set and that > > no one (harumph!) has changed the NIC->IP properties > > to point to External DNS servers or even a mixture of > > External/Internal. > > > > Here's the full story but you may need an admin to check > > the server side: > > > > DNS for AD > > 1) Dynamic for the zone supporting AD > > 2) All internal DNS clients NIC\IP properties must specify SOLELY > > that internal, dynamic DNS server (set.) > > 3) DCs and even DNS servers are DNS clients too -- see #2 > > > > Restart NetLogon on any DC if you change any of the above that > > affects a DC and/or use: > > > > nltest /dsregdns /server:DC-ServerNameGoesHere > > > > Ensure that DNS zones/domains are fully replicated to all DNS > > servers for that (internal) zone/domain. > > > > Also useful may be running DCDiag on each DC, sending the > > output to a text file, and searching for FAIL, ERROR, WARN. > > > > Single Lable domain zone names are a problem Google: > > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ] > > > > -- > > Herb Martin > > > > > >> > >> > >> > >> Pleas help me!!!! > >> > >> > > > > > >