Can't Search Directory

[Guest]

Hello,

My company is growing in size and felt as a small business owner that it'd
be beneficial to move all the users, computers, and printers to a domain
versus workgroup. I installed Active Directory and have the users logging in
without a problem.

I'm having two strange issues:
1) From an XP client computer on the domain, from My Network Places, if I
click Search the Directory, it takes forever to show up. My domain (MAIN)
takes forever to show up, or sometimes doesn't. I can't search this list, it
always ends up freezing. It has the same result on all clients, but fine
from the serever.
2) I created a group policy, and it appears to only apply on the server, not
on any of the client computers.

I own a copy of Windows 2000 server, but downloaded 2003 trial to test to
see if it was just 2000, but it acted the same way. I then placed 1 Windows
XP machine on a second router with the 2000 domain controller, and it had the
same result.

So I'm not sure, is there something I'm failing to install or configure?

Thanks in advance.

 

[Kurt]

Slowness or inability to locate domain resources is usually related to DNS.
Here are a
few things to try:

1) Make sure DNS is installed on the DC and that you have at least a forward
lookup zone for your domain. DNS is usually set up during the install,
although you have the option to skip it. If you don't have a zone for your
domain you'll need to create one.

2) Make sure your workstations list ONLY the domain controller as their DNS
server in on their TCP/IP Properties page. Do not add your ISPs DNS servers
as alternates. DNS is required for an active directory to properly function.
Your DNS server will be fully able to perform all of your DNS lookups,
including Internet names. But your ISPs DNS server will not be able to
resolve your local domain, servers or services.

3) From the command line type "nslookup yourdomain.local" or whatever you
named it. Make sure your server is listed as the server that resolved the
name, and that it resolved to the IP address of the server.

Let us know the results.

....kurt

 

[Herb Martin]

Slowness or inability to locate domain resources is usually related to
DNS. Here are a few things to try:

Listen to Kurt on this, practically all failures to authenticate and
replicate with AD are related to DNS -- assuming the basic IP
network connectivity is in place with no hardware or firewall
blockages.

Slow authentication falls into this category since DNS methods
may fail and eventually NetBIOS methods let the workstations
find the DCs (in some cases.)

1) Make sure DNS is installed on the DC and that you have at least a
forward lookup zone for your domain. DNS is usually set up during the
install, although you have the option to skip it. If you don't have a zone
for your domain you'll need to create one.

Run DCDiag on EVERY DC sending the output to a test file, search
it with a text editor for FAIL, WARN, ERROR. Fix those errors or
post the unedited file file here.

2) Make sure your workstations list ONLY the domain controller as their
DNS server in on their TCP/IP Properties page. Do not add your ISPs DNS
servers as alternates.

The above is critical. Many people think they can use two different
sets of DNS servers (internal and external) because it may work on
occasion ACCIDENTALLY but it is never a reliable solution.

DNS is required for an active directory to properly function. Your DNS
server will be fully able to perform all of your DNS lookups, including
Internet names. But your ISPs DNS server will not be able to resolve your
local domain, servers or services.

This is a critical concept for many people.

EVERY DNS server used by client must be able to resolve
EVERY name (etc) that client will ever properly need.

3) From the command line type "nslookup yourdomain.local" or whatever you
named it. Make sure your server is listed as the server that resolved the
name, and that it resolved to the IP address of the server.

And in fact list out your config ("IPconfig /all") and ensure that
even if the client is using the correct DNS server right now (as
shown by NSLookup) there are NO INCORRECT servers hidden
deeper in the DNS server list.

Post your IPConfig /all (output text to file) here unedited as well,
if you are still having trouble.

 

[Guest]

Cool, I really appreciate it guys. That at least points in the right
direction.

Slowness or inability to locate domain resources is usually related to
DNS. Here are a few things to try:

Listen to Kurt on this, practically all failures to authenticate and
replicate with AD are related to DNS -- assuming the basic IP
network connectivity is in place with no hardware or firewall
blockages.

Slow authentication falls into this category since DNS methods
may fail and eventually NetBIOS methods let the workstations
find the DCs (in some cases.)

1) Make sure DNS is installed on the DC and that you have at least a
forward lookup zone for your domain. DNS is usually set up during the
install, although you have the option to skip it. If you don't have a zone
for your domain you'll need to create one.

