Solved

advice converting workgroup to domain lan

Posted on 2008-10-06
39
765 Views
Last Modified: 2010-04-21
I got this partially working a couple months ago, but later learned the Server needed its DSN to point to itself. I never read that in Microsoft's documentation. So I'm looking for a recommendation on a guide that goes beyond Window's online doc.

Server can do many things, but our initial need is shared file access.  Using a NAS disk drive now, but it doesn't have individual file restore utility. Perhaps Server's file backup will work well?

Thanks for pointing someone new to this in the right direction.
0
Comment
Question by:wilri01
  • 19
  • 19
39 Comments
 
LVL 2

Expert Comment

by:Highspade
Comment Utility
Sorry, but I'm not sure on exactly what the problem is.

Are you looking for a guide on configuring a small domain or looking for help with sharing resources on a NAS?
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
A server on either a workgroup or a domain will enable you to do File Sharing, but things are made a lot easier when you are running an Active Directory domain. This is because Active Directory centralises the user accounts and computers, and they can all trust each other.

Sharing is relatively easy in Windows Server once you have promoted it as a domain controller. Doing this is really easy - you simply need to run dcpromo from the "Search" box on the Server 2008 Start Menu, and that will handle the process of configuring DNS etc. as appropriate.

When the server is promoted you can migrate computers over from the workgroup once their DNS server addresses point to the IP of the server and that IP ONLY. Alternatively, provided users have an account on the server's Active Directory domain, you could do a staged migration, having users connect to the server using \\servername\sharename and login.

Windows Server Backup isn't the best backup program in the world, but if you want simple backups of a file share, it is good enough. Unfortunately its interface will not allow you to do a scheduled backup to a network location. I suggest you read my post at http:Q_23517507.html#a21877450 for details on how you can schedule automated backups to run to your NAS box or to an external hard drive.

Let me know if you have any questions,
-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt:

It is my intention to stop using the NAS unit once shared files are on Windows Server 2008.  I use Norton Ghost to backup using the monthly schedule for a full backup and daily incremental.  Weekly, I copy those backups to an external USB drive and store offsite.

Storing files on the Server, even without a Domain, will avoid the workgroup 10 connection limit?

I liked the Sever storage because you can set to save 'n' copies of a file, right?


0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
Correct - having any form of Microsoft's Server Operating System Software will mean you are not subjected to the 10 user connection limit, unlike Windows XP or Vista.

With regards to the backups, it is obviously up to you which product you use. I, personally, have not used Norton Ghost on a Server 2008 yet, so I cannot say whether it works or not. The Windows Server Backup is good enough for doing file server backups, but if you can get your Norton Ghost working, that will probably be the easily solution with much more functionality.

> I liked the Sever storage because you can set to save 'n' copies of a file, right?

That's what backups are for, isn't it?

I'm not sure what you are talking about, to be honest. To the end user a server share is the same as a share on an XP or Vista computer. It will act in the same way. I believe you may be thinking of Volume Shadow Copies, which allow you to create a backup of a hard drive volume on scheduled intervals. The advantage is that users can access these backups and restore a file from a previous backup without any admin intervention. They are also very clever, have very high compression and a good storage system, so they use hardly any disk space whatsoever. Shadow Copies shouldn't be used as a replacement for normal backups.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

Yes, I meant Volume Shadow Copies.

I'll try the dcpromo search.

One quick unrelated question:  Can Windows Server 2008 32 bit use 4gb RAM, or do I need to install the 64 bit version?
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

> Can Windows Server 2008 32 bit use 4gb RAM, or do I need to install the 64 bit version?

Any 32-bit edition of any OS can address 4GB RAM max, but the amount you will see is between 2.75GB to 3.5GB due to overheads. If you want more than 4GB or you want to address the whole 4GB, install a 64-bit version of the OS. Remember there are RAM limitations in software, imposed by Microsoft - see the RAM section in the system requirements for more information: http://msdn.microsoft.com/en-us/windowsserver/cc196364.aspx (Basically on 64-bit installs you can address 32GB RAM in Standard 2008 Server, 2TB in the other editions).

