I have just finished installing Windows 2000 Server and our network runs XP/2000/98. Certain computers have shared printers and for some reason, other client computers cannot connect to the shared printers. Although the XP Machines can print after logging on the to the shared printer computer, for some reason I cannot gain access to the domain controller to add users even though all computers are logging onto the domain. I have check the global sec. setting and there seems to be no problem as all the users have access. I have set up DNS integrated with AD and the server is set up as "per server," though I was contemplating changing it to "per seat."
Start with the basics. Run the NETDIAG.exe utility on the Domain Controller to make sure that everything checks out. This tool is available from the Windows 2000 CD support tools. Keep in mind that the various clients that you are referring to operate differently. The Windows 2000 and Windows XP clients will be leveraging DNS to locate resources on the network. The Windows 9x clients will be using WINS and Broadcasts. So, if you are having problems connecting to resources, especially Active Directory Resources, you will want to make sure that DNS is healthy and that all of the proper DNS entries are present in the DNS. Just because the DC's name appears in DNS does NOT mean that DNS has all of the entries. Active Directory stores many more entries regarding services in DNS. Here is an article from Microsoft that explains how some of the entries are used and what they look like:
I seriously doubt that the per server vs per seat is an issue unless you are getting licensing errors in the event log. DNS is a more likely suspect.
You did not mention whether this was an upgrade from NT 4.0 or a new AD installation. If you upgraded, you may want to make sure that the Domain Controllers FQDN is properly set. Run IPCONFIG /ALL to see the information. If the Domain Controllers FQDN (listed at the top of the IPCONFIG display) does not match the domain name, then you have a problem that will require a rebuild of the AD. Here is what I mean:
Let's say I upgraded my NT 4.0 PDC to a Windows 2000 machine. Originally my DNS suffix on NT 4.0 was .Domain.com so my DC was called MYDC.Domain.com. When I create the AD, I decided to call my domain MYDomain.com. Since I did not change the NT 4.0's DNS suffix prior to the upgrade, I end up with this:
FQDN of Server = MyDC.domain.com
FQDN of DOmain = My.domain.com
These are incompatible, resulting in an inability for the DC to locate itself and it's domain resources correctly. Rebuilding of the machine is required. Now, I am not saying this is your problem, but you will want to check. Remember, start with NETDIAG.exe (and perhaps DCDIAG.exe) to diagnose the problem.
Dig Deeper on Windows systems and network management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.