Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » local users and groups
local users and groups [message #159508] Thu, 30 July 2009 12:14 Go to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
My server which is a domain controller does not have local users and groups
listed under shared folders in the computer management screen whereas my
local computer does and also a different server on the network. I have tried
putting it in using mmc but there is not a snapin for this. How do I make it
appear. I have been told that in order for the not domain controller server
to authenticate users to open files on it the domain controller needs the
local users and groups to be the same. Thank you in advance.
Re: local users and groups [message #159514 is a reply to message #159508] Thu, 30 July 2009 12:44 Go to previous messageGo to next message
Mel.K  is currently offline Mel.K  United States
Messages: 38
Registered: July 2009
Member
A DC cannot contain local users and groups because it shares the DOMAIN
users and groups with all other DCs (through replication). That's the way a
DC operates. Once you promote a member server to a DC, it loses access to
all local accounts (but if you demote the DC, I believe the local accounts
become accessible again).

--
Mel K.
MCSA: M
"seeker" <seeker@discussions.microsoft.com> wrote in message
news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> My server which is a domain controller does not have local users and
> groups
> listed under shared folders in the computer management screen whereas my
> local computer does and also a different server on the network. I have
> tried
> putting it in using mmc but there is not a snapin for this. How do I make
> it
> appear. I have been told that in order for the not domain controller
> server
> to authenticate users to open files on it the domain controller needs the
> local users and groups to be the same. Thank you in advance.
Re: local users and groups [message #159515 is a reply to message #159508] Thu, 30 July 2009 12:43 Go to previous messageGo to next message
Santhosh Sivarajan  is currently offline Santhosh Sivarajan
Messages: 110
Registered: July 2009
Senior Member
There is no "real" local users or groups on a DC. Inside AD or on DC it is
a Domain users and Groups. In-order to manage AD users and computers, you
need to Active Directory Users and Computer Management tool.

All Programs -> Admin Tools -> Active Directory Users and Computers


--
Santhosh Sivarajan | MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
http://blogcastrepository.com/blogs/santhosh/
http://www.sivarajan.com/publications.html


"seeker" <seeker@discussions.microsoft.com> wrote in message
news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> My server which is a domain controller does not have local users and
> groups
> listed under shared folders in the computer management screen whereas my
> local computer does and also a different server on the network. I have
> tried
> putting it in using mmc but there is not a snapin for this. How do I make
> it
> appear. I have been told that in order for the not domain controller
> server
> to authenticate users to open files on it the domain controller needs the
> local users and groups to be the same. Thank you in advance.
Re: local users and groups [message #159516 is a reply to message #159514] Thu, 30 July 2009 13:00 Go to previous messageGo to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
Thank you for such quick response. My problem is that I am logged into a
client who has shortcuts to directory on non dc server and when I try to open
the shortcut a screen comes up asking for user name and password. The only
user name and password that allows me to open is one that is found in the
administrator group of the non-dc server. How can I get users to
authenticate so they can open files on the non dc server. Thanks.

"Mel K." wrote:

> A DC cannot contain local users and groups because it shares the DOMAIN
> users and groups with all other DCs (through replication). That's the way a
> DC operates. Once you promote a member server to a DC, it loses access to
> all local accounts (but if you demote the DC, I believe the local accounts
> become accessible again).
>
> --
> Mel K.
> MCSA: M
> "seeker" <seeker@discussions.microsoft.com> wrote in message
> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> > My server which is a domain controller does not have local users and
> > groups
> > listed under shared folders in the computer management screen whereas my
> > local computer does and also a different server on the network. I have
> > tried
> > putting it in using mmc but there is not a snapin for this. How do I make
> > it
> > appear. I have been told that in order for the not domain controller
> > server
> > to authenticate users to open files on it the domain controller needs the
> > local users and groups to be the same. Thank you in advance.
>
>
>
Re: local users and groups [message #159517 is a reply to message #159516] Thu, 30 July 2009 13:09 Go to previous messageGo to next message
Mel.K  is currently offline Mel.K  United States
Messages: 38
Registered: July 2009
Member
Ok. This is a whole different issue then. I'll break this down to the major
parts so it's easier to follow.

1.) Find out which AD account the user is logged on as.
2.) Verify that the server is a member of the domain. It doesn't seem like
the server is, from what you described, so add it to the domain if doing so
is not an issue.
3.) Go to the folder on the server that the shortcut points to.
4.) Give the user's AD account (from step 1) permission to the folder. You
might also have to give the user permission to the share.

