Solved

Windows 2003 AD not working. Cant create users/edit passwords

Posted on 2010-09-11
9
345 Views
Last Modified: 2012-05-10
Hi
We have a windows 2003 Server and we now have some fault in Active Directory.

The only issue we had before this, was that the C drive had no place left. We have now freed 30GB (not deleted system files. Fault was there before) I am not sure if this is what has caused it.

I can open AD without giving us errors, But if i try to edit a password or add a user i get an error:
"Windoes cannot complete the password change for asg because:
The system cannot find the file specified"

I also get errors in Event viewer like:

ERROR1:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            9/11/2010
Time:            8:44:32 PM
User:            NT AUTHORITY\SYSTEM
Computer:      TERMINALSRV
Description:
The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

ERROR2:
Event Type:      Error
Event Source:      Folder Redirection
Event Category:      None
Event ID:      111
Date:            9/11/2010
Time:            8:44:32 PM
User:            DOMHEL\administrator
Computer:      TERMINALSRV
Description:
Unable to apply folder redirection policy, initialization failed.


I am not sure where to start. I think the 3 fault I have is related, but as I am not an expert in AD, I am a little affraid to do something wrong.

Can anyone give me som hints to where to start?

Have attached a picture showing the error in AD

Kind Regards
Morten


active-directory-error.png
0
Comment
Question by:morten444
9 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 33654440
I might suggest that you enable Auditing
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33654446
Also can you make sure that you have not deleted the SYSVOL folder present at \\youmachinename, also can you check the status of FSMO roles...
0
 

Author Comment

by:morten444
ID: 33654514
Hi
Thanks for your reply.
I did not understand the Audit part. What should i Audit?

The SYSVOL folder is there and I can click myself through it all the way down through policy to file level

Check Status of FSMO roles.
I can open all things in Active Directory as normal.

I tried to google "check status FSMO Roles" but cant see to find out how you check if all 5 are running

Any more hints how to procede?

Regards
Morten
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 10

Expert Comment

by:Bawer
ID: 33654526
download MS support tools and administrative tools, that will help alot in troubleshooting such issues, also regarding the auditing, this can be done in group policy under the security settings\..\audit policy
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33655219
ok. is this server the only dc?

try to see if there are errors in the eventviewer.
do a dcdiag in a cmd box .. if it's not the only dc see if the problem is only on this dc. if it is, do a d2 to reset ad.
http://support.microsoft.com/kb/315457

or demoted and promote ... but d2 is easier
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 33655454
windows server 2003 STD edition sp2 ?
This issue may occur if the ‘Administrator’ account’s profile is corrupt.

Now I suggest we try to log on with another Administrator account and check if the user password can be reset. If the other user can reset password properly, please rename the “Documents and Settings\<Problematic User>” folder to “Documents and Settings\<Problematic User>_old” and then logon to the problematic user to test this issue again. If the user profile cannot be renamed, you may need to boot the server into Safe Mode and then rename it.

the event ids that you have posted are not related to this issue

Hope this will help you with this issue.
0
 
LVL 11

Expert Comment

by:sighar
ID: 33656000
To check where the FSMO roles are, you run a cmd window as admin and type "netdom /query fsmo". Post it here.
0
 
LVL 10

Expert Comment

by:Bawer
ID: 33657667
try following user profile change as suggested by dhruvarajp,, if did not help , then paste your complete DC details so look further into the issue mean while prepare all the tools...
0
 

Author Closing Comment

by:morten444
ID: 33658040
Spot on. Luckely we had a backdoor admin account i could logon as and it worked. I will down recreate the admin profile so it also work for him.
Thanks for your help
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question