Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Windows 2003 AD not working. Cant create users/edit passwords

Hi
We have a windows 2003 Server and we now have some fault in Active Directory.

The only issue we had before this, was that the C drive had no place left. We have now freed 30GB (not deleted system files. Fault was there before) I am not sure if this is what has caused it.

I can open AD without giving us errors, But if i try to edit a password or add a user i get an error:
"Windoes cannot complete the password change for asg because:
The system cannot find the file specified"

I also get errors in Event viewer like:

ERROR1:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            9/11/2010
Time:            8:44:32 PM
User:            NT AUTHORITY\SYSTEM
Computer:      TERMINALSRV
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

ERROR2:
Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      111
Date:            9/11/2010
Time:            8:44:32 PM
User:            DOMHEL\administrator
Computer:      TERMINALSRV
Description:
Unable to apply folder redirection policy, initialization failed.


I am not sure where to start. I think the 3 fault I have is related, but as I am not an expert in AD, I am a little affraid to do something wrong.

Can anyone give me som hints to where to start?

Have attached a picture showing the error in AD

Kind Regards
Morten


active-directory-error.png
0
morten444
Asked:
morten444
1 Solution
 
BawerCommented:
I might suggest that you enable Auditing
0
 
BawerCommented:
Also can you make sure that you have not deleted the SYSVOL folder present at \\youmachinename, also can you check the status of FSMO roles...
0
 
morten444Author Commented:
Hi
Thanks for your reply.
I did not understand the Audit part. What should i Audit?

The SYSVOL folder is there and I can click myself through it all the way down through policy to file level

Check Status of FSMO roles.
I can open all things in Active Directory as normal.

I tried to google "check status FSMO Roles" but cant see to find out how you check if all 5 are running

Any more hints how to procede?

Regards
Morten
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
BawerCommented:
download MS support tools and administrative tools, that will help alot in troubleshooting such issues, also regarding the auditing, this can be done in group policy under the security settings\..\audit policy
0
 
p_nutsCommented:
ok. is this server the only dc?

try to see if there are errors in the eventviewer.
do a dcdiag in a cmd box .. if it's not the only dc see if the problem is only on this dc. if it is, do a d2 to reset ad.
http://support.microsoft.com/kb/315457

or demoted and promote ... but d2 is easier
0
 
dhruvarajpCommented:
windows server 2003 STD edition sp2 ?
This issue may occur if the ‘Administrator’ account’s profile is corrupt.

Now I suggest we try to log on with another Administrator account and check if the user password can be reset. If the other user can reset password properly, please rename the “Documents and Settings\<Problematic User>” folder to “Documents and Settings\<Problematic User>_old” and then logon to the problematic user to test this issue again. If the user profile cannot be renamed, you may need to boot the server into Safe Mode and then rename it.

the event ids that you have posted are not related to this issue

Hope this will help you with this issue.
0
 
Sigurdur HaraldssonSystem AdministratorCommented:
To check where the FSMO roles are, you run a cmd window as admin and type "netdom /query fsmo". Post it here.
0
 
BawerCommented:
try following user profile change as suggested by dhruvarajp,, if did not help , then paste your complete DC details so look further into the issue mean while prepare all the tools...
0
 
morten444Author Commented:
Spot on. Luckely we had a backdoor admin account i could logon as and it worked. I will down recreate the admin profile so it also work for him.
Thanks for your help
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now