Only Server 2003 AD Gurus Need Apply
Posted on 2005-04-17
Ok, everyone line up to kick me for going to Microsoft for help.
I recently got Microsoft support to help with an Active Directory issue where a parent domain controller was unable to access a share I set up on a child domain controller. There were some replication issues that were resolved during the course of the support. However, now, while XP users can login to their local domain, they can't access their shares. They can't even access the Netlogon or the SysVol share. When they try, it prompts for a password and if I enter the domain administrator username and password, access is granted.
This also means that they get an error trying to apply gpt.ini. After 3 days, Microsoft is still working on the issue, to no avail. Also interesting is the fact that in the domain controller, under User properties, the AD username is missing while the pre-Windows 2000 username still exists. I have entered the username, it allows me to select the fqdn for the correct domain, but doesn't help. I removed the workstation from the domain and rejoined the domain, doesn't help.
It appears that all replication is good, secure channels are good, dns is good, it just seems that the domain just does not recognize the users. I even removed the user and computer from ADUC, removed the workstation from the domain, set up a new user, rejoined the workstation to the domain and still no access.
I realize this is a complicated issue with very little details, but direction in this issue would be greatly appreciated.