--
Mel K.
MCSA: M
"seeker" <seeker@discussions.microsoft.com> wrote in message
news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
> Thank you for such quick response. My problem is that I am logged into a
> client who has shortcuts to directory on non dc server and when I try to
> open
> the shortcut a screen comes up asking for user name and password. The
> only
> user name and password that allows me to open is one that is found in the
> administrator group of the non-dc server. How can I get users to
> authenticate so they can open files on the non dc server. Thanks.
>
> "Mel K." wrote:
>
>> A DC cannot contain local users and groups because it shares the DOMAIN
>> users and groups with all other DCs (through replication). That's the way
>> a
>> DC operates. Once you promote a member server to a DC, it loses access to
>> all local accounts (but if you demote the DC, I believe the local
>> accounts
>> become accessible again).
>>
>> --
>> Mel K.
>> MCSA: M
>> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
>> > My server which is a domain controller does not have local users and
>> > groups
>> > listed under shared folders in the computer management screen whereas
>> > my
>> > local computer does and also a different server on the network. I have
>> > tried
>> > putting it in using mmc but there is not a snapin for this. How do I
>> > make
>> > it
>> > appear. I have been told that in order for the not domain controller
>> > server
>> > to authenticate users to open files on it the domain controller needs
>> > the
>> > local users and groups to be the same. Thank you in advance.
>>
>>
>>
Re: local users and groups [message #159518 is a reply to message #159517] Thu, 30 July 2009 13:31 Go to previous messageGo to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
Thank you. The server is a part of the domain. User1 is logged into client
a1. On the desktop of that computer there is a shortcut to temp directory on
server3. On server3 under properties and then security tab user1 has been
added with read and execute and read permissions and list contents. When the
user1 clicks on the shortcut the following box appears connecting to server3
username _______ password _______. If I type administrator with adminstrator
password I can get into the directory. User1 and password gives me the box
again to enter username and password.

What is even more confusing is the group that user1 is a member of domain
users is also on the share and folder.

"Mel K." wrote:

> Ok. This is a whole different issue then. I'll break this down to the major
> parts so it's easier to follow.
>
> 1.) Find out which AD account the user is logged on as.
> 2.) Verify that the server is a member of the domain. It doesn't seem like
> the server is, from what you described, so add it to the domain if doing so
> is not an issue.
> 3.) Go to the folder on the server that the shortcut points to.
> 4.) Give the user's AD account (from step 1) permission to the folder. You
> might also have to give the user permission to the share.
>
> --
> Mel K.
> MCSA: M
> "seeker" <seeker@discussions.microsoft.com> wrote in message
> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
> > Thank you for such quick response. My problem is that I am logged into a
> > client who has shortcuts to directory on non dc server and when I try to
> > open
> > the shortcut a screen comes up asking for user name and password. The
> > only
> > user name and password that allows me to open is one that is found in the
> > administrator group of the non-dc server. How can I get users to
> > authenticate so they can open files on the non dc server. Thanks.
> >
> > "Mel K." wrote:
> >
> >> A DC cannot contain local users and groups because it shares the DOMAIN
> >> users and groups with all other DCs (through replication). That's the way
> >> a
> >> DC operates. Once you promote a member server to a DC, it loses access to
> >> all local accounts (but if you demote the DC, I believe the local
> >> accounts
> >> become accessible again).
> >>
> >> --
> >> Mel K.
> >> MCSA: M
> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> >> > My server which is a domain controller does not have local users and
> >> > groups
> >> > listed under shared folders in the computer management screen whereas
> >> > my
> >> > local computer does and also a different server on the network. I have
> >> > tried
> >> > putting it in using mmc but there is not a snapin for this. How do I
> >> > make
> >> > it
> >> > appear. I have been told that in order for the not domain controller
> >> > server
> >> > to authenticate users to open files on it the domain controller needs
> >> > the
> >> > local users and groups to be the same. Thank you in advance.
> >>
> >>
> >>
>
>
>
Re: local users and groups [message #159519 is a reply to message #159518] Thu, 30 July 2009 13:36 Go to previous messageGo to next message
Danny Sanders  is currently offline Danny Sanders  United States
Messages: 169
Registered: July 2009
Senior Member
It sounds like either client a1 or server 3 is not on the domain.

You should be able to setup a user on server3 using the same username and
password User1 uses to log into client a1. Then on the server grant *that*
user permission to the shared folder.

