A newbie's adventures with AD - HAAAAAALP!!!

Hi,

I've gotten my network, DHCP (authorized), DNS, File Server,
and active directory set up with Windows 2003 server
(Enterprise Edition).

My client (Windows 2000 Pro) is a part of my (only) domain,
and I can see it from my server,
and I can access all the shares on the client from the server.

I have published shares on the server in active directory,
but I cannot see any of them on the client.


In system explorer on the client:

My Network Places > Entire Network > Directory

I can see the Domain Name ("DNS-Domain-01"),
but there's nothing there - it's empty.

Can anyone give this poor fool a clue as to what the problem is?

It's probably something simple that I've overlooked.


Someone from another group gave me a link to a page from the MS Knowledge base,
and that helped immensely:

>Publishing a Shared Folder in Windows 2000 Active Directory
>http://support.microsoft.com/default...roduct=win2000


I did as instructed ...

I've created an Organizational Unit on the server, then populated it with
a few shares - one for a folder on logical drive I, another for
logical drive K entirely.

Both shares have been published in AD.

On the server (called "WSVR-2003E-01"), in Computer management,
system tools, shared folders, shares ...

Under the share name column, I have 'Folder-on-drive-I-share'
[path - F:\server downloads],
with the number of client connections showing 0.

I right click on it, hit properties, the publish tab, and the path
to shared folder is:
\\WSVR-2003E-01\Folder-on-drive-I-share
Publish this share in Active Directory is checked, BTW.


Also under the share name column, I also have 'Drive-K-Share' [path - K:\],
with the number of client connections also showing 0.

I right click on it, hit properties, the publish tab, and the path
to shared folder is:
\\WSVR-2003E-01\Drive-K-Share
Publish this share in Active Directory is also checked.


Now on to Active Directory Users and Computers ...

Under the Domain name ("DNS-Domain-01.com"), I have
(in the tree on the left pane)
"Organizational Object 01".

In the right pane, I have two entries for the OU:
Drive I share on WSVR-2003E-01 shared folder
Shared K drive on WSVR-2003E-01 shared folder

With the first one (the Drive I share), I right click on it, hit properties,
then the general tab, and under UNC name, it shows:
\\WSVR-2003E-01.DNS-Domain-01.com\Folder-on-drive-I-share

With the second one (the Drive K share), I right click on it, hit properties,
then the general tab, and under UNC name, it shows:
\\WSVR-2003E-01.DNS-Domain-01.com\Drive-K-Share

Does everything look OK so far?

The directory entry for the domain name ("DNS-Domain-01.com")
still turns up empty on the client for Directory under Entire Network.


GRRRRR!!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Users can see this volume while browsing Active Directory. To browse Active Directory:

1. On the desktop, double-click Network Neighborhood or My Network Places.
2. Double-click Entire Network.
3. Click Entire Contents.
4. Double-click Directory.
5. Double-click the domain name, and then double-click TestOU.
6. To view the files in the volume, either right-click the
Published TestShare volume and then click Open, or double-click Published TestShare.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
To search Active Directory for published shares:

1. On the desktop, double-click Network Neighborhood or My Network Places.
2. Double-click Entire Network.
3. Click Entire Contents.
4. Double-click Directory.
5. Right-click the domain, and then click Find.
6. In the Find box, click Shared Folders.
7. In the Named box, type the name of the shared folder you want to find.
8. Click Find Now.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

I clicked on find, told it to search for published shares, and it found nothing.

Do I need to do anything WRT "broadcasting" the presence of the OU to the network?

Do I need to do something on the server to tell it that the client
is a part of the OU?

What am I missing?

Can any of you geniuses clue me in?


*beats head against wall*


- Sam

It sounds as though you've verified connectivity from the server to the
client: have you verified that everything's working from the client to the
server? I'm specifically thinking of DNS, here. Can you access a server
share directly, rather than browsing through Network Places?
(Start-->Run-->\\servername\sharename)

If that doesn't work, then you may have a name resolution problem. See if
you can ping the DNS name of the server from the client, and make sure that
the client is pointing to the server for DNS resolution. You should also
open the DNS console and verify that all of your server records have been
created within DNS.

