Tip

Active Directory: Trouble starting AD Users and Computers

The following is a collection of expert responses to reader questions by Laura Hunter.

    Requires Free Membership to View

Laura E. Hunter

How can I reset our Active Directory Restore Mode password?

We have to set this while installing the AD through the DCPromo command. I was not working here when the previous administrator installed this Active Directory, so I don't know the Restore Mode password. Can you help me to reset it?

Laura Hunter: In Windows 2000, use the setpwd command as described here . For Windows 2003, you can use ntdsutil as described here. To automate setting the DSRM password across multiple domain controllers, go here for a script written by Directory Services MVP Dean Wells that will automate the process.

I have a problem regarding my Windows 2003 domain controller. I have configured this server as a DNS and DHCP server, too. All is running well, but the DHCP declined to be authorized. Every time I try to authorize it, it gives me this error saying "Access Denied". I'm the domain administrator. In event viewer I get event 1059 and 1046.

Looking forward to your response.

LH: You need to have Enterprise Admin credentials to authorize a DHCP server in Active Directory. Check this out to find more information.

I am running Windows 2000 Server as my primary domain controller and running Active Directory. I installed Windows 2003 Server tools on a Windows XP Pro computer to manage my users, etc. The XP machine is in the domain. However, when I try to start Active Directory Users and Computers from the XP computer, I receive a message saying "Naming information cannot be located because: The specified domain either does not exist or could not be contacted."

Can you help me fix this?

LH:In most cases, this error occurs because of improperly-configured DNS. Be certain that your XP workstation is pointing to a DNS server that can resolve the A and SRV records associated with your Active Directory domain, (and not, for example, pointing to your ISP's DNS server.)

What would be a good tool (free) to test DNS environments against any corruptions?

LH: My favorite is DNSLint, which is a free download from Microsoft and is really useful in diagnosing common name resolution issues. Other useful (free) tools include netdiag and dcdiag from the Windows Support tools.

Is there a tool I can use on my Exchange 5.5 server that will give me a report detailing permissions, delegations, etc., such as showacls.exe does in 2000?

LH:You can use a simple VBScript to return this, similar to the following:

On Error Resume Next

Set objGroup = GetObject _
LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

i = 0
For Each strMember in arrMemberOf
i = i + 1
Next

WScript.Echo(i)

My IP address is 169.254.***.*** ...and I guess that's causing some network problem for my desktop. I have found through research that I can reset it using a netshell utility. What exactly is a netshell utility and how does it work?

LH: An IP address of 165.254.*.* means that your PC is attempting to receive an IP address from a DHCP server, but it is unable to do so. Be sure that you can ping your DHCP server and that the DHCP server is active and handing out IP addresses on your subnet. You can find even more helpful information here.

Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft "Most Valuable Professional" award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (APress Publishing). You can contact her at laurahcomputing@gmail.com.

This was first published in March 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.