If I understand you correctly


hth
DDS

"seeker" <seeker@discussions.microsoft.com> wrote in message
news:62E140D0-08F3-47EB-BA20-7A0E02CC64F0@microsoft.com...
> Thank you. The server is a part of the domain. User1 is logged into
> client
> a1. On the desktop of that computer there is a shortcut to temp directory
> on
> server3. On server3 under properties and then security tab user1 has been
> added with read and execute and read permissions and list contents. When
> the
> user1 clicks on the shortcut the following box appears connecting to
> server3
> username _______ password _______. If I type administrator with
> adminstrator
> password I can get into the directory. User1 and password gives me the
> box
> again to enter username and password.
>
> What is even more confusing is the group that user1 is a member of domain
> users is also on the share and folder.
>
> "Mel K." wrote:
>
>> Ok. This is a whole different issue then. I'll break this down to the
>> major
>> parts so it's easier to follow.
>>
>> 1.) Find out which AD account the user is logged on as.
>> 2.) Verify that the server is a member of the domain. It doesn't seem
>> like
>> the server is, from what you described, so add it to the domain if doing
>> so
>> is not an issue.
>> 3.) Go to the folder on the server that the shortcut points to.
>> 4.) Give the user's AD account (from step 1) permission to the folder.
>> You
>> might also have to give the user permission to the share.
>>
>> --
>> Mel K.
>> MCSA: M
>> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
>> > Thank you for such quick response. My problem is that I am logged into
>> > a
>> > client who has shortcuts to directory on non dc server and when I try
>> > to
>> > open
>> > the shortcut a screen comes up asking for user name and password. The
>> > only
>> > user name and password that allows me to open is one that is found in
>> > the
>> > administrator group of the non-dc server. How can I get users to
>> > authenticate so they can open files on the non dc server. Thanks.
>> >
>> > "Mel K." wrote:
>> >
>> >> A DC cannot contain local users and groups because it shares the
>> >> DOMAIN
>> >> users and groups with all other DCs (through replication). That's the
>> >> way
>> >> a
>> >> DC operates. Once you promote a member server to a DC, it loses access
>> >> to
>> >> all local accounts (but if you demote the DC, I believe the local
>> >> accounts
>> >> become accessible again).
>> >>
>> >> --
>> >> Mel K.
>> >> MCSA: M
>> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
>> >> > My server which is a domain controller does not have local users and
>> >> > groups
>> >> > listed under shared folders in the computer management screen
>> >> > whereas
>> >> > my
>> >> > local computer does and also a different server on the network. I
>> >> > have
>> >> > tried
>> >> > putting it in using mmc but there is not a snapin for this. How do
>> >> > I
>> >> > make
>> >> > it
>> >> > appear. I have been told that in order for the not domain
>> >> > controller
>> >> > server
>> >> > to authenticate users to open files on it the domain controller
>> >> > needs
>> >> > the
>> >> > local users and groups to be the same. Thank you in advance.
>> >>
>> >>
>> >>
>>
>>
>>
Re: local users and groups [message #159520 is a reply to message #159519] Thu, 30 July 2009 14:28 Go to previous messageGo to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
Thank you. in AD server3 is in the computers directory and a1 is not but a1
is in a members workstations directory. Could this be the problem? If so
how do I add a1 to the computer directory. When I right click on my computer
and go to properties while in a1 computer name indicates that it has a domain
name i.e. a1@domainname.local

"Danny Sanders" wrote:

> It sounds like either client a1 or server 3 is not on the domain.
>
> You should be able to setup a user on server3 using the same username and
> password User1 uses to log into client a1. Then on the server grant *that*
> user permission to the shared folder.
>
> If I understand you correctly
>
>
> hth
> DDS
>
> "seeker" <seeker@discussions.microsoft.com> wrote in message
> news:62E140D0-08F3-47EB-BA20-7A0E02CC64F0@microsoft.com...
> > Thank you. The server is a part of the domain. User1 is logged into
> > client
> > a1. On the desktop of that computer there is a shortcut to temp directory
> > on
> > server3. On server3 under properties and then security tab user1 has been
> > added with read and execute and read permissions and list contents. When
> > the
> > user1 clicks on the shortcut the following box appears connecting to
> > server3
> > username _______ password _______. If I type administrator with
> > adminstrator
> > password I can get into the directory. User1 and password gives me the
> > box
> > again to enter username and password.
> >
> > What is even more confusing is the group that user1 is a member of domain
> > users is also on the share and folder.
> >
> > "Mel K." wrote:
> >
> >> Ok. This is a whole different issue then. I'll break this down to the
> >> major
> >> parts so it's easier to follow.
> >>
> >> 1.) Find out which AD account the user is logged on as.
> >> 2.) Verify that the server is a member of the domain. It doesn't seem
> >> like
> >> the server is, from what you described, so add it to the domain if doing
> >> so
> >> is not an issue.
> >> 3.) Go to the folder on the server that the shortcut points to.
> >> 4.) Give the user's AD account (from step 1) permission to the folder.
> >> You
> >> might also have to give the user permission to the share.
> >>
> >> --
> >> Mel K.
> >> MCSA: M
> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
> >> > Thank you for such quick response. My problem is that I am logged into
> >> > a
> >> > client who has shortcuts to directory on non dc server and when I try
> >> > to
> >> > open
> >> > the shortcut a screen comes up asking for user name and password. The
> >> > only
> >> > user name and password that allows me to open is one that is found in
> >> > the
> >> > administrator group of the non-dc server. How can I get users to
> >> > authenticate so they can open files on the non dc server. Thanks.
> >> >
> >> > "Mel K." wrote:
> >> >
> >> >> A DC cannot contain local users and groups because it shares the
> >> >> DOMAIN
> >> >> users and groups with all other DCs (through replication). That's the
> >> >> way
> >> >> a
> >> >> DC operates. Once you promote a member server to a DC, it loses access
> >> >> to
> >> >> all local accounts (but if you demote the DC, I believe the local
> >> >> accounts
> >> >> become accessible again).
> >> >>
> >> >> --
> >> >> Mel K.
> >> >> MCSA: M
> >> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> >> >> > My server which is a domain controller does not have local users and
> >> >> > groups
> >> >> > listed under shared folders in the computer management screen
> >> >> > whereas
> >> >> > my
> >> >> > local computer does and also a different server on the network. I
> >> >> > have
> >> >> > tried
> >> >> > putting it in using mmc but there is not a snapin for this. How do
> >> >> > I
> >> >> > make
> >> >> > it
> >> >> > appear. I have been told that in order for the not domain
> >> >> > controller
> >> >> > server
> >> >> > to authenticate users to open files on it the domain controller
> >> >> > needs
> >> >> > the
> >> >> > local users and groups to be the same. Thank you in advance.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Re: local users and groups [message #159523 is a reply to message #159508] Thu, 30 July 2009 15:24 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Seeker,

