Solved

Windows 2003 AD not working. Cant create users/edit passwords

Posted on 2010-09-11
9
324 Views
Last Modified: 2012-05-10
Hi
We have a windows 2003 Server and we now have some fault in Active Directory.

The only issue we had before this, was that the C drive had no place left. We have now freed 30GB (not deleted system files. Fault was there before) I am not sure if this is what has caused it.

I can open AD without giving us errors, But if i try to edit a password or add a user i get an error:
"Windoes cannot complete the password change for asg because:
The system cannot find the file specified"

I also get errors in Event viewer like:

ERROR1:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            9/11/2010
Time:            8:44:32 PM
User:            NT AUTHORITY\SYSTEM
Computer:      TERMINALSRV
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

ERROR2:
Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      111
Date:            9/11/2010
Time:            8:44:32 PM
User:            DOMHEL\administrator
Computer:      TERMINALSRV
Description:
Unable to apply folder redirection policy, initialization failed.


I am not sure where to start. I think the 3 fault I have is related, but as I am not an expert in AD, I am a little affraid to do something wrong.

Can anyone give me som hints to where to start?

Have attached a picture showing the error in AD

Kind Regards
Morten


active-directory-error.png
0
Comment
Question by:morten444
9 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 33654440
I might suggest that you enable Auditing
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33654446
Also can you make sure that you have not deleted the SYSVOL folder present at \\youmachinename, also can you check the status of FSMO roles...
0
 

Author Comment

by:morten444
ID: 33654514
Hi
Thanks for your reply.
I did not understand the Audit part. What should i Audit?

The SYSVOL folder is there and I can click myself through it all the way down through policy to file level

Check Status of FSMO roles.
I can open all things in Active Directory as normal.

I tried to google "check status FSMO Roles" but cant see to find out how you check if all 5 are running

Any more hints how to procede?

Regards
Morten
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33654526
download MS support tools and administrative tools, that will help alot in troubleshooting such issues, also regarding the auditing, this can be done in group policy under the security settings\..\audit policy
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33655219
ok. is this server the only dc?

try to see if there are errors in the eventviewer.
do a dcdiag in a cmd box .. if it's not the only dc see if the problem is only on this dc. if it is, do a d2 to reset ad.
http://support.microsoft.com/kb/315457

or demoted and promote ... but d2 is easier
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 33655454
windows server 2003 STD edition sp2 ?
This issue may occur if the ‘Administrator’ account’s profile is corrupt.

Now I suggest we try to log on with another Administrator account and check if the user password can be reset. If the other user can reset password properly, please rename the “Documents and Settings\<Problematic User>” folder to “Documents and Settings\<Problematic User>_old” and then logon to the problematic user to test this issue again. If the user profile cannot be renamed, you may need to boot the server into Safe Mode and then rename it.

the event ids that you have posted are not related to this issue

Hope this will help you with this issue.
0
 
LVL 11

Expert Comment

by:sighar
ID: 33656000
To check where the FSMO roles are, you run a cmd window as admin and type "netdom /query fsmo". Post it here.
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33657667
try following user profile change as suggested by dhruvarajp,, if did not help , then paste your complete DC details so look further into the issue mean while prepare all the tools...
0
 

Author Closing Comment

by:morten444
ID: 33658040
Spot on. Luckely we had a backdoor admin account i could logon as and it worked. I will down recreate the admin profile so it also work for him.
Thanks for your help
0

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now