AD issues dre[ at ]ms <drems.3l8b7c[ at ]DoNotSpam.com> 12/30/2008 11:15:27 AM Hi, Welcome me to this forum..The reason I joined this forum is to solve my issues or probably setting up my first AD. I have a server running Win2K3..One forest..One domain concept. To this server I will be connecting 25 computers, in which 20 run with XP and remaining running with Vista. As of now, the senior management will connect to this server but no policies on effect, there is the junior management who connects and policies are enforced. There is another group, roaming in which the same applies but some policies are not applicable. So I have created 2 OU one for the junior and one for the roaming. The issues I face are below.. 1. I want the interactive logon text message to be displayed for each and every user who has connected to the domain..but it is not happening, I have enabled not to use Ctrl+Alt+Del, given text as well as title..But when the user connects to the domain, they are getting the Ctrl+Alt+Del option and no Text or title messages. Why?? 2. The changes I do in the GPO for the OU doesn't reflect immediately!!! Either I do the things and check the next day/uncheck link and enforced, login without GPO and then restart machine, enable link and enforced and check. Why this is so??? 3. Some of the accounts gets locked automatically eventhough no security policies have been mentioned for Account lockout!!! Why??? 4. Now into file server concept, I have created each user a folder in D drive and have given only that user full rights in the security. I will hide all the other drives in the users machine, once they login to their machine, they will map the drive created in the Server. All the work they do will be save there. Now I want their My documents to be redirected to this network drive. How?? More to come, but these are the major issues causing a delay in deploying the Server online. Please help me out techies. T i A -- dre[ at ]ms ------------------------------------------------------------------------ dre[ at ]ms's Profile: http://forums.techarena.in/members/dre-ms.htm View this thread: http://forums.techarena.in/active-directory/1095276.htm http://forums.techarena.in

Re: AD issues "Florian Frommherz [MVP]" <florian[ at ]frickelsoft.DELETETHIS.net> 12/30/2008 12:52:58 PM Howdie! dre[ at ]ms wrote: [Quoted Text] > 1. I want the interactive logon text message to be displayed for each > and every user who has connected to the domain..but it is not happening, > I have enabled not to use Ctrl+Alt+Del, given text as well as title..But > when the user connects to the domain, they are getting the Ctrl+Alt+Del > option and no Text or title messages. Why?? Is the policy linked to the correct OU? That's a computer configuration, correct? Did you link it to an OU with machines? > 2. The changes I do in the GPO for the OU doesn't reflect > immediately!!! Either I do the things and check the next day/uncheck > link and enforced, login without GPO and then restart machine, enable > link and enforced and check. Why this is so??? Changes to GP may take up to 120 minutes until the machines apply them (by default) as they periodically pull changes off the DCs. > 3. Some of the accounts gets locked automatically eventhough no > security policies have been mentioned for Account lockout!!! Why??? Hum - services that have wrong user passwords configured and try to authenticate which results in an account lockout? Turn on auditing on the DC(s) to see where and when the lockout happens. That might give you the reason. > 4. Now into file server concept, I have created each user a folder in D > drive and have given only that user full rights in the security. I will > hide all the other drives in the users machine, once they login to their > machine, they will map the drive created in the Server. All the work > they do will be save there. Now I want their My documents to be > redirected to this network drive. How?? Wipe the folders you created and have a look at Folder Redirection of Group Policy. It creates the folders for you with the right security. cheers, Florian -- Microsoft MVP - Group Policy eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog. Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Re: AD issues Meinolf Weber [MVP-DS] 12/30/2008 12:59:51 PM Hello drems, Active directory is based on DNS. So, that all domain members will work correctly DNS must setup correct. The domain controller will also act as DNS server i assume, so make sure that all domain machines uses this one as the DNS server on the NIC, not other external DNS servers. 