Users Domain level Read access problem

-

we experiencing issue domain user appears not have authority read @ domain level though in "domain users" group.  issue started off sql server issue local users run jobs.  after doing research on forums , own testing we've discovered domain users, depending on application, cannot domain lookup.  example, same id i, same server can use "active directory users , computers" traverse through domain structure , see permissions, not change them read them; when use other commands "net user username /domain" on other user, other userid issuing, "system error 5 has occurred.  access denied." 

all i've been able find on web generic advice making sure users trying issue such commands have read access @ domain level.  i'm thinking "net user" , "active directory users , computers" have different mechanics getting same information , difference root of problem.  can shed light or tell me i'm way off

thank you,
sean


incedently sql server commands , errors below:

exec login = 'domain\username'

msg 15404, level 16, state 19, line 1
could not obtain information windows nt group/user ''domain\username', error code 0x5.

 

hi,

 

based on test, if user has permission read properties of user objects in active directory users , computers console, able view information of user accounts using command net user.

 

for further research, check following information:

 

·         how many domain controllers there in domain? please make sure replication works properly.

·         do users in domain encounter issue? please logon other user account , run net user command check result.

·         please use utility dsacls export acl of user object. example, if error "system error 5 has occurred.  access denied." when try view administrator account using command net user administrator /domain. then, please run following command export acl of administrator object:

dsacls cn=administrator,cn=users,dc=domain,dc=com > acl.txt

in addition, please let me know group user, run command net user, member of.

·         please run netmon on machine on run command capture network packets:

1) download , install network monitor 3.2 on machine:

microsoft network monitor 3.2
http://www.microsoft.com/downloads/details.aspx?familyid=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&displaylang=en

2)    log onto machines, right-click the netmon icon , select run administrator launch netmon3.2.

3)    the microsoft network monitor 3.2 window, click create new capture tab.

4)    in new tab, select network adapters in the select networks window.

5)    press f10 start netmon on machine.

6)    run command net user administrator /domain reproduce issue.

7)    after error, go netmon window , press f11 stop netmon.

8)    press ctrl+s save netmon files

note: please let me know ip address of machine , domain controllers.

 

after that, please zip , upload information above following space:

 

https://sftasia.one.microsoft.com/choosetransfer.aspx?key=303ec7f9-4db4-4bd2-b800-914898063f2b

password: ndnm_0uyc23



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

2008 Windows Deployment Server Properties Error

-
currently wading through setup , configuration of wds on 2008 server. have captured xp sp2 image , purposes of testing not prestaging. pxe response settings have been set "respond (known & unknown) client computers" leaving "for unknown clients, notify administrator etc" unchecked when ok properties sheet error "server properties error" "the system cannot find file specified" when attempting use command "wdsutil /approve-autoadddevices /requestid:1" in response pending devices within gui "an error occurred while trying execute command. error code: 0x6 error description: access denied" surely if not attempting add workstations domain (no prestaging) there shouldn't problem. any appreciated  answering part of own question although if can explain reason appreciated. server properties error occurs when launching windows deployment services using start>all programs>administrative tools. if access via server manager...
Read more

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

-
hi, i'm new server 2003.  installed it.  removed enhanced ie security.  proceed download , install windows server 2003 sp1, of dot net (1.1, 2.0, 3.0, 3.5, , updates), , sp2. after downloaded , installed of above, tried windows update menu option in ie.  (ie 8 windows server 2003) , sits there "done" in lower left hand corner.  never brings in window. so try www.microsoft.com -> download , trails -> update.  received error message "files required use microsoft update no longer registered or installed on computer".  click on register or reinstall files me now.  window changes , "check latest version of windows updating software .... ".   sits there (last time sat there on hour). i went on internet , found instructions: regsvr32 wuapi.dll regsvr32 wups.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 atl.dll regsvr32 msxml3.dll did not work either.  have other suggestions?...
Read more

How do a find data in one file, search for it in another file and if not found, write a custom message to another file

-
in file if.txt, starting on 2nd line of file, data formatted follows: ah10551,a10551,cn=a10551,a10551@qts.com ah10600,a10600,cn=a10600,a10600@qts.com ah10608,a10608,cn=a10608,a10608@qts.com in file sf.txt, data formatted follows: 2011-02-16 17:26:44 sid acme\ah10551 added sid history of qts\a10551 2011-02-16 17:26:44 sid acme\ah10244 added sid history of qts\a10244 2011-02-16 17:26:45 sid acme\ah10425 added sid history of qts\a10425 please provide suggestions on how following: 1. in if.txt file, read first field first ',' , store in variable called $if1 2. in sf.txt file, search for the value stored in $if1 , if found, ignore.  if not found, write custom message in another file such as: $if1 sidhistory not migrated. these files wont large.  im trying build 'exception file' of items in if.txt file not occurring in sf.txt file. thanks in advance ideas. mtv99 many ways that... here's one... (using example data) [array]$if1=@() gc d:\if.txt...
Read more