Re: XP Prof and 2000 Active Directory Issues

From: Ron Lowe (ron.lowe@{DELETE}btinternet.com)
Date: 08/30/02 

From: "Ron Lowe" <ron.lowe@{DELETE}btinternet.com>
Date: Fri, 30 Aug 2002 20:06:04 +0100

"Jeff Scrivener" <lscriben@midsouth.rr.com> wrote in message
news:63c86d4.0208300759.481a0dcf@posting.google.com...
> I'm having a pickle of a problem with Windows XP Professional and 2000
> Server. When I create a new share or a printer or something on the XP
> Prof machine and go to set the security permissions to it I am unable
> to add directory user accounts. The directory does not show up under
> locations and the addresses to the users (domain/username) can not be
> found if manually typed in. Further more, 98 clients are unable to
> browse to the machine through network neighborhood. They see it, but
> they cannot connect to it even if create a duplicate of the directory
> user account on the XP Prof machine locally. Basically it looks to me
> like the only thing that happened when I joined the XP Prof machine to
> the directory was that a computer account was created, but none of the
> benefits of joining have been granted to the machine.
>
> Can anyone help a poor confused NT4 man? :)
>
> Thanks
> Jeff

I smell a DNS problem.

The inability to find enumerate Domain users and groups usually indicates an
inability to find the domain controller, which in turn usually induicates a
DNS foo-foo.

Does logging in using a domain user account take a long time, too?

XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
controllers:

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314861

If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )

1) Ensure that the XP clients are all configured to point to the DNS server
which hosts the AD domain. That will probably be the win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's DNS server.
( you should use the DHCP server to push out the correct DNS server
address. )

2) Ensure DNS server on win2k is configured to permit dynamic updates.
Ensure the win2k server points to itself as a DNS server.

3) For external ( internet ) name resolution, specify your ISP's DNS server
not
on the clients, but in the forwarders tab of the win2k DNS server.

On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers.
Accept any nags etc, and let it delete any corresponding reverse lookuop
zones if it asks.

The following articles may assist you in setting up DNS correctly:

Frequently Asked Questions About Windows 2000 DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291382
Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q237675
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300202

Good Luck,
Ron

Relevant Pages