Run DCDiag on EVERY DC sending the output to a test file, search
it with a text editor for FAIL, WARN, ERROR. Fix those errors or
post the unedited file file here.

2) Make sure your workstations list ONLY the domain controller as their
DNS server in on their TCP/IP Properties page. Do not add your ISPs DNS
servers as alternates.

The above is critical. Many people think they can use two different
sets of DNS servers (internal and external) because it may work on
occasion ACCIDENTALLY but it is never a reliable solution.

DNS is required for an active directory to properly function. Your DNS
server will be fully able to perform all of your DNS lookups, including
Internet names. But your ISPs DNS server will not be able to resolve your
local domain, servers or services.

This is a critical concept for many people.

EVERY DNS server used by client must be able to resolve
EVERY name (etc) that client will ever properly need.

3) From the command line type "nslookup yourdomain.local" or whatever you
named it. Make sure your server is listed as the server that resolved the
name, and that it resolved to the IP address of the server.

And in fact list out your config ("IPconfig /all") and ensure that
even if the client is using the correct DNS server right now (as
shown by NSLookup) there are NO INCORRECT servers hidden
deeper in the DNS server list.

Post your IPConfig /all (output text to file) here unedited as well,
if you are still having trouble.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Let us know the results.

...kurt

 

[Herb Martin]

Cool, I really appreciate it guys. That at least points in the right
direction.

Let us know how it works out for you.

Either you fix it or something else is wrong.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Slowness or inability to locate domain resources is usually related to
DNS. Here are a few things to try:

Listen to Kurt on this, practically all failures to authenticate and
replicate with AD are related to DNS -- assuming the basic IP
network connectivity is in place with no hardware or firewall
blockages.

Slow authentication falls into this category since DNS methods
may fail and eventually NetBIOS methods let the workstations
find the DCs (in some cases.)

1) Make sure DNS is installed on the DC and that you have at least a
forward lookup zone for your domain. DNS is usually set up during the
install, although you have the option to skip it. If you don't have a
zone
for your domain you'll need to create one.

Run DCDiag on EVERY DC sending the output to a test file, search
it with a text editor for FAIL, WARN, ERROR. Fix those errors or
post the unedited file file here.

2) Make sure your workstations list ONLY the domain controller as their
DNS server in on their TCP/IP Properties page. Do not add your ISPs DNS
servers as alternates.

The above is critical. Many people think they can use two different
sets of DNS servers (internal and external) because it may work on
occasion ACCIDENTALLY but it is never a reliable solution.

DNS is required for an active directory to properly function. Your DNS
server will be fully able to perform all of your DNS lookups, including
Internet names. But your ISPs DNS server will not be able to resolve
your
local domain, servers or services.

This is a critical concept for many people.

EVERY DNS server used by client must be able to resolve
EVERY name (etc) that client will ever properly need.

3) From the command line type "nslookup yourdomain.local" or whatever
you
named it. Make sure your server is listed as the server that resolved
the
name, and that it resolved to the IP address of the server.

And in fact list out your config ("IPconfig /all") and ensure that
even if the client is using the correct DNS server right now (as
shown by NSLookup) there are NO INCORRECT servers hidden
deeper in the DNS server list.

Post your IPConfig /all (output text to file) here unedited as well,
if you are still having trouble.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Let us know the results.

...kurt



Hello,

My company is growing in size and felt as a small business owner that
it'd
be beneficial to move all the users, computers, and printers to a
domain
versus workgroup. I installed Active Directory and have the users
logging in
without a problem.

I'm having two strange issues:
1) From an XP client computer on the domain, from My Network Places,
if I
click Search the Directory, it takes forever to show up. My domain
(MAIN)
takes forever to show up, or sometimes doesn't. I can't search this
list, it
always ends up freezing. It has the same result on all clients, but
fine
from the serever.
2) I created a group policy, and it appears to only apply on the
server,
not
on any of the client computers.

I own a copy of Windows 2000 server, but downloaded 2003 trial to test
to
see if it was just 2000, but it acted the same way. I then placed 1
Windows
XP machine on a second router with the 2000 domain controller, and it
had
the
same result.

So I'm not sure, is there something I'm failing to install or
configure?

Thanks in advance.