1. GPO's apply to users and/or computers, so they have to be linked to an OU where the user account or computer account in AD users and computers is located. You should not change the default domain policy and the default domain controller policy, leave them as they are so in case of problems you can always revert back to the starting policies. If you need additional settings create your own policies and link them also to the needed OU. Also i would not link policies to domain level, becasue this will effect all in the domain, better create your own OU structure which reflects your needed company structure. Here move the users/computer to and link the new policies with your needs. Start here with Group policies: http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx 2. Policies changed in AD will not immediately apply to the users/computers, based on the settings, by default it will take up to 90 minutes for a policy refresh on the client's. So that's one point for the delay. Also if users and computers are located in the default user/computer container will not apply all policies. Move them to your own created OU's, where the policies are linkled to. 3. Account lockout is configured in a policy on domain level, if no other the default domain policy, please post the settings. 4. See here about folder redirection: http://technet.microsoft.com/en-us/library/cc778976.aspx http://technet.microsoft.com/en-us/library/cc785925.aspx http://technet.microsoft.com/en-us/library/cc786749.aspx http://technet.microsoft.com/en-us/library/cc782799.aspx http://technet.microsoft.com/en-us/library/cc781907.aspx Do you have any experience with managaing a domain? Sounds that you have not so much. So i would think about to take some courses over the basics or at least buy some MS books about AD configuration. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm [Quoted Text] > Hi, > > Welcome me to this forum..The reason I joined this forum is to solve > my issues or probably setting up my first AD. > > I have a server running Win2K3..One forest..One domain concept. > > To this server I will be connecting 25 computers, in which 20 run with > XP and remaining running with Vista. > > As of now, the senior management will connect to this server but no > policies on effect, there is the junior management who connects and > policies are enforced. There is another group, roaming in which the > same applies but some policies are not applicable. So I have created 2 > OU one for the junior and one for the roaming. The issues I face are > below.. > > 1. I want the interactive logon text message to be displayed for each > and every user who has connected to the domain..but it is not > happening, I have enabled not to use Ctrl+Alt+Del, given text as well > as title..But when the user connects to the domain, they are getting > the Ctrl+Alt+Del option and no Text or title messages. Why?? > > 2. The changes I do in the GPO for the OU doesn't reflect > immediately!!! Either I do the things and check the next day/uncheck > link and enforced, login without GPO and then restart machine, enable > link and enforced and check. Why this is so??? > > 3. Some of the accounts gets locked automatically eventhough no > security policies have been mentioned for Account lockout!!! Why??? > > 4. Now into file server concept, I have created each user a folder in > D drive and have given only that user full rights in the security. I > will hide all the other drives in the users machine, once they login > to their machine, they will map the drive created in the Server. All > the work they do will be save there. Now I want their My documents to > be redirected to this network drive. How?? > > More to come, but these are the major issues causing a delay in > deploying the Server online. > > Please help me out techies. > > T i A > > http://forums.techarena.in >

Re: AD issues dre[ at ]ms <drems.3l8p3b[ at ]DoNotSpam.com> 12/30/2008 4:20:00 PM Is the policy linked to the correct OU? That's a computer configuration, correct? Did you link it to an OU with machines? Yes, it is linked to the correct OU, but it never displays..also what do you mean by machines??? I have created only users and groups in AD Users and Directories..Do I need to create computers also?? Changes to GP may take up to 120 minutes until the machines apply them (by default) as they periodically pull changes off the DCs. Ohhhh!!! god this is way too long..then how would I check the settings whether it is working or not??? Hum - services that have wrong user passwords configured and try to authenticate which results in an account lockout? Turn on auditing on the DC(s) to see where and when the lockout happens. That might give you the reason. Auditing is already enabled..but where to check the log of it??? Wipe the folders you created and have a look at Folder Redirection of Group Policy. It creates the folders for you with the right security. Have tried..but not working..will again give it a try by refering to the below links -- dre[ at ]ms ------------------------------------------------------------------------ dre[ at ]ms's Profile: http://forums.techarena.in/members/dre-ms.htm View this thread: http://forums.techarena.in/active-directory/1095276.htm http://forums.techarena.in