--
******************************
Laura E. Hunter - MCSE, MCT, MVP
Replies to newsgroup only


"Sam" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hi,
>
> I've gotten my network, DHCP (authorized), DNS, File Server,
> and active directory set up with Windows 2003 server
> (Enterprise Edition).
>
> My client (Windows 2000 Pro) is a part of my (only) domain,
> and I can see it from my server,
> and I can access all the shares on the client from the server.
>
> I have published shares on the server in active directory,
> but I cannot see any of them on the client.
>
>
> In system explorer on the client:
>
> My Network Places > Entire Network > Directory
>
> I can see the Domain Name ("DNS-Domain-01"),
> but there's nothing there - it's empty.
>
> Can anyone give this poor fool a clue as to what the problem is?
>
> It's probably something simple that I've overlooked.
>
>
> Someone from another group gave me a link to a page from the MS Knowledge
> base,
> and that helped immensely:
>
>>Publishing a Shared Folder in Windows 2000 Active Directory
>>http://support.microsoft.com/default...roduct=win2000
>
>
> I did as instructed ...
>
> I've created an Organizational Unit on the server, then populated it with
> a few shares - one for a folder on logical drive I, another for
> logical drive K entirely.
>
> Both shares have been published in AD.
>
> On the server (called "WSVR-2003E-01"), in Computer management,
> system tools, shared folders, shares ...
>
> Under the share name column, I have 'Folder-on-drive-I-share'
> [path - F:\server downloads],
> with the number of client connections showing 0.
>
> I right click on it, hit properties, the publish tab, and the path
> to shared folder is:
> \\WSVR-2003E-01\Folder-on-drive-I-share
> Publish this share in Active Directory is checked, BTW.
>
>
> Also under the share name column, I also have 'Drive-K-Share' [path -
> K:\],
> with the number of client connections also showing 0.
>
> I right click on it, hit properties, the publish tab, and the path
> to shared folder is:
> \\WSVR-2003E-01\Drive-K-Share
> Publish this share in Active Directory is also checked.
>
>
> Now on to Active Directory Users and Computers ...
>
> Under the Domain name ("DNS-Domain-01.com"), I have
> (in the tree on the left pane)
> "Organizational Object 01".
>
> In the right pane, I have two entries for the OU:
> Drive I share on WSVR-2003E-01 shared folder
> Shared K drive on WSVR-2003E-01 shared folder
>
> With the first one (the Drive I share), I right click on it, hit
> properties,
> then the general tab, and under UNC name, it shows:
> \\WSVR-2003E-01.DNS-Domain-01.com\Folder-on-drive-I-share
>
> With the second one (the Drive K share), I right click on it, hit
> properties,
> then the general tab, and under UNC name, it shows:
> \\WSVR-2003E-01.DNS-Domain-01.com\Drive-K-Share
>
> Does everything look OK so far?
>
> The directory entry for the domain name ("DNS-Domain-01.com")
> still turns up empty on the client for Directory under Entire Network.
>
>
> GRRRRR!!!
>
>
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> = = = = = = =
> Users can see this volume while browsing Active Directory. To browse
> Active Directory:
>
> 1. On the desktop, double-click Network Neighborhood or My Network Places.
> 2. Double-click Entire Network.
> 3. Click Entire Contents.
> 4. Double-click Directory.
> 5. Double-click the domain name, and then double-click TestOU.
> 6. To view the files in the volume, either right-click the
> Published TestShare volume and then click Open, or double-click
> Published TestShare.
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> = = = = = = =
>
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> = = = = = = =
> To search Active Directory for published shares:
>
> 1. On the desktop, double-click Network Neighborhood or My Network Places.
> 2. Double-click Entire Network.
> 3. Click Entire Contents.
> 4. Double-click Directory.
> 5. Right-click the domain, and then click Find.
> 6. In the Find box, click Shared Folders.
> 7. In the Named box, type the name of the shared folder you want to find.
> 8. Click Find Now.
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> = = = = = = =
>
> I clicked on find, told it to search for published shares, and it found
> nothing.
>
> Do I need to do anything WRT "broadcasting" the presence of the OU to the
> network?
>
> Do I need to do something on the server to tell it that the client
> is a part of the OU?
>
> What am I missing?
>
> Can any of you geniuses clue me in?
>
>
> *beats head against wall*
>
>
> - Sam

On Mon, 2 Aug 2004 14:40:12 -0400, "Laura E. Hunter \(MVP\)"
<hunter(nospamplease)@sfs.upenn.edu> graced us with her considerable wisdom and wrote:

>It sounds as though you've verified connectivity from the server to the
>client: have you verified that everything's working from the client to the
>server? I'm specifically thinking of DNS, here. Can you access a server
>share directly, rather than browsing through Network Places?
>(Start-->Run-->\\servername\sharename)

From a DOS box, I did the following:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
C:\>\\WSVR-2003E-01\Drive-K-Share
Logon Failure: unknown user name or bad password.

C:\>\\WSVR-2003E-01.DNS-Domain-01.com\Drive-K-Share
Logon Failure: unknown user name or bad password.

C:\>ping DNS-Domain-01.com
Pinging DNS-Domain-01.com [192.168.219.198] with 32 bytes of data:

Reply from 192.168.219.198: bytes=32 time<10ms TTL=128
Reply from 192.168.219.198: bytes=32 time<10ms TTL=128
Reply from 192.168.219.198: bytes=32 time<10ms TTL=128
Reply from 192.168.219.198: bytes=32 time<10ms TTL=128

Ping statistics for 192.168.219.198:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

I am logged in as administrator on both client and server.
When I attached to the Domain, I entered the user as "administrator"
and gave the password for my server.


