Re: Problem settin user rights

I got one of my machines to work with the new user groups, but not
another one. There are a couple of differences between the two
machines: the one which is working shows a node type of "hybrid" when I
do an ipconfig /all, while the one which is not working is showing as a
"peer" type. The one which is not working also had the Cisco VPN client
installed, but not running while I'm trying to get this stuff working.

Any ideas? Also, see below for additional answers...


In article <eOydnV3R3_p4OF_eRVn-vg@xxxxxxxxxxx>, n9rou@n0-spam-for-me-
comcast.net says...
> Hi David.
>
> Most definitely your problem is DNS from the description of your
> configuration. You need to configure your domain controller to forward to
> your ISP DNS servers as described below and you may have to remove the root
> zone if it is present because if it is you will not be able to configure

That works; actually the auto-forwarding worked once I removed ".", so I
don't need to manually set forwarding.


> forwarding. You need to disable DHCP on your firewall if used and configure
> it on your domain controller and configure the DHCP scope to point to the
> domain controller as DNS servers and use your firewall/router as the default

I only use DHCP for remote (VPN) clients. The in-house machines all
have static IP addresses.


> gateway. The domain controller must have a static IP address. The support

Yes, I already knew that.


> tools are on the install disk for the operating system in the support/tools
> folder where you have to run the setup program there to install the set of
> support tools. --- Steve

I ran DcDiag, and it tells me that the guid DNS name could not be
resolved, but the server name could be, and that I should "Check that
the IP address (192.168.1.1) is registered correctlyt with the DNS
server." How do I do that? As far as I can tell, it's all set up in
the DNS manager, but I'm obviously missing something...

Thanks again!



>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300429&sd=tech ---
> how to configure DHCP.
>
> To Remove the Root DNS Zone
> 1. In DNS Manager, expand the DNS Server object. Expand the Forward
> Lookup Zones folder.
> 2. Right-click the "." zone, and then click Delete.
> Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS
> requests to external servers. If a DNS server cannot find a resource record
> in its zones, it can send the request to another DNS server for additional
> attempts at resolution. A common scenario might be to configure forwarders
> to your ISP's DNS servers.
>
>
> To Configure Forwarders
> 1. In DNS Manager, right-click the DNS Server object, and then click
> Properties.
> 2. Click the Forwarders tab.
> 3. Click to select the Enable Forwarders check box.
> 4. In the IP address box, type the first DNS server to which you want
> to forward, and then click Add.
> 5. Repeat step 4 until you have added all the DNS servers to which you
> want to forward.
>
>
> "David Kerber" <ns_dkerber@xxxxxxxxxxxxxxxx> wrote in message
> news:MPG.1e2c6cf5cd994378989683@xxxxxxxxxxxxxxxxxxxxx
> > Given your description, DNS could be the problem; I'll take a look and
> > post back.
> >
> > Right now, my network's firewall machine is set as the DNS server for
> > all machines on the in-house network, including the domain controller.
> > Only the firewall machine looks at the ISP DNS servers for resolution
> > when something isn't in its own cache.
> >
> > A couple of questions:
> >
> > If the DC points to itself for DNS, how do I tell it where to
> > forward requests for addresses not in its domain (outside world
> > addresses, that is)?
> >
> > Where can I find the netdiag tool? It's not being found on either
> > my client or the domain server.
> >
> > Thanks!
> >
> >
> > In article <HoadncNxxOk1BF_eRVn-hQ@xxxxxxxxxxx>, n9rou@n0-spam-for-me-
> > comcast.net says...
> >> Possibly you do not have your DNS configured correctly for an Active
> >> Directory domain. In short domain controllers must point only to
> >> themselves
> >> and/or other domain controllers as preferred their DNS servers and domain
> >> workstations must point only to domain controllers as their preferred DNS
> >> servers as shown with ipconfig /all and NEVER list an ISP DNS server as a
> >> preferred DNS server for any domain computer. I would also run the
> >> support
> >> tool netdiag on your domain controllers and a couple problem workstations
> >> to
> >> see if there are any problems reporter for DNS, dc discovery, and
> >> trust/secure channel. Proper DNS configuration is critical in an AD
> >> domain
> >> or all sorts of problems will ensue. --- Steve
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 ---
> >> Active Directory DNS FAQ.
> >>
> >> "David Kerber" <ns_dkerber@xxxxxxxxxxxxxxxx> wrote in message
> >> news:MPG.1e2c339c9e54c87e989682@xxxxxxxxxxxxxxxxxxxxx
> >> > We recently (2 wks ago) replaced our old NT domain controller with a
> >> > Windows 2000 Active Directory controller, and now I'm having trouble
> >> > setting up various permissions on my XP Pro client machines.
> >> >
> >> > What's happening is that when I try to add users to a user rights list,
> >> > it will not list the domain as a possible location to get users from,
> >> > only the local machine. I have tried this when logged in as both a
> >> > local administrator, and as domain admin, and in neither case does it
> >> > list my domain as a location to get users and groups from.
> >> >
> >> > How do I get this fixed so I can get my permissions set properly??
> >> >
> >> > Thanks!
> >> > --
> >> > Remove the ns_ from if replying by e-mail (but keep posts in the
> >> > newsgroups if possible).
> >>
> >>
> >>
> >
> > --
> > Remove the ns_ from if replying by e-mail (but keep posts in the
> > newsgroups if possible).
>
>
>

--
Remove the ns_ from if replying by e-mail (but keep posts in the
newsgroups if possible).
.

Relevant Pages

  • RPC Endpoint Mapper Error
    ... We are adding our first Windows 2003 Domain Controller to a Windows ... I checked DNS entries with articles from Microsoft on ... PASS - All the DNS entries for DC are registered on DNS server ... List of NetBt transports currently bound to the Redir ...
    (microsoft.public.win2000.active_directory)
  • Re: the system cannot log you on now because the domain <domain>is not available
    ... What I would suggest trying, at least temporarily, is to open Domain Controller ... The other main concern is that dns is configured correctly for the whole domain. ... controllers running dns with the AD domain zone and NEVER an ISP dns server anywhere ... > event log showed teh failed attempts at locating the DC. ...
    (microsoft.public.windows.server.networking)
  • Re: Domain Controller not resolving name
    ... Make sure the domain controller is also a DNS server. ... IP running DNS, WINS, and DHCP. ...
    (microsoft.public.windowsxp.general)
  • Re: DHCP box and Windows 2003 Server Domain Controller documentati
    ... Changing the configuration of the Domain Controller will take some ... We installed the DNS services in our Domain Controller (Windows ... DNS server should use forwarders to your ISP's DNS servers ... And you should really use DHCP for this - DHCP running on your DC, ...
    (microsoft.public.windows.server.general)
  • [LONG - PLS HELP] Issues on DNS
    ... Active Directory successfully replicated using the NetBIOS ... or fully qualified computer name of the source domain controller. ... DNS Server: ... The DNS server was unable to open zone mydomain.local in the Active ...
    (microsoft.public.windows.server.dns)