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
I don't understand the implications of the FQDN. What should the first part of it be?  Our domain is csldallas.net, and we run a webserver that responds to that and www.csldallas.net.  I typed in lan.csldallas.net and get a warning about establishing a "delegation" manually for external access.  We use changeip.com to route requests to our IP address, if that matters.  I will need to use Remote Desktop Connection or something like it for remote access to this server.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
I would suggest you use something other than your external domain, but a subdomain of that is fine. It doesn't matter that the domain is Internet routable, it's essentially what makes it easiest for you.

lan.csldallas.net would be fine, and you don't need to create any records for it in external DNS. For remote desktop, simply use the present method you are using to connect into the server, with appropriate ports forwarded in the firewall.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
Okay, the Server is configured as a domain controller and is accessible via RDC.  I created a folder and shared it, but other PCs on the LAN cannot see it.  The Network on the Server only sees itself.  I had thought file sharing might be possible as an interim without clients joining the domain, but I guess not.

So I'm at the point of adding clients to the domain, but of course I need to experiment with a client to be sure I understand how it's going to work and have the existing mapped network drive to the NAS disk switched to that shared folder on the Server.

Can you point me to documentation/tutorial about adding clients to the domain?  I understand one of the steps is to poiint there DNS to the domain controller, is this correct and necessary?  All clients are already setup with static IP addresses, so it would just be a matter of changing the 2 DNS URLs they already have that point to our ISP's DNS.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Joining a computer to an Active Directory domain is incredibly easy. You first need to change its DNS Server as you mention - ensure that the ONLY DNS Server is the IP address of the Domain Controller. You need to remember on laptops that they may have a Wireless and Wired adapter, so the configuration on both must be changed.

Then, it's simply a case on the workstation of going to Control Panel > System > Computer Name > Change. Choose the Domain option, enter the name of your domain and run through the procedure to join the PC to the network.

--

I would be interested in why the existing clients cannot resolve the server. Just as a check, can you make sure the Computer Browser service is running on the server? On the server, Control Panel > Administrative Tools > Services. Find "Computer Browser", right-click, Properties, set the "Start Type" to Automatic, and restart the server and workstations. See if you can login using \\servername\sharename then. Also try connecting through \\ip-address\sharename. If you can RDP the server, connectivity on the network is definitely working properly.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
Computer Browser was disabled. After starting it and waiting a few minutes, the Server and clients see each other and file sharing works!

I added one client PC to the domain.  It shows in the domain from other PCs, and its shared files are accessible.  But I can no longer log on remotely with RDC (computer does not accept connection - no log on window shows).  

I'm not local, so I don't know what can of log on window is showing after the reboot to join the domain. But let's say there is a log on window. I would think logging on to the local accounts still works, but I haven't created any domain users, and don't know how. And when users log on using the domain account, will they still access their local account?  You know, desktop, favorites, My Documents, etc.?

So I don't know if using the Server for DNS is working from this PC that has been added to the domain.  Before the reboot, it didn't work.  It has a single DNS entry for the domain controller Server.  The Server has Internet access.

Regarding domain user accounts, most data files are stored on a shared folder already, but I would like to move at least Favorites, Desktop and My Documents (with Outlook .pst moved here) to the Server, too.  Then backup is simplified and if a client PC is down, they can work at another PC.

It isn't clear to me what is kept on the Server for a domain user.  At work, I log on to the domain, but all my user files are local.  I know how to remap My Documents to a file share, but is there a way to add domain users to the Server so there user folder with all this and more is stored on the Server?  If so, would you suggest this?  I've read somewhere about a "roaming" domain account, but don't understand the details.  Well, if you can explain or reference documentation about user options, that would be great.

