No Domain Listed in Computer Management

F

Frank

I tried to add a user to the local Administrators group on an P Pro P and
found the domain was not available in the "Locations" block. It also showed
a alphanumeric ID (S-1-5-etc.) where the Domain Admin account should be in
Administrators. I cannot add a domain user to the local administrators
group.

I, and other users, can log on to the PC using a domain account. No local
accounts have been set up.

The odd thing is that when I log on, I have administrator privilages (I am
in the domain admins group). So it's communicating with AD.

The omputer was joined to the domain and the W2K AD server is up and I did
not recognise any services that may be a problem.

I ensured all the IP settings were correct and flushed the DNS. The
situation is the same.

Any help would be appreciated.

Thanks
 
P

Paul Bergson

You are probably using cached credentials. Once you log onto a machine when
you return if the machine can;t communicate with the domain it remembers
your credential set.

Can you ping the dc? Can you see dns?

The machine has lost connectivity with the domain. What does event viewer
say?
 
F

Frank

I agree, the creds are cashed. But this a new setup. I just got the
laptop, joined it to the domain, logged on with a username that is a domain
adinistrator. All worked well.

But, my normal MO is to make users members of groups in the domain and put
the group thay applies in the local administrators group. I did not notice
the state of the domain administrator group as a member of the local admin
group until I tried adding the user's group, from the domain, to it. I
don't know that it ever displayed it correctly.

It just seems odd that it would log me on and cashe the creds, then not be
able to properly connect to the domain thereafter. No changes were made.

Thanks for looking into this for me.

Frank
 
C

Cary Shultz [A.D. MVP]

Frank,

It is usually a really bad idea to make normal user account objects a member
of the local Administrators group. I think that most people in this NG
would suggest the same. If you are going to do this - and there would have
to be some really really really good reason for this if I had anything to
say in the matter - then I would suggest that you look into 'Restricted
Groups'.

If you need to put user account objects in the local Administrators group
due to some horribly written application ( happens all the time....but then
that is *usually* just for the installation, right? ) I would suggest that
you look at filemon and regmon from http://www.sysinternals.com. These two
utilities will let you see where the error(s) is(are) and give the
appropriate permissions to that registry 'area' or directory. While this
might take a moment ( or 10! ) it is a much better solution that simply
adding the user account objects to the local Administrators group. You are
really setting yourself up for some nightmares. I can tell you most of
them!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain not available from XP Pro 1
Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
Add additional groups to local Administrators group on Workstation when it joins the domain 3
Unable to log on with a domain account 3
Multiple Access Denied 11
Adding user to Child Domain Group 4
Unable to add domain users to local groups 3
Adding Computer To AD 1

Top