Announcement

Collapse
No announcement yet.

Active Directory Not Working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Not Working

    Dear All

    I am Facing problem when i accidentally Denied the Authnatication Group in Active Directory user and computer snap-in now here is problem accure

    i getting error message when i open DSA.msc look



    When opening ADSIEDIT.msc



    Here is Dcdiag Report

    Code:
    Domain Controller Diagnosis
    
    Performing initial setup:
       Done gathering initial info.
    
    Doing initial required tests
       
       Testing server: Default-First-Site-Name\SRV1
          Starting test: Connectivity
             ......................... SRV1 passed test Connectivity
    
    Doing primary tests
       
       Testing server: Default-First-Site-Name\SRV1
          Starting test: Replications
             ......................... SRV1 passed test Replications
          Starting test: NCSecDesc
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 
                Replicating Directory Changes
                Replicating Directory Changes All
                Replication Synchronization
                Manage Replication Topology
             access rights for the naming context:
             CN=Schema,CN=Configuration,DC=domain,DC=local
             Error BUILTIN\Administrators doesn't have 
                Replicating Directory Changes
                Replicating Directory Changes All
                Replication Synchronization
                Manage Replication Topology
             access rights for the naming context:
             CN=Schema,CN=Configuration,DC=domain,DC=local
             Fatal Error: Cannot retrieve SID
             ......................... SRV1 failed test NCSecDesc
          Starting test: NetLogons
             ......................... SRV1 passed test NetLogons
          Starting test: Advertising
             ......................... SRV1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Warning: SRV1 could not resolve the name for role
             PDC Owner.
             The name error was Not Found.
             Warning: SRV1 could not resolve the name for role
             Rid Owner.
             The name error was Not Found.
             Warning: SRV1 could not resolve the name for role
             Infrastructure Update Owner.
             The name error was Not Found.
             ......................... SRV1 failed test KnowsOfRoleHolders
          Starting test: RidManager
             The "RID manager reference" could not be found for domain DN
             DC=domain,DC=local. The lack of a RID manager reference indicates that
             the Security Accounts Manager has not been able to obtain a pool of
             RIDs for this machine. The Directory will not allow Netlogon to
             advertise this machine until the system has been able to obtain a RID
             pool. Please verify that this system can replicate with other members
             of the enterprise. Failure to replicate with the RID FSMO owner can
             prevent a system from obtaining a RID Pool. 
             Warning: attribute FSMORoleOwner missing from (null)
             ......................... SRV1 failed test RidManager
          Starting test: MachineAccount
             ......................... SRV1 passed test MachineAccount
          Starting test: Services
             ......................... SRV1 passed test Services
          Starting test: ObjectsReplicated
             ......................... SRV1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... SRV1 passed test frssysvol
          Starting test: frsevent
             ......................... SRV1 passed test frsevent
          Starting test: kccevent
             ......................... SRV1 passed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0xC25A001D
                Time Generated: 10/01/2009   02:06:18
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0002715
                Time Generated: 10/01/2009   02:06:20
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B6F
                Time Generated: 10/01/2009   02:07:46
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B61
                Time Generated: 10/01/2009   02:07:46
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B58
                Time Generated: 10/01/2009   02:07:46
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B61
                Time Generated: 10/01/2009   02:07:46
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B58
                Time Generated: 10/01/2009   02:07:46
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0002715
                Time Generated: 10/01/2009   02:09:28
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B61
                Time Generated: 10/01/2009   02:10:26
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0xC0001B58
                Time Generated: 10/01/2009   02:10:26
                (Event String could not be retrieved)
             ......................... SRV1 failed test systemlog
          Starting test: VerifyReferences
             ......................... SRV1 passed test VerifyReferences
       
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
       
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
       
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
       
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
       
       Running partition tests on : domain
          Starting test: CrossRefValidation
             ......................... domain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... domain passed test CheckSDRefDom
       
       Running enterprise tests on : domain.local
          Starting test: Intersite
             ......................... domain.local passed test Intersite
          Starting test: FsmoCheck
             ......................... domain.local passed test FsmoCheck
    Netdiag is passed everything

    This permission Related Error Please help how i restore this thanks
    Attached Files
    Last edited by mrk2008; 30th September 2009, 22:00.

  • #2
    Re: Active Directory Not Working

    Have you tried to Undo what you did prior to you having the problem?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Active Directory Not Working

      Run the following the commands.

      Secedit /configure /cfg C:\Windows\repair\secsetup.inf /db secsetup.sdb

      Secedit /configure /cfg C:\Windows\repair\secdc.inf /db secdc.sdb


      Thanks
      MCSE 2003; MCTS Vista; Sec+; CCNA
      Attitude Makes The Difference!
      in other words you got to WANT to do it..

      Comment


      • #4
        Re: Active Directory Not Working

        Originally posted by ikon View Post
        Run the following the commands.

        Secedit /configure /cfg C:\Windows\repair\secsetup.inf /db secsetup.sdb

        Secedit /configure /cfg C:\Windows\repair\secdc.inf /db secdc.sdb


        Thanks
        Thanks for reply i am getting result below





        scesrv.log file is attached about access denied

        any other suggation
        Attached Files

        Comment


        • #5
          Re: Active Directory Not Working

          Originally posted by L4ndy View Post
          Have you tried to Undo what you did prior to you having the problem?
          what i accidentally denied the authentication group intimidate error occurred so i can't undo permission because nothing opening

          Comment


          • #6
            Re: Active Directory Not Working

            Restore from your backup?
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Active Directory Not Working

              Try this


              http://windowsitpro.com/article/arti...ects-gpos.html

              or

              http://support.microsoft.com/kb/226243

              did you play with Group Policy's to remove what you did?
              MCSE 2003; MCTS Vista; Sec+; CCNA
              Attitude Makes The Difference!
              in other words you got to WANT to do it..

              Comment


              • #8
                Re: Active Directory Not Working

                Looking at my own ADUC I don't see an "Authentication" Group.

                I do see an Administrator user, Domain Admins group and an Enterprise Admins group.

                I'm not aware of and "Authentication" group within ADUC other than maybe you're referring to the built-in group "Windows Authorization Access Group". Is that what you're talking about?

                Perhaps you should try something like

                http://www.petri.com/reset_domain_ad...er_2003_ad.htm
                GoogleFu is strong with this one ^

                Comment


                • #9
                  Re: Active Directory Not Working

                  Originally posted by stamandster View Post
                  Looking at my own ADUC I don't see an "Authentication" Group.

                  I do see an Administrator user, Domain Admins group and an Enterprise Admins group.

                  I'm not aware of and "Authentication" group within ADUC other than maybe you're referring to the built-in group "Windows Authorization Access Group". Is that what you're talking about?

                  Perhaps you should try something like

                  http://www.petri.com/reset_domain_ad...er_2003_ad.htm
                  Authentication user Groups I am Talking About sorry i say Authentication Group only

                  Comment


                  • #10
                    Re: Active Directory Not Working

                    Originally posted by ikon View Post
                    Try this


                    http://windowsitpro.com/article/arti...ects-gpos.html

                    or

                    http://support.microsoft.com/kb/226243

                    did you play with Group Policy's to remove what you did?
                    I am not playing with GPO is there is any i restore Security ACL On Directory Database. command line some thing

                    Comment

                    Working...
                    X