A domain controller has no local users and groups, user accounts, security
groups, computers on a domain controller are managed with Active directory
users and computers from the administrative tools. This normal and expected.

A workgroup server or also domain member server(non-DC) does have local users
and groups available. By default you should not use them when the server
is domain member, there centralized management is done with Active directory
users and computers.

So if you have workgroup server NOT belonging to the domain and like to access
shared fodlers on the domain controller, you have to create a mapping to
the shared folder and must provide a domain user account and password to
get access to that share. This requires also that the user accounts has the
neede permissions on the shared folder on the domain controllers harddrive.

So on the Domain controller where the folder is shared, you have to configure
the share permissions and the NTFS permissions for that folder with the user
account or security group which should have access.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> My server which is a domain controller does not have local users and
> groups listed under shared folders in the computer management screen
> whereas my local computer does and also a different server on the
> network. I have tried putting it in using mmc but there is not a
> snapin for this. How do I make it appear. I have been told that in
> order for the not domain controller server to authenticate users to
> open files on it the domain controller needs the local users and
> groups to be the same. Thank you in advance.
>
Re: local users and groups [message #159524 is a reply to message #159520] Thu, 30 July 2009 15:50 Go to previous messageGo to next message
Mel.K  is currently offline Mel.K  United States
Messages: 38
Registered: July 2009
Member
Some other things to try:

A.

Try this from the user's computer: Start --> Run --> type \\servername
[servername being the actual server name]. Can you user see the share in
question and open it up? If so, recreate a new shortcut.

B.

Try A from another computer while logged on as the user.

C.

If A doesn't work and B does work, then perhaps a username/password was
cached before, so try this on the user's computer:

1.) Start --> Run
2.) Type control userpasswords2 and press enter
3.) Go to the Advanced tab --> Manage Passwords.
4.) Look for the server name or IP address in the list and remove it.
5.) Reboot for good measure and try again.

