Domain could not be contacted message

G

Gennady Kulikov

Hello, I am not sure this is right place for this message so you are
wellcome to point me in to the right place.
We have 2000 server based domain with 3 domain controllers. Everething
was working fine, until I tryed to add any domain user to local
adminstrators group in computers belonged to domain. The problem persists on
every computer and whith every user in domain I tryed.
For add user to local administrators group I log on to computer as local (or
domain) administrator and make few simple steps:
local users and groups -- groups, choosing administrators groups --
all tasks -- add to group -- press add, choosing from drop down menu our
domain and choosing some domai user. When I press OK the next message
appeared:
Processing of object <user name> failed with the following error:
The special domain either does not exist or could not be contacted.

If I try again there will be only local computer to choose from grayed out,
like no domain available. Once again it happens with every computer and with
every user I tryed and beside that there is not any problem in domain
(everything just working fine). If I use Network indentification wizard it
works well and I can add user to local computer and make him local
administrator.
The question is what is wrong with my domain and how may I fix it.
Thank you in advance.
Gennady.
 
C

Cary Shultz [A.D. MVP]

Gennady,

How are your WIN2000 clients receiving their IP Address leases? Is this
from a WIN2000 DNCHP Server? Is so, is it giving the clients not only an IP
Address lease but also the necessary options ( 003, 006 and 015 )? It
sounds like a possible DNS issue.

I might also take this opportunity to suggest to you that you consider
installing the Support Tools on all three of your Domain Controllers (
actually, on all of your WIN2000 Servers! ) and run both a dcdiag /c /v as
well as a netdiag. There might be something else going on.

And let's not forget about the basics. What happens if you use nslookup
from a command prompt on your clients? Can you ping to domain controllers
via IP Address? via Computer name? via fqdn?

Also, there is a policy that one can apply ( called Restricted Group
Policy ) to make sure that only a certain user / group can be added to each
clients Administrators group. Take a look to see if you have such a policy.
I am not so sure that this is the case but let's rule it out quickly.

Also, I would wonder why you are trying to make domain user account objects
a member of the computer's local Administrators group. This is *usually* a
bad idea as the users now have complete access to everything on the
computer. This can lead to problems. Key word is 'CAN'. It does not have
to, though. I would think that if you needed to do this that making the
domain user account objects a member of the computer's local Power Users
group might be a better idea.

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

The special domain either does not exist or could not be contacted. 1
The special domain either does not exist or could not be contacted 1
Domain could not be contacted 7
Domain Trust issues - No authority could be contacted for authentication 0
Add domain users to local Administrators group 1
Unable to add domain users to local groups 3
NetUserGetLocalGroups in multi-domain AD environment 2
Domain does not exist or could not be contacted 2

Top