Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot Add new Users on Domain Controller.

Status
Not open for further replies.
Assimilator

Assimilator

Technical User
Dec 26, 2002
33
0
0
CA
About a week ago I had a Hard Drive totally die on me. Was just one HD in there with no backup or anything as it died very soon after getting everything installed (Day or two).

So I got another HD in there now running fine. Got two DC's one labelled as server02 and this one which is server01

When the previous Hard Drive crashed I had it also labbeled as server01. I didn't have a chance to run dcpromo as the HD was that bad off.

Now after the reinstall with the same settings as before I now have an error in my error log about SAM with the code of 16550. Can't find anything about 16550 and there's so many different things with SAM and nothing I can find resmbles my problem at all that I could see.

When I try to go to that machine and add a new user through the AD Users and Computers Snap In, as soon as I go to complete the new user add it gives me an error (I can't remember exactly what it is as I'm not at the machine right now, however I remember it said "DENIED"). Also when I go to edit the GPO for one of my groups I get a popup window that gives me three options with one of them being "Use any Available Domain Controller"

I did find something somewhere about making sure that Enterprise Admins had proper Access in the Domain Controllers Container. i checked and it does have all the proper permissions there.


The Errors in the Event Viewer is fgor the SAM and happens about once every two minutes.

Anyone got any ideas? -------------------------------
MCSE in training.
Currently I've gone through the following books:
70-210 Win2K Professional
70-215 Win2K Server
 
Sort by date Sort by votes
Is it possible by not being able to do the DC Promo before when the last one died and then now using the same Server name i've made a mess of it and should DC Promo it again and change the name to something different from the other one? I am using the Exact same password on the new install as the old install -------------------------------
MCSE in training.
Currently I've gone through the following books:
70-210 Win2K Professional
70-215 Win2K Server
 
Upvote 0 Downvote
Hi,

I assume you are talking about W2K?

A DC under W2K can have a couple of roles (first DC) (so called FSMO roles). in this case i think you lost one or more of these roles when your harddisk crashed.... This role normally takes care of useraccounts.

check the microsoft site for "fsmo, server role AD" and read how you can transfer the roles to a different DC.

Regards, Ferdinand
 
Upvote 0 Downvote
Yes I did forget to mention it was W2K Server

The one that crashed was the first DC that was on the network (As you figured out by my naming conventions)

Thanks for the tip, I'l go take a look and see if any of the suggestions on there will help. -------------------------------
MCSE in training.
Currently I've gone through the following books:
70-210 Win2K Professional
70-215 Win2K Server
 
Upvote 0 Downvote
Wow man its too bad the pc's have not been pulled out of the Domain before that crash happend , its a shame you didnt have any back up's You are going to have to reconfigure your main server and then start from scratch it sucks but the the SID'S for users and computers are only going to be good with that unique domain name ! It sucks , but you are going to have to Re do Everything and then pull what ever files and folders you would need to use on the folders under the administrators folders from the old domains account on the desktops (workstations ) do that after the computers have been joined to the new domain !
It sucks Have fun good luck............
 
Upvote 0 Downvote
ok I found the answer, and was able to do it without having to reset everything.

haveman you were right. I had to go and claim the RID Master role back from limbo for the machine.

Using the ntdsutil.exe and using the seize rid master command it has now gotten rid of my error message and now allows me to add new users w/o any problems at all on both Domain Controllers.

Full info is at: -------------------------------
MCSE in training.
Currently I've gone through the following books:
70-210 Win2K Professional
70-215 Win2K Server
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
189
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
122
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
163
fredmartinmaine
fredmartinmaine
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
92
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top