Solved

Windows 2003 AD not working. Cant create users/edit passwords

Posted on 2010-09-11
9
358 Views
Last Modified: 2012-05-10
Hi
We have a windows 2003 Server and we now have some fault in Active Directory.

The only issue we had before this, was that the C drive had no place left. We have now freed 30GB (not deleted system files. Fault was there before) I am not sure if this is what has caused it.

I can open AD without giving us errors, But if i try to edit a password or add a user i get an error:
"Windoes cannot complete the password change for asg because:
The system cannot find the file specified"

I also get errors in Event viewer like:

ERROR1:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            9/11/2010
Time:            8:44:32 PM
User:            NT AUTHORITY\SYSTEM
Computer:      TERMINALSRV
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

ERROR2:
Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      111
Date:            9/11/2010
Time:            8:44:32 PM
User:            DOMHEL\administrator
Computer:      TERMINALSRV
Description:
Unable to apply folder redirection policy, initialization failed.


I am not sure where to start. I think the 3 fault I have is related, but as I am not an expert in AD, I am a little affraid to do something wrong.

Can anyone give me som hints to where to start?

Have attached a picture showing the error in AD

Kind Regards
Morten


active-directory-error.png
0
Comment
Question by:morten444
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 33654440
I might suggest that you enable Auditing
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33654446
Also can you make sure that you have not deleted the SYSVOL folder present at \\youmachinename, also can you check the status of FSMO roles...
0
 

Author Comment

by:morten444
ID: 33654514
Hi
Thanks for your reply.
I did not understand the Audit part. What should i Audit?

The SYSVOL folder is there and I can click myself through it all the way down through policy to file level

Check Status of FSMO roles.
I can open all things in Active Directory as normal.

I tried to google "check status FSMO Roles" but cant see to find out how you check if all 5 are running

Any more hints how to procede?

Regards
Morten
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:Bawer
ID: 33654526
download MS support tools and administrative tools, that will help alot in troubleshooting such issues, also regarding the auditing, this can be done in group policy under the security settings\..\audit policy
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33655219
ok. is this server the only dc?

try to see if there are errors in the eventviewer.
do a dcdiag in a cmd box .. if it's not the only dc see if the problem is only on this dc. if it is, do a d2 to reset ad.
http://support.microsoft.com/kb/315457

or demoted and promote ... but d2 is easier
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 33655454
windows server 2003 STD edition sp2 ?
This issue may occur if the ‘Administrator’ account’s profile is corrupt.

Now I suggest we try to log on with another Administrator account and check if the user password can be reset. If the other user can reset password properly, please rename the “Documents and Settings\<Problematic User>” folder to “Documents and Settings\<Problematic User>_old” and then logon to the problematic user to test this issue again. If the user profile cannot be renamed, you may need to boot the server into Safe Mode and then rename it.

the event ids that you have posted are not related to this issue

Hope this will help you with this issue.
0
 
LVL 11

Expert Comment

by:sighar
ID: 33656000
To check where the FSMO roles are, you run a cmd window as admin and type "netdom /query fsmo". Post it here.
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33657667
try following user profile change as suggested by dhruvarajp,, if did not help , then paste your complete DC details so look further into the issue mean while prepare all the tools...
0
 

Author Closing Comment

by:morten444
ID: 33658040
Spot on. Luckely we had a backdoor admin account i could logon as and it worked. I will down recreate the admin profile so it also work for him.
Thanks for your help
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question