--
Thank you,
Mel K.
MCSA: M
"seeker" <seeker@discussions.microsoft.com> wrote in message
news:F59F0069-663F-45B8-92CB-A29603AE7561@microsoft.com...
> Thank you. in AD server3 is in the computers directory and a1 is not but
> a1
> is in a members workstations directory. Could this be the problem? If so
> how do I add a1 to the computer directory. When I right click on my
> computer
> and go to properties while in a1 computer name indicates that it has a
> domain
> name i.e. a1@domainname.local
>
> "Danny Sanders" wrote:
>
>> It sounds like either client a1 or server 3 is not on the domain.
>>
>> You should be able to setup a user on server3 using the same username and
>> password User1 uses to log into client a1. Then on the server grant
>> *that*
>> user permission to the shared folder.
>>
>> If I understand you correctly
>>
>>
>> hth
>> DDS
>>
>> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> news:62E140D0-08F3-47EB-BA20-7A0E02CC64F0@microsoft.com...
>> > Thank you. The server is a part of the domain. User1 is logged into
>> > client
>> > a1. On the desktop of that computer there is a shortcut to temp
>> > directory
>> > on
>> > server3. On server3 under properties and then security tab user1 has
>> > been
>> > added with read and execute and read permissions and list contents.
>> > When
>> > the
>> > user1 clicks on the shortcut the following box appears connecting to
>> > server3
>> > username _______ password _______. If I type administrator with
>> > adminstrator
>> > password I can get into the directory. User1 and password gives me the
>> > box
>> > again to enter username and password.
>> >
>> > What is even more confusing is the group that user1 is a member of
>> > domain
>> > users is also on the share and folder.
>> >
>> > "Mel K." wrote:
>> >
>> >> Ok. This is a whole different issue then. I'll break this down to the
>> >> major
>> >> parts so it's easier to follow.
>> >>
>> >> 1.) Find out which AD account the user is logged on as.
>> >> 2.) Verify that the server is a member of the domain. It doesn't seem
>> >> like
>> >> the server is, from what you described, so add it to the domain if
>> >> doing
>> >> so
>> >> is not an issue.
>> >> 3.) Go to the folder on the server that the shortcut points to.
>> >> 4.) Give the user's AD account (from step 1) permission to the folder.
>> >> You
>> >> might also have to give the user permission to the share.
>> >>
>> >> --
>> >> Mel K.
>> >> MCSA: M
>> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> >> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
>> >> > Thank you for such quick response. My problem is that I am logged
>> >> > into
>> >> > a
>> >> > client who has shortcuts to directory on non dc server and when I
>> >> > try
>> >> > to
>> >> > open
>> >> > the shortcut a screen comes up asking for user name and password.
>> >> > The
>> >> > only
>> >> > user name and password that allows me to open is one that is found
>> >> > in
>> >> > the
>> >> > administrator group of the non-dc server. How can I get users to
>> >> > authenticate so they can open files on the non dc server. Thanks.
>> >> >
>> >> > "Mel K." wrote:
>> >> >
>> >> >> A DC cannot contain local users and groups because it shares the
>> >> >> DOMAIN
>> >> >> users and groups with all other DCs (through replication). That's
>> >> >> the
>> >> >> way
>> >> >> a
>> >> >> DC operates. Once you promote a member server to a DC, it loses
>> >> >> access
>> >> >> to
>> >> >> all local accounts (but if you demote the DC, I believe the local
>> >> >> accounts
>> >> >> become accessible again).
>> >> >>
>> >> >> --
>> >> >> Mel K.
>> >> >> MCSA: M
>> >> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> >> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
>> >> >> > My server which is a domain controller does not have local users
>> >> >> > and
>> >> >> > groups
>> >> >> > listed under shared folders in the computer management screen
>> >> >> > whereas
>> >> >> > my
>> >> >> > local computer does and also a different server on the network.
>> >> >> > I
>> >> >> > have
>> >> >> > tried
>> >> >> > putting it in using mmc but there is not a snapin for this. How
>> >> >> > do
>> >> >> > I
>> >> >> > make
>> >> >> > it
>> >> >> > appear. I have been told that in order for the not domain
>> >> >> > controller
>> >> >> > server
>> >> >> > to authenticate users to open files on it the domain controller
>> >> >> > needs
>> >> >> > the
>> >> >> > local users and groups to be the same. Thank you in advance.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Re: local users and groups [message #159542 is a reply to message #159520] Fri, 31 July 2009 06:32 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Did you get this resolved?

While on the computer tab, there should be a change button. Click this and
if the computer is not part of the domain then just go ahead add it and
reboot a1. From there you should be able to go back to your folder that you
want to add specific domain users to the share and ntfs permissions.

Check out the link below if you are still confused on joining a domain
http://www.petri.co.il/joining_a_domain_in_windows_xp_pro.ht m

