Active Directory 2003/Naming information cannot be located because: Access denied.

A co-worker of mine is trying to open "Active directory users and computers" and is getting this error-  "Naming information cannot be located because: Access denied."  This started yesterday.  We tried taking his computer off the domain and readding it.  
LVL 2
drj003Asked:
Who is Participating?
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
How many groups is he a member of?
0
 
jkeegan123Commented:
Is this an issue JUST with his PC?  Try running this from a server domain controller logged in as the same user to see if it runs.

If it is just his PC, check the following:

- DNS entries point to valid Active Directory DNS servers
- Administrative toolset is installed (you can install by running from any servers C:\WINDOWS\SYSTEM32\ADMINPAK.MSI)
0
 
drj003Author Commented:
Hi jkeegan123,

Thanks for the response.  It's only with one computer.  He has tried reinstalling RSAT (this is a Win7 computer).

We have tried pointing to a valid DNS server and have also tried using DHCP.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
drj003Author Commented:
It's specific to the user's account.  I can use AD users and computers on his machine.  He can't use it on any machine.
0
 
maxxmyerCommented:
the users AD permissions are?
0
 
Adam BrownSr Solutions ArchitectCommented:
Check the user's group membership. In order to use ADUC you need to have the appropriate permissions to read objects in Active Directory.
0
 
drj003Author Commented:
The user is a member of the same groups he was when it worked.  I am assuming this is how permissions are propagated in Active directory, but I'm not an expert at AD.

Is there another way to assign permissions, besides the groups the user is a member of?
0
 
Adam BrownSr Solutions ArchitectCommented:
Yes. Open ADUC, go to View, select Advanced Features. From there you can right click on any object in AD and check the permissions that are set on the security tab. He may have a deny entry on his account somewhere. You should also be able to use the effective permissions tool in the Advanced security thing.
0
 
drj003Author Commented:
His effective permissions are exactly like mine.
0
 
jkeegan123Commented:
Is the useruser an administrator?
0
 
snusgubbenCommented:
Same issue if you try to open ie. AD Sites & Services?
0
 
drj003Author Commented:
The user is an administrator.  

The same error happens when opening AD Sites and Services.
0
 
Adam BrownSr Solutions ArchitectCommented:
So, just to recap the issue, he can't access ADUC on his computer, but can on others, and other users can access ADUC on his computer, is that correct?
0
 
drj003Author Commented:
He cannot access it on any machine.  I can access ADUC with my profile on his machine.  It's user id specific.
0
 
snusgubbenCommented:
Does he have a roaming profile?
0
 
drj003Author Commented:
He is a member of 29 groups and does not have a roaming profile.
0
 
Adam BrownSr Solutions ArchitectCommented:
Is his account listed specifically in the AD ACLs for the domain?
0
 
snusgubbenCommented:
With you logged on the PC with RSAT open cmd:

runas /user:domain\username "mmc dsa.msc"

(where domain reflect your domain, and username is the name of the user with this problem)

Same issue?


Logged on with the user with this problem:

dsa.msc /domain=domain

dsa.msc /server=DC01.domain.com

Still no luck?





 
0
 
drj003Author Commented:
When removing groups and condensing down to only the groups he needed, it worked.  One of the groups permissions must have gotten changed.
0
 
Adam BrownSr Solutions ArchitectCommented:
Well, there is a known issue where if a user is a member of too many groups they can overflow the security token, but that's usually after someone is a member of 120 groups or more. At any rate, glad you got it sorted.
0
 
drj003Author Commented:
thanks for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.