Newly created AD users cannot login

G

Guest

Windows 2000 sp3 PDC (one BDC and one member server exists)
Over the last week or so, any newly created user in Active Directory is
unable to login. All other users that have already been created can login
fine.

Any change to the new accounts does not seem to replicate (rename, etc);
however I can change the password on other established accounts and it works
fine.

The PDC was restarted and the new users could log in but the problem came
back the next day.

I looked at Replication monitor and the only error is to the BDC stating DSA
operation is unable to proceed because of DNS lookup failure. The PDC itself
shows Server has seen all changes for this directory partition through USN:
xxxxx

Event viewer on the PDC shows an eventid 5774 about registering a DNS record
failing because DNS name does not exist.

Basically, it seems that the PDC isn't replicating its own changes.

Any help would be appreciated.
 
C

Chriss3 [MVP]

Hello,
This seems to be a DNS issue.
Ensure all clients/servers and domain controllers within your domain has
there TCP/IP DNS Servers, set to the server hosting dns for your active
directory, it should be one of the domain controllers. Use nslookup to
troubleshooting name resolution. e.g nslookup domainname.com, ensure a DC
answers. as well try e.g ocp.domainname.com , verify you get the name
resolved successfully

Active Directory is depended on DNS.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
G

Guest

All tried all of your suggestions (nslookup) and the DC replied or resolved
each time. Is there a utility I can run to check the DNS configuration?
 
C

Chriss3 [MVP]

Not really,
But you could use:
nltest /DSQUERYDNS
To verify DC Specific records.
nltest is included within Windows Support Tools found on your Windows Server
CD.


--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top