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"seeker" <seeker@discussions.microsoft.com> wrote in message
news:F59F0069-663F-45B8-92CB-A29603AE7561@microsoft.com...
> Thank you. in AD server3 is in the computers directory and a1 is not but
> a1
> is in a members workstations directory. Could this be the problem? If so
> how do I add a1 to the computer directory. When I right click on my
> computer
> and go to properties while in a1 computer name indicates that it has a
> domain
> name i.e. a1@domainname.local
>
> "Danny Sanders" wrote:
>
>> It sounds like either client a1 or server 3 is not on the domain.
>>
>> You should be able to setup a user on server3 using the same username and
>> password User1 uses to log into client a1. Then on the server grant
>> *that*
>> user permission to the shared folder.
>>
>> If I understand you correctly
>>
>>
>> hth
>> DDS
>>
>> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> news:62E140D0-08F3-47EB-BA20-7A0E02CC64F0@microsoft.com...
>> > Thank you. The server is a part of the domain. User1 is logged into
>> > client
>> > a1. On the desktop of that computer there is a shortcut to temp
>> > directory
>> > on
>> > server3. On server3 under properties and then security tab user1 has
>> > been
>> > added with read and execute and read permissions and list contents.
>> > When
>> > the
>> > user1 clicks on the shortcut the following box appears connecting to
>> > server3
>> > username _______ password _______. If I type administrator with
>> > adminstrator
>> > password I can get into the directory. User1 and password gives me the
>> > box
>> > again to enter username and password.
>> >
>> > What is even more confusing is the group that user1 is a member of
>> > domain
>> > users is also on the share and folder.
>> >
>> > "Mel K." wrote:
>> >
>> >> Ok. This is a whole different issue then. I'll break this down to the
>> >> major
>> >> parts so it's easier to follow.
>> >>
>> >> 1.) Find out which AD account the user is logged on as.
>> >> 2.) Verify that the server is a member of the domain. It doesn't seem
>> >> like
>> >> the server is, from what you described, so add it to the domain if
>> >> doing
>> >> so
>> >> is not an issue.
>> >> 3.) Go to the folder on the server that the shortcut points to.
>> >> 4.) Give the user's AD account (from step 1) permission to the folder.
>> >> You
>> >> might also have to give the user permission to the share.
>> >>
>> >> --
>> >> Mel K.
>> >> MCSA: M
>> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> >> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
>> >> > Thank you for such quick response. My problem is that I am logged
>> >> > into
>> >> > a
>> >> > client who has shortcuts to directory on non dc server and when I
>> >> > try
>> >> > to
>> >> > open
>> >> > the shortcut a screen comes up asking for user name and password.
>> >> > The
>> >> > only
>> >> > user name and password that allows me to open is one that is found
>> >> > in
>> >> > the
>> >> > administrator group of the non-dc server. How can I get users to
>> >> > authenticate so they can open files on the non dc server. Thanks.
>> >> >
>> >> > "Mel K." wrote:
>> >> >
>> >> >> A DC cannot contain local users and groups because it shares the
>> >> >> DOMAIN
>> >> >> users and groups with all other DCs (through replication). That's
>> >> >> the
>> >> >> way
>> >> >> a
>> >> >> DC operates. Once you promote a member server to a DC, it loses
>> >> >> access
>> >> >> to
>> >> >> all local accounts (but if you demote the DC, I believe the local
>> >> >> accounts
>> >> >> become accessible again).
>> >> >>
>> >> >> --
>> >> >> Mel K.
>> >> >> MCSA: M
>> >> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
>> >> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
>> >> >> > My server which is a domain controller does not have local users
>> >> >> > and
>> >> >> > groups
>> >> >> > listed under shared folders in the computer management screen
>> >> >> > whereas
>> >> >> > my
>> >> >> > local computer does and also a different server on the network.
>> >> >> > I
>> >> >> > have
>> >> >> > tried
>> >> >> > putting it in using mmc but there is not a snapin for this. How
>> >> >> > do
>> >> >> > I
>> >> >> > make
>> >> >> > it
>> >> >> > appear. I have been told that in order for the not domain
>> >> >> > controller
>> >> >> > server
>> >> >> > to authenticate users to open files on it the domain controller
>> >> >> > needs
>> >> >> > the
>> >> >> > local users and groups to be the same. Thank you in advance.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Re: local users and groups [message #159546 is a reply to message #159524] Fri, 31 July 2009 07:54 Go to previous messageGo to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
Thanks for the suggestions. Both a and b do not work. when I type
\\servername in the explore (run is not available for this user) the
following error message occurs; "access to the \\servername has been
disallowed." So how can I allow access? this user is in the domain users
group on the AD and the domain users group is in the users group of the
server3. I can log in as myself who has administrative privilege and can get
in to the share from a1 just fine. If I put the domain users in the
administrator group then my user can get in just fine. I do not want that
for obvious reasons. Thanks for your further input.

"Mel K." wrote:

