Announcement

Collapse
No announcement yet.

Broken Active Directory?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Broken Active Directory?

    Greetings from a cold Finland, -17 C at the moment.

    Let me give you some background information: I have a Windows 2003 Server, running as fileserver, DC, printserver, databaseserver and so on.

    I have set up Active Directory and the DNS-service so that it works, nslookup works fine inside the LAN and to the Internet, and I can add workstations to the domain.
    No error-messages in the Event-Viewer. I have addes usergroups and users, the users can log on from their computers and map folders that are shared.

    I have shared a folder where users have their documents, let's say that I have given the usergroup TEKNISKA full rights to a folder called RAKVALV, by rightclicking on the folder and used 'Sharing and Security'.

    And the problem is the following: even as I have given the users full rights to that specific folder they can't e.g. change the attributes of the files.
    They get an error message saying "Error Applying Attributes, An error occured applying attributes to the file XXXXXXX.exe, Access is denied".

    And I have not enabled file-encrytion...
    One quick (and dirty) solution to my problem is that I rightclick on the folder again choose Properties.

    Then I go to the Security-tab and click Advanced and add the usergroup TEKNISKA giving them full rights to the folder (again) and then I select the "Replace permission entries on all child objects with entries shown here that apply to the child object"

    But that is not the final solution to my problem, ideas anyone?

  • #2
    In W2K3 shares are created by default as read-only.
    Grand the appropriate group the Change permission at the SHARE level ("share" and not "security" tab) and you should be set.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Originally posted by Guy (Antid0t)
      In W2K3 shares are created by default as read-only.
      Yes I know. But it still doesn't do the trick. I share the folder giving the group TEKNISKA full rights -> share.pic

      And get this error message when a member of the TEKNISKA usergroup tries to for as example change the attribute (to read only) of a .jpg -file in that folder -> attrib.change.pic

      And if the user tries to delete the file it says that the file may be in use, which it is not.

      And now there has appered a couple of error messages in the Event Viewer ->

      File Replication Error and DNS Server Error

      Any suggestions?

      Comment


      • #4
        Any suggestions at all? Other than format C: and a fresh setup.

        Comment


        • #5
          Hi,

          check the following:

          - does DNS work properly? Does the server itself resolve the name?
          - have you checked with dcdiag and netdiag if there are any warnings?
          - is the DC listed in "Domain Controllers" ?

          good luck!

          Comment


          • #6
            - does DNS work properly? Does the server itself resolve the name?
            of course i meant:

            - does DNS work properly? Does the server itself resolve his name on the command prompt?

            bye

            Comment


            • #7
              Originally posted by walther40789
              - does DNS work properly? Does the server itself resolve his name on the command prompt?
              Yes, it resolves it's own name, I havn't checked the other things you mentioned, but I will. I'll get back when i'ts done.

              Comment


              • #8
                Check DC 1st

                1) I would start by installing the /SUPPORT tools from the install CD and running the DCDIAG tool on the DC from the command line.

                This is a start to see if you have a healthy DC

                Comment


                • #9
                  I did a dcdiag, just by typing dcdiag at the cmd with no extra switches. And the result is:

                  Code:
                  Domain Controller Diagnosis
                  
                  Performing initial setup:
                     Done gathering initial info.
                  
                  Doing initial required tests
                  
                     Testing server: Default-First-Site-Name\KSERVER
                        Starting test: Connectivity
                           ......................... KSERVER passed test Connectivity
                  
                  Doing primary tests
                  
                     Testing server: Default-First-Site-Name\KSERVER
                        Starting test: Replications
                           ......................... KSERVER passed test Replications
                        Starting test: NCSecDesc
                           ......................... KSERVER passed test NCSecDesc
                        Starting test: NetLogons
                           ......................... KSERVER passed test NetLogons
                        Starting test: Advertising
                           ......................... KSERVER passed test Advertising
                        Starting test: KnowsOfRoleHolders
                           ......................... KSERVER passed test KnowsOfRoleHolders
                        Starting test: RidManager
                           ......................... KSERVER passed test RidManager
                        Starting test: MachineAccount
                           ......................... KSERVER passed test MachineAccount
                        Starting test: Services
                           ......................... KSERVER passed test Services
                        Starting test: ObjectsReplicated
                           ......................... KSERVER passed test ObjectsReplicated
                        Starting test: frssysvol
                           ......................... KSERVER passed test frssysvol
                        Starting test: frsevent
                           ......................... KSERVER passed test frsevent
                        Starting test: kccevent
                           ......................... KSERVER passed test kccevent
                        Starting test: systemlog
                           ......................... KSERVER passed test systemlog
                        Starting test: VerifyReferences
                           ......................... KSERVER passed test VerifyReferences
                  
                     Running partition tests on : ForestDnsZones
                        Starting test: CrossRefValidation
                           ......................... ForestDnsZones passed test CrossRefValidation
                  
                        Starting test: CheckSDRefDom
                           ......................... ForestDnsZones passed test CheckSDRefDom
                  
                     Running partition tests on : DomainDnsZones
                        Starting test: CrossRefValidation
                           ......................... DomainDnsZones passed test CrossRefValidation
                  
                        Starting test: CheckSDRefDom
                           ......................... DomainDnsZones passed test CheckSDRefDom
                  
                     Running partition tests on : Schema
                        Starting test: CrossRefValidation
                           ......................... Schema passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                           ......................... Schema passed test CheckSDRefDom
                  
                     Running partition tests on : Configuration
                        Starting test: CrossRefValidation
                           ......................... Configuration passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                           ......................... Configuration passed test CheckSDRefDom
                  
                     Running partition tests on : kserver
                        Starting test: CrossRefValidation
                           ......................... kserver passed test CrossRefValidation
                        Starting test: CheckSDRefDom
                           ......................... kserver passed test CheckSDRefDom
                  
                     Running enterprise tests on : kserver.XXXXX.local
                        Starting test: Intersite
                           ......................... kserver.XXXXX.local passed test Intersite
                        Starting test: FsmoCheck
                           ......................... kserver.XXXXX.local passed test FsmoCheck
                  
                  C:\Documents and Settings\Administrator.KSERVER>
                  Should i run the dcdiag with some special option/switch?

                  Comment

                  Working...
                  X