Re: Domain workstation cannot see the domain for adding user permi

Steve,
Thanks for the help, everything is working now! I used the your information
and the stuff included in the links you provided and came up with a more
simple idea that also seems to work. My ISP had provided two dns server
addresses so i placed only one of them and the other dns server I set it to
the ip of the DC. That was it. Now I have internet access via the dsl
router and full domain access on the LAN as well.
Again, thank you for everything.

"Steven L Umbach" wrote:

For an Active Directory domain to work correctly all domain computer must
use only domain controllers as their preferred DNS servers because in an AD
domain DNS is used to located services and domain controllers - not just
resolve host names. What I would do is to disable DHCP on the internet
router if it is enabled and configure those computers that need internet
access to also obtain their DNS server automatically as the rest of the
computers in the domain. Then you need to configure your domain controllers
which are also the DNS server to forward to the ISP DNS server so that
internet name resolution requests can be done by them. I don't know how
access is being controlled to the internet by that usually is done by
filtering IP address at the firewall/internet router or making sure that
only computers that need to access the internet are configured to use the
default gateway. The domain controllers will also need to be configured to
use the default gateway. The links below explain more on how DNS needs to be
configured in an Active Directory domain. After reconfiguring those domain
computers to use a domain controller you may need to reboot them and then
run netdiag on them again to see if the problem has been resolved or not. Be
advised to NOT browse the internet or access email from domain
ontrollers. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 --- see
sections starting at To Remove the Root DNS Zone which you may need to do if
you can not configure a forwarder.

"Red22" <Red22@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:13872071-3C9D-49C7-941C-2216891136FB@xxxxxxxxxxxxxxxx
Hi,
You are correct, both netdiag and evenviewer show problems finding the
domain controller, finding a primary authoritative DNS server, etc. Given
this, (and that I am new to a DC'd windows network), let me explain where
I
assume the problem is.
The network has a dsl router which only some machines are allowed to use
for
internet access. The machines that do not use the internet access, have
their DNS settings to obtain dns automatically (and these can browse all
domain entities fine). The machines that have internet access have their
dns
server address set to the ones supplied by the ISP. These machines, with
the
manually set dns addresses cannot browse the local domain machines and
users.
And thus the question: How can I set the dns settings so that the
machines
with internet access have not only internet access but also the ability to
browse the domain users? (Remember, the machines can connect to the
domain
controller to run programs and share files as they are right now. Also,
all
the machines can browse all the other machines via "Network Neighborhood".
It's just that all the security features where domain users and computers
SHOULD be listed, only include the local machine entities and the domain
users and machines are NOT shown)
Thanks again for the help.


"Steven L Umbach" wrote:

It sounds like that computer has a DNS name resolution problem,
connectivity
problem to a domain controller, or a problem with it's security account.
Verify that it is using only domain controllers as it's preferred and
alternate DNS servers in tcp/ip properties and as shown with ipconfig
/all.
Check the logs with Event Viewer to see if any problems are found and run
the support tool netdiag on it to see if it reports any relevant
problems.
To control what users can logon to a domain computer manage the user
right
for logon locally to only include the authorized users/groups which can
be
done in Local Security Policy under local policies-user rights. Be very
careful with the user right for deny logon locally as it overrides the
logon
locally user right and that administrators are members of users and
everyone
groups. --- Steve


"Red22" <Red22@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0BA79B82-46CD-4DFA-A1FA-1813511ADC26@xxxxxxxxxxxxxxxx
Everything (just about) works fine. This machine is a member of our
only
domain and can access the domain shares. The full domain can be
browsed
in
"My Network Places".

The problem is that this is the only machine on the network that cannot
see
the domain when you try to share a folder and go to:
Share Permissions > Add > Locations
Here, other machines see the local machine (and all created accounts on
it)
plus the domain server (and all accounts on that). But, this one only
sees
the local machine and NOT the domain.

Ultimately I would like to share files with a few, specific domain
users,
which is why I need this.

If it helps, I think I broke this functionality myself because a few
days
ago I was trying to remove domain users from being able to log on
locally
to
this workstation. Which reminds me.. How would I do that? I want only
a
few, specific domain users to be able to log on to the domain on this
specific machine. Is that possible? If so, how would I set that up?

Thanks!






.

Relevant Pages

  • Re: Domain workstation cannot see the domain for adding user permi
    ... approach but to instead use ONLY your domain controllers and configure them ... does not go to the other one if the DNS server returns a "not found" ... Now I have internet access via the dsl ... The network has a dsl router which only some machines are allowed to ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Domain workstation cannot see the domain for adding user permi
    ... use only domain controllers as their preferred DNS servers because in an AD ... access to also obtain their DNS server automatically as the rest of the ... The network has a dsl router which only some machines are allowed to use ...
    (microsoft.public.windowsxp.security_admin)
  • Re: New XP machines intermittent delays on Domain
    ... When I login into a Windows 2000 active directory from a new xp pro machine ... XP clients can find the DNS server. ... Disable NetBIOS on the interfaces that client will not use. ... >running fine until we purchased some new Dell machines. ...
    (microsoft.public.windowsxp.network_web)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: DNS setup
    ... >> address which changes on a regular basis and the root domain and ... >> I have a number of machines on my wireless network and I would like ... but occasionally network traffic gets really slow and I ... > 1) Set up a local DNS server on all the machines of the network. ...
    (freebsd-questions)