Once I can log on and check that DNS is working, the next step is to keep data files on the Server so a user can work from any client in the event their PC is down, and to simplify backup/restore.

How would you suggest setting this up?  Favorites, Desktop and My Documents need to be stored on the Server.  Outlook .pst would be moved to My Documents.  It would be nice if the entire user folder were on the Server so settings, passwords, etc. would be there, too; but if that means creating a local account on the Server and logging on to it, would that mean using RDC?  And would programs be accessed from the Server?  If so, would that create a lot of network traffic, especially for applications like Photoshop and Publisher?

And if users worked off a local Server account, how would remote access work?  Now, I map the RDC port to different PCs.  I tried VPN a long time ago, but the client software was $100 per copy and it didn't work when there is another VPN client like AOL.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

I'll take each of your comments one at a time :)

> But I can no longer log on remotely with RDC (computer does not accept connection - no log on window shows).  

What string are you passing to the RDP client to connect? The server's name, it's IP address, it's FQDN? I would suggest attempting to connect by IP address to verify Remote Desktop is actually enabled and still working, and so we can determine where the issue is.

> I would think logging on to the local accounts still works, but I haven't created any domain users, and don't know how. And when users
> log on using the domain account, will they still access their local account?  You know, desktop, favorites, My Documents, etc.?

The only computers which do not allow you to have both Local and Domain User Accounts are Domain Controllers. On DCs, you MUST use a Domain Account to logon - local accounts cannot be created under any circumstances. That said, the computers - joined to the domain or not - should still be able to login as a local account and utilise the PC as before. At the logon box in Windows XP, it is merely a case of pressing the "Options >>" button and choosing "<computername> (This Computer)" from the Log on to list. For Windows Vista, you have to enter COMPUTERNAME\Local-User-Name in the username box to logon locally.

When users logon as the Domain account, they have a different Security Identifider (SID) so the computer thinks they are a different user - despite having the same username. Thus, a new profile, documents, desktop, favourites and so on will be created, and data must be migrated from their local user account to their domain account.

> So I don't know if using the Server for DNS is working from this PC that has been added to the domain.  Before the reboot, it didn't work.  It has a single DNS entry for the domain controller Server.  The Server has Internet access.

You can test DNS on that PC. On the PC, click Start > Run > Type nslookup > Press OK. Here you can issue DNS requests to see what is happening. You *should* be able to get the IP address of the server by simply entering its name, without the .domainname.local on the end. If that doesn't resolve, I think I know what your issue could potentially be.

> Regarding domain user accounts, most data files are stored on a shared folder already, but I would like to move at least Favorites, Desktop and My Documents (with Outlook .pst moved here) to the Server, too.  Then backup is simplified and if a client PC is down, they can work at another PC.

On the workstations and the server, you have the ability to use Folder Redirection to redirect these folders straight to the network share. For Windows XP, you can only redirect 4 folders - Desktop, Application Data, Documents and Start Menu. I seldom use Start Menu redirection, but I use the other three. If you want Favourites stored at the server, you can only redirect these natively in Windows Vista, so you'd need to setup Roaming Profiles in conjunction with Folder Redirection - or, configure App Data to be redirected and get the users to use Firefox (its Bookmarks roam with the AppData folder!).

See http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html for a bit more information. It's a Server 2003 article, but it's virtually the same between 2003 and 2008, with the exception of a few new Folder Redirection policies. The critical part when you redirect Documents, AppData and/or Desktop is to ensure on the Redirect Properties box, you go to the Settings tab and check the box marked for backwards compatability with Windows XP / Server 2003.

I would not recommend PST files are stored in a redirected My Documents folder. If My Documents is redirected, the PST will be loading over the network, something which is not supported at all by Microsoft.

