Solved

Windows 2003 AD not working. Cant create users/edit passwords

Posted on 2010-09-11
9
352 Views
Last Modified: 2012-05-10
Hi
We have a windows 2003 Server and we now have some fault in Active Directory.

The only issue we had before this, was that the C drive had no place left. We have now freed 30GB (not deleted system files. Fault was there before) I am not sure if this is what has caused it.

I can open AD without giving us errors, But if i try to edit a password or add a user i get an error:
"Windoes cannot complete the password change for asg because:
The system cannot find the file specified"

I also get errors in Event viewer like:

ERROR1:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            9/11/2010
Time:            8:44:32 PM
User:            NT AUTHORITY\SYSTEM
Computer:      TERMINALSRV
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

ERROR2:
Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      111
Date:            9/11/2010
Time:            8:44:32 PM
User:            DOMHEL\administrator
Computer:      TERMINALSRV
Description:
Unable to apply folder redirection policy, initialization failed.


I am not sure where to start. I think the 3 fault I have is related, but as I am not an expert in AD, I am a little affraid to do something wrong.

Can anyone give me som hints to where to start?

Have attached a picture showing the error in AD

Kind Regards
Morten


active-directory-error.png
0
Comment
Question by:morten444
9 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 33654440
I might suggest that you enable Auditing
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33654446
Also can you make sure that you have not deleted the SYSVOL folder present at \\youmachinename, also can you check the status of FSMO roles...
0
 

Author Comment

by:morten444
ID: 33654514
Hi
Thanks for your reply.
I did not understand the Audit part. What should i Audit?

The SYSVOL folder is there and I can click myself through it all the way down through policy to file level

Check Status of FSMO roles.
I can open all things in Active Directory as normal.

I tried to google "check status FSMO Roles" but cant see to find out how you check if all 5 are running

Any more hints how to procede?

Regards
Morten
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Expert Comment

by:Bawer
ID: 33654526
download MS support tools and administrative tools, that will help alot in troubleshooting such issues, also regarding the auditing, this can be done in group policy under the security settings\..\audit policy
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33655219
ok. is this server the only dc?

try to see if there are errors in the eventviewer.
do a dcdiag in a cmd box .. if it's not the only dc see if the problem is only on this dc. if it is, do a d2 to reset ad.
http://support.microsoft.com/kb/315457

or demoted and promote ... but d2 is easier
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 33655454
windows server 2003 STD edition sp2 ?
This issue may occur if the ‘Administrator’ account’s profile is corrupt.

Now I suggest we try to log on with another Administrator account and check if the user password can be reset. If the other user can reset password properly, please rename the “Documents and Settings\<Problematic User>” folder to “Documents and Settings\<Problematic User>_old” and then logon to the problematic user to test this issue again. If the user profile cannot be renamed, you may need to boot the server into Safe Mode and then rename it.

the event ids that you have posted are not related to this issue

Hope this will help you with this issue.
0
 
LVL 11

Expert Comment

by:sighar
ID: 33656000
To check where the FSMO roles are, you run a cmd window as admin and type "netdom /query fsmo". Post it here.
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33657667
try following user profile change as suggested by dhruvarajp,, if did not help , then paste your complete DC details so look further into the issue mean while prepare all the tools...
0
 

Author Closing Comment

by:morten444
ID: 33658040
Spot on. Luckely we had a backdoor admin account i could logon as and it worked. I will down recreate the admin profile so it also work for him.
Thanks for your help
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question