> Some other things to try:
>
> A.
>
> Try this from the user's computer: Start --> Run --> type \\servername
> [servername being the actual server name]. Can you user see the share in
> question and open it up? If so, recreate a new shortcut.
>
> B.
>
> Try A from another computer while logged on as the user.
>
> C.
>
> If A doesn't work and B does work, then perhaps a username/password was
> cached before, so try this on the user's computer:
>
> 1.) Start --> Run
> 2.) Type control userpasswords2 and press enter
> 3.) Go to the Advanced tab --> Manage Passwords.
> 4.) Look for the server name or IP address in the list and remove it.
> 5.) Reboot for good measure and try again.
>
> --
> Thank you,
> Mel K.
> MCSA: M
> "seeker" <seeker@discussions.microsoft.com> wrote in message
> news:F59F0069-663F-45B8-92CB-A29603AE7561@microsoft.com...
> > Thank you. in AD server3 is in the computers directory and a1 is not but
> > a1
> > is in a members workstations directory. Could this be the problem? If so
> > how do I add a1 to the computer directory. When I right click on my
> > computer
> > and go to properties while in a1 computer name indicates that it has a
> > domain
> > name i.e. a1@domainname.local
> >
> > "Danny Sanders" wrote:
> >
> >> It sounds like either client a1 or server 3 is not on the domain.
> >>
> >> You should be able to setup a user on server3 using the same username and
> >> password User1 uses to log into client a1. Then on the server grant
> >> *that*
> >> user permission to the shared folder.
> >>
> >> If I understand you correctly
> >>
> >>
> >> hth
> >> DDS
> >>
> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> news:62E140D0-08F3-47EB-BA20-7A0E02CC64F0@microsoft.com...
> >> > Thank you. The server is a part of the domain. User1 is logged into
> >> > client
> >> > a1. On the desktop of that computer there is a shortcut to temp
> >> > directory
> >> > on
> >> > server3. On server3 under properties and then security tab user1 has
> >> > been
> >> > added with read and execute and read permissions and list contents.
> >> > When
> >> > the
> >> > user1 clicks on the shortcut the following box appears connecting to
> >> > server3
> >> > username _______ password _______. If I type administrator with
> >> > adminstrator
> >> > password I can get into the directory. User1 and password gives me the
> >> > box
> >> > again to enter username and password.
> >> >
> >> > What is even more confusing is the group that user1 is a member of
> >> > domain
> >> > users is also on the share and folder.
> >> >
> >> > "Mel K." wrote:
> >> >
> >> >> Ok. This is a whole different issue then. I'll break this down to the
> >> >> major
> >> >> parts so it's easier to follow.
> >> >>
> >> >> 1.) Find out which AD account the user is logged on as.
> >> >> 2.) Verify that the server is a member of the domain. It doesn't seem
> >> >> like
> >> >> the server is, from what you described, so add it to the domain if
> >> >> doing
> >> >> so
> >> >> is not an issue.
> >> >> 3.) Go to the folder on the server that the shortcut points to.
> >> >> 4.) Give the user's AD account (from step 1) permission to the folder.
> >> >> You
> >> >> might also have to give the user permission to the share.
> >> >>
> >> >> --
> >> >> Mel K.
> >> >> MCSA: M
> >> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> >> news:0410B1A0-4E57-4577-9585-B80A316C6213@microsoft.com...
> >> >> > Thank you for such quick response. My problem is that I am logged
> >> >> > into
> >> >> > a
> >> >> > client who has shortcuts to directory on non dc server and when I
> >> >> > try
> >> >> > to
> >> >> > open
> >> >> > the shortcut a screen comes up asking for user name and password.
> >> >> > The
> >> >> > only
> >> >> > user name and password that allows me to open is one that is found
> >> >> > in
> >> >> > the
> >> >> > administrator group of the non-dc server. How can I get users to
> >> >> > authenticate so they can open files on the non dc server. Thanks.
> >> >> >
> >> >> > "Mel K." wrote:
> >> >> >
> >> >> >> A DC cannot contain local users and groups because it shares the
> >> >> >> DOMAIN
> >> >> >> users and groups with all other DCs (through replication). That's
> >> >> >> the
> >> >> >> way
> >> >> >> a
> >> >> >> DC operates. Once you promote a member server to a DC, it loses
> >> >> >> access
> >> >> >> to
> >> >> >> all local accounts (but if you demote the DC, I believe the local
> >> >> >> accounts
> >> >> >> become accessible again).
> >> >> >>
> >> >> >> --
> >> >> >> Mel K.
> >> >> >> MCSA: M
> >> >> >> "seeker" <seeker@discussions.microsoft.com> wrote in message
> >> >> >> news:242DDFCE-F348-4971-974C-1BFAEC68FAAC@microsoft.com...
> >> >> >> > My server which is a domain controller does not have local users
> >> >> >> > and
> >> >> >> > groups
> >> >> >> > listed under shared folders in the computer management screen
> >> >> >> > whereas
> >> >> >> > my
> >> >> >> > local computer does and also a different server on the network.
> >> >> >> > I
> >> >> >> > have
> >> >> >> > tried
> >> >> >> > putting it in using mmc but there is not a snapin for this. How
> >> >> >> > do
> >> >> >> > I
> >> >> >> > make
> >> >> >> > it
> >> >> >> > appear. I have been told that in order for the not domain
> >> >> >> > controller
> >> >> >> > server
> >> >> >> > to authenticate users to open files on it the domain controller
> >> >> >> > needs
> >> >> >> > the
> >> >> >> > local users and groups to be the same. Thank you in advance.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
RE: local users and groups [message #159551 is a reply to message #159508] Fri, 31 July 2009 10:28 Go to previous messageGo to next message
seeker  is currently offline seeker
Messages: 30
Registered: July 2009
Member
Well folks the good news is that it is resolved. I feel very very dumb. I
put the file over on d on the server and SHARED D and guess what people can
now get to it. What a duhhh day. Now on to figuring out why when people are
in the database it shuts down my internet.