> It isn't clear to me what is kept on the Server for a domain user.  At work, I log on to the domain, but all my user files are local.  I know how to remap My Documents to a file share, but is there a way to add domain users to the Server so there user folder with all this and more is stored on the Server?  If so, would you suggest this?  I've read somewhere about a "roaming" domain account, but don't understand the details.  Well, if you can explain or reference documentation about user options, that would be great.

This is basically what Folder Redirection does. The users need to have user accounts created in Active Directory Users and Computers at the server, and they must then login to the domain, rather than their local computer. Once they do this, the folders you specify can be redirected to the server using Group Policy, and they can seemlessly move between PCs or even a server running Terminal Services.

> It would be nice if the entire user folder were on the Server so settings, passwords, etc. would be there, to

I'm beginning to think you want Roaming Profiles in conjunction with Folder Redirection, so EVERYTHING (virtually) about the user is roaming. That article above details both concepts for you.

> And if users worked off a local Server account, how would remote access work?  Now, I map the RDC port to different PCs.  I tried VPN a long time ago, but the client software was $100 per copy and it didn't work when there is another VPN client like AOL.

Well, they won't be off the server, they'll be on their local computer, but if they have laptops, their folders redirected to the server (Documents etc.) will automatically synchronize when they logoff, so they can access their files when offline from the network. They must just remember to synchronize the moment they get back to the office LAN with their laptop.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

THANK YOU, THANK YOU, THANK YOU!!! :^)

That article - Roaming Profiles with folder redirection - is EXACTLY what I've been wanting to do for a long, long time.

Any suggestions on how to copy local profiles to the roaming ones?  The last time I tried to use Transfer Files and Setting wizard, the "new" computer said the file was not valid, and it had only settings.

And it looks like I'll need to set automatic logoff to get the local copy of the profile synchronized with the Server since most user never log off.  (I'm assuming the screen saver timeout doesn't do the sync.)

Once this is in place, I'm considering just taking a full backup of client PCs when there's a major update to Program Files like a XP/Office SP.  It wouldn't take long to bring Java, Acrobat, virus definitions, etc. back up to current levels if a restore is needed.  Anything I'm forgetting that still needs daily backup?

0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

> Any suggestions on how to copy local profiles to the roaming ones?  The last time I tried to use Transfer Files and Setting wizard, the "new" computer said the file was not valid, and it had only settings.

How many users do you have? You won't be able to do a direct copy from C:\Documents and Settings to the Roaming Profile share, because the old and new profiles will have different SIDs from different user accounts and this will clash.

The method I would normally use is to simply tell the users they will lose their old profile - BUT obviously it's not as bad as it seems, because in the process you get more streamlined storage, backups and general system access while logged into the domain. Once the user's domain account has been logged in and out a few times, you will be able to log on as the local Administrator on their workstation, find their old profile and copy and paste things like Documents to their new Documents folder on the server share. This is what I would do.

I wouldn't bother copying the Application Data folder to their new profile, I always let that get rebuilt by Windows in their new profile. The only critical thing is the Outlook .PST will need copying to their new profile - I believe Outlook stores this in Local Settings, does it not?

The Transfer Wizard can't do half as much as what you can do manually, which is why I never use it.

> And it looks like I'll need to set automatic logoff to get the local copy of the profile synchronized with the Server since most user never log off.  (I'm assuming the screen saver timeout doesn't do the sync.)

If you are using Folder Redirection, the redirected folders are always worked directly from the server. Thus, if a user opens their redirected My Documents folder, they will be working direct from the server, as if they had gone to \\server\sharename\username\Documents. If AppData, Documents and Desktop is redirected, there is very little data actually stored in the profile, so forcing users to log off might not be necessary. One of the other advantages to folder redirection is that logon and logoff cycles with roaming profiles is decreased dramatically, because Folder Redirection means that the user's Desktop and Documents folders - notorious for being large in file size - do not have to be copied down at each logon.

> Once this is in place, I'm considering just taking a full backup of client PCs when there's a major update to Program Files like a XP/Office SP.  It wouldn't take long to bring Java, Acrobat, virus definitions, etc. back up to current levels if a restore is needed.  Anything I'm forgetting that still needs daily backup?