>If that doesn't work, then you may have a name resolution problem. See if
>you can ping the DNS name of the server from the client, and make sure that
>the client is pointing to the server for DNS resolution.

If I'm getting the domain name in the directory of the network places,
then can I assume that the client is pointing to the server for DNS?

... or not?

Where do I check for this?


> You should also
>open the DNS console and verify that all of your server records have been
>created within DNS.

OK - it looks like it is.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
DNS
WSVR-2003E-01
Forward Lookup Zones
_msdcs.DNS-Domain-01.com
dc
sites
_tcp

Name: _kerberos
Type: Service Location (SRV)
Data: [0][100][88] wsvr-2003e-01.dns-domain-01.com.

Name: _ldap
Type: Service Location (SRV)
Data: [0][100][389] wsvr-2003e-01.dns-domain-01.com.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

DNS
WSVR-2003E-01
Forward Lookup Zones
_msdcs.DNS-Domain-01.com
73a949b9-7969-45fd-b42c-4d0084eb1018
_tcp

Name: _ldap
Type: Service Location (SRV)
Data: [0][100][389] wsvr-2003e-01.dns-domain-01.com.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

DNS
WSVR-2003E-01
Forward Lookup Zones
_msdcs.DNS-Domain-01.com
gc
_tcp

Name: _ldap
Type: Service Location (SRV)
Data: [0][100][3268] wsvr-2003e-01.dns-domain-01.com.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

DNS
WSVR-2003E-01
Forward Lookup Zones
_msdcs.DNS-Domain-01.com
pdc
_tcp

Name: _ldap
Type: Service Location (SRV)
Data: [0][100][389] wsvr-2003e-01.dns-domain-01.com.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

If you see anything wrong here, by all means, clue me in.

- Sam

OK.

I've been fiddling with this some more, and something interesting has happened
- to anyone who is interested.

On the client, I clicked on:
My Network Places
Entire Network
Microsoft Windows Network

... and the name that I gave the server for NETBIOS was subordinated to this:
"Dns-dmn-netbios"

I opened this, and the names for both the client and server were listed.
I clicked on the name of the server ("Wsvr-2003e-01"). I was then prompted for
a username and password. I entered "administrator" - with the password for the server
- clicked OK, and ... voila ... all my shares from the server are there.

... but they are still not present under the domain reference ("DNS-Domain-01")
under Directory for Entire Network.

Does this give anyone any idea as to what the hell is going on?


Another question that has yet to be answered: How do I verify that
all internal clients (servers, DCs, and PCs) are pointing to the internal
DNS server when in an AD environment?


- Sam

"Does this give anyone any idea as to what the hell is going on?"

Yes, this is exactly what will happen if you specify a NetBIOS domain name
which is different from the first (leftmost) level of its DNS domain name.
See:

http://www.microsoft.com/windows2000...b_act_yory.asp

"Another question that has yet to be answered: How do I verify that
all internal clients (servers, DCs, and PCs) are pointing to the internal
DNS server when in an AD environment?"

On each domain member, open a command prompt and enter ipconfig /all

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Sam" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK.
>
> I've been fiddling with this some more, and something interesting has
happened
> - to anyone who is interested.
>
> On the client, I clicked on:
> My Network Places
> Entire Network
> Microsoft Windows Network
>
> ... and the name that I gave the server for NETBIOS was subordinated to
this:
> "Dns-dmn-netbios"
>
> I opened this, and the names for both the client and server were listed.
> I clicked on the name of the server ("Wsvr-2003e-01"). I was then prompted
for
> a username and password. I entered "administrator" - with the password for
the server
> - clicked OK, and ... voila ... all my shares from the server are there.
>
> ... but they are still not present under the domain reference
("DNS-Domain-01")
> under Directory for Entire Network.
>
> Does this give anyone any idea as to what the hell is going on?
>
>
> Another question that has yet to be answered: How do I verify that
> all internal clients (servers, DCs, and PCs) are pointing to the internal
> DNS server when in an AD environment?
>
>
> - Sam

On Wed, 4 Aug 2004 23:06:48 -0400, "Doug Sherman [MVP]"
<(E-Mail Removed)> graced us with his/her considerable wisdom and wrote:

>"Does this give anyone any idea as to what the hell is going on?"
>
>Yes, this is exactly what will happen if you specify a NetBIOS domain name
>which is different from the first (leftmost) level of its DNS domain name.
>See:
>
>http://www.microsoft.com/windows2000...b_act_yory.asp
>

How do I shut down NetBIOS?

All of my clients are running Windows 2000 Pro.

