Anyone know anything about Active Directory?

A forum for the discussion of issues technical and computer.

Anyone know anything about Active Directory?

Postby Uziel » Mon Dec 27, 2004 10:27 pm

I'm having a bizarre problem in a Windows 2000 server environment, and I'm looking for someone to help me bounce some ideas around. Anyone out there know much about Active Directory and GPOs?
Uziel
 
Posts: 12
Joined: Sat Dec 18, 2004 5:01 am

Postby karmakaze » Mon Dec 27, 2004 10:33 pm

whats the problem?
Making a HONDA fast is like coming out of the closet, yeah you might suprise a few people; but in the end.. your still gay.
-
http://www.xanga.com/karmakaze
http://www.myspace.com/karmakaze
User avatar
karmakaze
 
Posts: 1222
Joined: Wed May 07, 2003 10:36 am
Location: 31337

Postby Uziel » Tue Dec 28, 2004 12:16 am

Alright,

The problem, in short, is client machines not refreshing GPOs.

Here's what I know:

Domain authentication is working
GPO refresh settings are synchronous on logon and startup
DNS is working
As far as I know, Active Directory Integrated Zone in DNS is working.
No error messages are being generated.
Group membership is working.

Any thoughts?
Uziel
 
Posts: 12
Joined: Sat Dec 18, 2004 5:01 am

Postby karmakaze » Tue Dec 28, 2004 1:07 am

Uziel wrote:Alright,

The problem, in short, is client machines not refreshing GPOs.

Here's what I know:

Domain authentication is working
GPO refresh settings are synchronous on logon and startup
DNS is working
As far as I know, Active Directory Integrated Zone in DNS is working.
No error messages are being generated.
Group membership is working.

Any thoughts?


that is wierd.

so it is authenticating fine,
they become a part of the domain,

but to become part of the domain the clients have to be receiving the GPO. (the DNS name is the top level of the forest)

What kind of domain model? if you have more than one domain to they all trust each other?

What sort of auth. protocol are you using? Kerebros?

you also might want to check to make sure that there are not any LGPOs on the clients that might conflict with the GPO.
Making a HONDA fast is like coming out of the closet, yeah you might suprise a few people; but in the end.. your still gay.
-
http://www.xanga.com/karmakaze
http://www.myspace.com/karmakaze
User avatar
karmakaze
 
Posts: 1222
Joined: Wed May 07, 2003 10:36 am
Location: 31337

Postby Uziel » Tue Dec 28, 2004 1:20 am

Clients don't have to recieve the GPO to authenticate, only a copy of the SAM.

I just did fresh installations, so there are no LGPOs.

Kerebos is the auth. protocol.

The domain is ridiculously small, no trust issues.

I'll verify the GPOs when I get into work tomorrow. If nothing else, I'll reboot and kick the Domain Controller.
Uziel
 
Posts: 12
Joined: Sat Dec 18, 2004 5:01 am

Postby Uziel » Sun Jan 02, 2005 1:53 am

I fixed the problem. Just as a FYI, the client machines were only pulling local GPOs, and only authenticating through Netbios. The problem resided in DNS.

Thus, I had to ensure that I had an Active Directory Integrated Zone, set for dynamic updates, with an associated SRV record pointing to a domian controller.
Uziel
 
Posts: 12
Joined: Sat Dec 18, 2004 5:01 am


Return to GothGeek

Who is online

Users browsing this forum: No registered users and 3 guests

cron