Personally, I don't backup the PCs at all, but I guess a Windows backup to quickly restore it would be a good idea. Daily backups aren't necessary though - All the critical data is stored on your server - the PCs don't actually store anything critical so it's pointless doing a daily backup of basically programs installed on the computer and perhaps slightly updated virus definitions.

The only I forgot is the Email .PST is still local on the PC. In the past I know people have used Batch Files to copy this PST down to the server and logoff, and copy it back from the server at logon, so it is kept up-to-date on the server and can be backed up. Running it direct from the server is not an option because it is not supported, but the batch file approach would require automatic logoff / shutdowns in order for it to run at logoff.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
There are 18 PCs and probably 25 frequent users.

Regarding the .pst file, I successfully moved it to a mapped network drive.  I had to close Outlook and reopen, but it appears to be working fine.  So why do you say it is not designed to work on a network share?  Performance?  We are using Office 2003 SP3.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

It certainly will work from a network share, there's no question about that. However, the reason I don't recommend it is because Microsoft don't support it over the network, primarily for performance purposes but probably also due to the increased liklihood that the PST could become corrupted.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
Okay.  I stick to keeping it local.

I've run into a problem using Server 2008 backup.  The line command you gave me works, but the PC where the backup files are stored is also the web server, and after the backup runs, MySQL cannot be connected via Apache/PHP, and then the whole machine locks up.  The target backup drive isn't used by the web server, but is used by Norton Ghost to backup other client PCs.  And this PC is running XP PRO SP3.  Any ideas?  Maybe I'll just buy a couple of USB drives and alternate them for offsite backup instead of going to the hard drive on this other PC where the other backups are stored.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

I've never heard of that issue with Windows Server Backup, so apologies as I can't offer a solution!

The USB drives are the method I normally recommend for running backups; I usually have two and switch them on Mondays, so the full backup from Friday over the weekend is the latest one stored offsite.

Matt.
0
 

Author Comment

by:wilri01
Comment Utility
I've set Group Policy at the domain level to use folder redirection for My Documents, Desktop and Start Menu, and then a new user.  But when I try to log on to an XP PRO client as this new user, I get a message saying local policy denies. So I logged on to a local account and added domain "users" to the logon policy.  Then I get another message saying "You do not have access to log onto this session".

I've logged on before with a new domain user, but it was a member of administrators.  So I think this new user just being a normal "user" is the reason, right?  I'm also using RDC instead of physcally at the workstation.  

Can you tell me which policies need to be set to allow a normal user to log onto a XP PRO client for the first time?  

Most of our 20 clients will be for administrators, but we have 3-4 shared by several non-staff people I don't think I want to make administrators, but maybe I do?

Since these users will be domain users, can they have more rights than normal XP PRO "limited users" on a local account?  That is sometimes too restrictive.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Windows by default does not allow standard users on a computer to login via RDP, they must logon locally on the workstation. Rather than play around with the default settings which are there for security purposes (!), I would probably suggest you use VNC to remotely connect to the console and login as if you were sat at the console. I use RealVNC: http://www.realvnc.com/

A Domain User is out-of-the-box a Limited User; however, with a domain you have the scope to give them additional permissions through Group Policy, or indeed just make common users local Admins on their own workstation,

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

Thanks, I'll look into realvnc.

Does a domain user added to group administrators have any different privileges than an administrator local user? I wouldn't mind having our part-time people as administrators so long as they would not have extra privileges associated with the Server 2008 that is our domain controller - such as adding other domain users, for example. There is a domain administrator that was created when the Server was installed that is above regular administrators, right?
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

There are two main Administration groups created by default on an Active Directory domain. There is the Administrators group, and then there is the Domain Admins group.