"seeker" wrote:

> My server which is a domain controller does not have local users and groups
> listed under shared folders in the computer management screen whereas my
> local computer does and also a different server on the network. I have tried
> putting it in using mmc but there is not a snapin for this. How do I make it
> appear. I have been told that in order for the not domain controller server
> to authenticate users to open files on it the domain controller needs the
> local users and groups to be the same. Thank you in advance.
Re: local users and groups [message #159563 is a reply to message #159546] Fri, 31 July 2009 14:43 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"seeker" <seeker@discussions.microsoft.com> wrote in message
news:02FEB66F-1681-4A7C-B0A3-B00697312653@microsoft.com...
> Thanks for the suggestions. Both a and b do not work. when I type
> \\servername in the explore (run is not available for this user) the
> following error message occurs; "access to the \\servername has been
> disallowed." So how can I allow access? this user is in the domain users
> group on the AD and the domain users group is in the users group of the
> server3. I can log in as myself who has administrative privilege and can
> get
> in to the share from a1 just fine. If I put the domain users in the
> administrator group then my user can get in just fine. I do not want that
> for obvious reasons. Thanks for your further input.
>

If you look at the actual folder that is shared on server3 (assuming you are
typing in \\server3), right click the folder name, choose properties, then
choose Sharing tab. Click on permissions button. What groups/users do you
see in there, and what are their share permissions? Can you list them out
please? If there are any groups in there, please let us know if the user in
question is part of any of those groups.

After listing the Share permissions, click on the Security tab. Can you list
out the users/groups and their permissions, please?

If the user is part of an Active Directory group that are in the folder
properties, and not a local group on the server (the user will show up as
domain\groupname or domain\username, and not just the username without a
backslash or it will be a local group and not an AD group), and has the
permissions to access the folder, then it would appear there is something
going on with either the user account, the workstation, or how the user is
logging on.

Is the user logging on to the domain or to the local workstation?

Are there any event log errors in the workstation's, the server's or the
domain controller's event logs?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
RE: local users and groups [message #159617 is a reply to message #159551] Sun, 02 August 2009 07:54 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Seeker,

Can you desribe this more detailed, please?

Shutdown the internet is not that helpful, what does not work and how did
you realize this?

Any error messages or event viewer errors when it happens?

Which OS versions and web browser are you using?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Well folks the good news is that it is resolved. I feel very very
> dumb. I put the file over on d on the server and SHARED D and guess
> what people can now get to it. What a duhhh day. Now on to figuring
> out why when people are in the database it shuts down my internet.
>
> "seeker" wrote:
>
>> My server which is a domain controller does not have local users and
>> groups listed under shared folders in the computer management screen
>> whereas my local computer does and also a different server on the
>> network. I have tried putting it in using mmc but there is not a
>> snapin for this. How do I make it appear. I have been told that in
>> order for the not domain controller server to authenticate users to
>> open files on it the domain controller needs the local users and
>> groups to be the same. Thank you in advance.
>>
Re: local users and groups [message #159620 is a reply to message #159551] Sun, 02 August 2009 08:14 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"seeker" <seeker@discussions.microsoft.com> wrote in message
news:24DB00BA-BE4C-4EF3-9DBB-B75DF5C0E8C3@microsoft.com...
> Well folks the good news is that it is resolved. I feel very very dumb.
> I
> put the file over on d on the server and SHARED D and guess what people
> can
> now get to it. What a duhhh day. Now on to figuring out why when people
> are
> in the database it shuts down my internet.
>
> "seeker" wrote:
>
>> My server which is a domain controller does not have local users and
>> groups
>> listed under shared folders in the computer management screen whereas my
>> local computer does and also a different server on the network. I have
>> tried
>> putting it in using mmc but there is not a snapin for this. How do I
>> make it
>> appear. I have been told that in order for the not domain controller
>> server
>> to authenticate users to open files on it the domain controller needs the
>> local users and groups to be the same. Thank you in advance.


I'm interested in hearing about the specific symptoms as well, just as
Meinolf. We may possibly be able to help.

Curious, when it 'shuts down my internet,' are you able to ping
www.yahoo.com?

Also, I wouldn't suggest sharing out the whole D: drive. I would choose just
to share out specific folders and control permissions based on required
access.

Ace
Previous Topic:2 domains on the same subnet
Next Topic:Serious AD Replciation Problems - Help Needed
Goto Forum:
  


Current Time: Fri Jan 19 00:43:32 MST 2018

Total time taken to generate the page: 0.05239 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software