In an ideal world, the Domain Admins group is the group where users who can administer the domain are placed. However, for many reasons, particularly backwards-compatibility, you will find a lot of privileges are granted to the 'Administrators' group, and the Domain Admins group inherits these since it is a member of this group. If you make a user a member of 'Administrators' you may find they have more privileges than you would expect; they could browse the Domain Controller, perhaps modify system files on it and perform all sorts of other roles.

I would only ever consider making users a member of the local Administrator group on their workstations, never the domain Administrators group because it is often unclear what permissions each group has.

N.B. There is also an Enterprise Admins group which grants permission to manage the Active Directory forest, but you needn't worry about that too much since you are a single-domain, single-forest environment and not a large corporate network!

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

There are two main Administration groups created by default on an Active Directory domain. There is the Administrators group, and then there is the Domain Admins group.

In an ideal world, the Domain Admins group is the group where users who can administer the domain are placed. However, for many reasons, particularly backwards-compatibility, you will find a lot of privileges are granted to the 'Administrators' group, and the Domain Admins group inherits these since it is a member of this group. If you make a user a member of 'Administrators' you may find they have more privileges than you would expect; they could browse the Domain Controller, perhaps modify system files on it and perform all sorts of other roles.

I would only ever consider making users a member of the local Administrator group on their workstations, never the domain Administrators group because it is often unclear what permissions each group has.

N.B. There is also an Enterprise Admins group which grants permission to manage the Active Directory forest, but you needn't worry about that too much since you are a single-domain, single-forest environment and not a large corporate network!

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
How do I make domain users local administrators?
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

On the specific workstation, login as either a Domain Admin user or the local Administrator. Run lusrmgr.msc from a command prompt. Navigate to Groups, then double-click 'Administrators'. Press the Add button and enter the domain username of the domain user to add. Press OK a few times, they are now a local Administrator.

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
Hmm... I thought as I went about adding domain users on the Server, I would just add them to the administrators group, but since that gives them too many privleges, is there not a "local administrators" group on the Server I could add domain users to when I create them - to avoid having to do this on each client PC?
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Sadly not - that's where it gets annoying; you could give them the Administrators group, but you wouldn't really want to for security purposes!

We could make you one though. Create a new security group in Active Directory and add each user to it - or alternatively, just make 'Domain Users' a member of it.

Now create a new Group Policy on the domain. Edit it, and add a Restricted Groups policy (Computer Config, Windows Settings, Security Settings, Restricted Groups. Right-click in main pane, Add Group, press Browse and enter the name of your newly created security group. Press OK twice. Now edit this Restricted Group properties, and in the 'Member of' section, Add the 'Administrators' group (just enter Administrators).

What this will do is allow you to add a user to your custom Local Admins group on the server, and it will automatically make them a member of the local Administrators group on the workstation. Bear in mind this does mean every user added to the group will automatically have local Admin rights on all workstations, not just their own.

-tigermatt

-tigermatt
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Sadly not - that's where it gets annoying; you could give them the Administrators group, but you wouldn't really want to for security purposes!

We could make you one though. Create a new security group in Active Directory and add each user to it - or alternatively, just make 'Domain Users' a member of it.

Now create a new Group Policy on the domain. Edit it, and add a Restricted Groups policy (Computer Config, Windows Settings, Security Settings, Restricted Groups. Right-click in main pane, Add Group, press Browse and enter the name of your newly created security group. Press OK twice. Now edit this Restricted Group properties, and in the 'Member of' section, Add the 'Administrators' group (just enter Administrators).

What this will do is allow you to add a user to your custom Local Admins group on the server, and it will automatically make them a member of the local Administrators group on the workstation. Bear in mind this does mean every user added to the group will automatically have local Admin rights on all workstations, not just their own.

-tigermatt

-tigermatt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

Folder redirection stopped working.

I have a security group called "staff" that is a member of "administrators".  Folder redirection is linked to the group staff.  I add a user and add the user to the group "staff" on the Server.  I go to the client and execute gpupdate, and add the user to the domain (I first try to logon remotely but local policy doesn't allow.) as an administrator.  "Staff" isn't an option.  Log off and back on as the new user, add something to Documents, start menu, etc. and log off.  Log onto Server and there are no redirected folders.

Why isn't folder redirection being used?
0
 

Author Comment

by:wilri01
Comment Utility
PS.  The redirected folders are shared and "everyone" has full access.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

First of all, can I get you to run rsop.msc from one of the client workstations. Browse to the location where folder redirection is configured and see if the policy is applied.

Second, at a command prompt, type gpresult. Look for the name of your Folder Redirection policy under the 'User Configuration' section of the output, and see whether it says it was applied or Filtered out (if the latter, it will tell you why too).

-Matt
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

There is an error with RSoP, "invalid namespace".  The snap in opens with a red X on the computer, and there is no folder redirection node.

The error log shows lots of errors. The most promising is that group policy processing is aborted because the domain is either invalid or cannot be contacted.  The computer name is Saphire and it shows on the Server as being a domain computer.  And I've been able to add two domain (administrator) user accounts.
0
 

Author Comment

by:wilri01
Comment Utility
Also, tried again just now and first get a message saying there is another RS0P process already running and results may be invalid, click OK to continue.  But I've just logged on and can't see program running, nor any process with a name like RSoP.  I can get to the shared folders on the Server via Windows Explorer.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Sounds like it could be your machine. What errors are logged in either the Application/System logs at the time when you startup the PC and login? That might give us some more detailed information on what is going on here.

Also, check this isn't just one particular machine by testing from another machine too.

Cheers,

-Matt
0
 

Author Comment

by:wilri01
Comment Utility
I was able to add the same user on another client and folders were redirected okay. But that client was added some time ago. I think I may have screwed something up on the Server Group Policy.

But I have another higher priority issue now.  One of the computers NOT added to the domain takes about a minute to save a file in a shared folder on the Server. Same file can be saved quickly from other computers. With autosave every 10 min. it became completely bottlenecked and couldn't access anything for minutes at a time.

This has been going on for a week or so trying different things, so I finally just rebuilt the entire XP system from scratch out of desporation. Then to my dismay, when I connected it to the network, it couldn't get to anything at all!  It had worked just fine on my home workgroup where I built it.

Error log showed another client (not on domain) denied its access, and then a master browser election was held.

I have since set computer browser task disabled on that client since I want either the Server or our webserver XP client on the domain to be the master browser.  But why would it object?

It was set to a static IP address which is not duplicated.  And switching to DHCP didn't help.

The router has a network database, and there was no duplicate IP address or MAC address.

If I knew how to find the current master browser machine, I'd do a netstat /flushdns.  But I'm at a loss here.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
Comment Utility

If there is something screwed up on the Server Group Policy, that will affect everybody, so it's either an issue with one particular workstation, or that particular user in question has been corrupted on one particular workstation.

With regards to the other issue, I'm not too sure what's going on there. Can the workstation not see anything on the network? Is the 'Computer Browser' service started and running?
0
 

Author Comment

by:wilri01
Comment Utility
tigermatt,

I guess if one stays in this business long enough, one will see everything that can fail, fail.

The latest connectivity problem was a bad port on our 24 port switch - a first for me.

I guess for this one PC having the folder redirection problem, I can use the normal redirection for My Documents, and move on.

I can't tell you how much it has meant to me to have you helping me work through creating a domain.  

If you are curious, our website is http://www.csldallas.org.

You've really earned your 500 points on this question.  

Regards,
Dick
0
 

Author Closing Comment

by:wilri01
Comment Utility
If I can ever return the favor, you can reach me at dick@csldallas.org.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Thank you, your words really mean a lot :-)
If you've any more issues, post them in a question and let me know (email address in my profile) and I'd be more than willing to help you!

Thanks,
-Matt
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now