Is there any way to manually change the Logon domain for the client?
I've yet to find anything yet - I'll keep looking, but if anyone has any
idea as to how to do this, I would appreciate it if you would clue me in.


>"Another question that has yet to be answered: How do I verify that
>all internal clients (servers, DCs, and PCs) are pointing to the internal
>DNS server when in an AD environment?"
>
>On each domain member, open a command prompt and enter ipconfig /all

... and IPConfig shows that the domain is as it should be - everything is OK in
that regard.

Thank you very much, Doug.

- Sam

OK, you can disable NetBIOS by right clicking on the Local Area Connection,
highlight TCP/IP, click the Properties button, click the Advanced button,
click the WINS tab. Select Disable NetBIOS.

Not sure this is what you want to do - NetBIOS is required for browsing ie.
My Network Places, Windows Explorer, etc. Without NetBIOS you should still
be able to connect to computers by name - \\computername\share - because DNS
will provide name resolution. If this does not work there is a registry
setting you can change, BUT this will not enable you to browse without
NetBIOS.

Not sure what you mean by changing the logon domain. There are ways to
change the NetBIOS name of a computer, also its primary DNS suffix; however,
I know of no way to change the NetBIOS name of a domain in Windows 2000 -
maybe you can do it in Windows 2003.

If this is an experimental/learning installation, and you are interested in
browsing; I suggest you start over. It's not a big deal and it's good
practice. On the domain controller, run dcpromo to kill the domain. After
reboot, run it again to create a new domain and accept the default NetBIOS
name. You will have to recreate domain user accounts, reauthorize DHCP
server if you have one, and a few other things; but it's probably worth it.

Tip: you are kind of pushing the limit for NetBIOS computer names/domain
names. See:

http://support.microsoft.com/default...b;en-us;163409

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Sam" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 4 Aug 2004 23:06:48 -0400, "Doug Sherman [MVP]"
> <(E-Mail Removed)> graced us with his/her considerable
wisdom and wrote:
>
> >"Does this give anyone any idea as to what the hell is going on?"
> >
> >Yes, this is exactly what will happen if you specify a NetBIOS domain
name
> >which is different from the first (leftmost) level of its DNS domain
name.
> >See:
> >
>
>http://www.microsoft.com/windows2000...fault.asp?url=
/windows2000/techinfo/reskit/en-us/distrib/dsbb_act_yory.asp
> >
>
> How do I shut down NetBIOS?
>
> All of my clients are running Windows 2000 Pro.
>
> Is there any way to manually change the Logon domain for the client?
> I've yet to find anything yet - I'll keep looking, but if anyone has any
> idea as to how to do this, I would appreciate it if you would clue me in.
>
>
> >"Another question that has yet to be answered: How do I verify that
> >all internal clients (servers, DCs, and PCs) are pointing to the internal
> >DNS server when in an AD environment?"
> >
> >On each domain member, open a command prompt and enter ipconfig /all
>
> ... and IPConfig shows that the domain is as it should be - everything is
OK in
> that regard.
>
> Thank you very much, Doug.
>
> - Sam

On Thu, 5 Aug 2004 16:55:26 -0400, "Doug Sherman [MVP]"
<(E-Mail Removed)>
graced us with his/her considerable wisdom and wrote:

>OK, you can disable NetBIOS by right clicking on the Local Area Connection,
>highlight TCP/IP, click the Properties button, click the Advanced button,
>click the WINS tab. Select Disable NetBIOS.
>
>Not sure this is what you want to do - NetBIOS is required for browsing ie.
>My Network Places, Windows Explorer, etc. Without NetBIOS you should still
>be able to connect to computers by name - \\computername\share - because DNS
>will provide name resolution. If this does not work there is a registry
>setting you can change, BUT this will not enable you to browse without
>NetBIOS.

AH!

I thought that NetBIOS was obsolete and extraneous in the 2003/2000/XP
networking environment - so I'm naive and foolish.


>Not sure what you mean by changing the logon domain. There are ways to
>change the NetBIOS name of a computer, also its primary DNS suffix; however,
>I know of no way to change the NetBIOS name of a domain in Windows 2000 -
>maybe you can do it in Windows 2003.
>
>If this is an experimental/learning installation, and you are interested in
>browsing; I suggest you start over. It's not a big deal and it's good
>practice. On the domain controller, run dcpromo to kill the domain. After
>reboot, run it again to create a new domain and accept the default NetBIOS
>name. You will have to recreate domain user accounts, reauthorize DHCP
>server if you have one, and a few other things; but it's probably worth it.

It is (worth it) - I did this, and I'm playing around with it - I'll mess with
it some more when I have more time.


>Tip: you are kind of pushing the limit for NetBIOS computer names/domain
>names. See:
>
>http://support.microsoft.com/default...b;en-us;163409

I'm not averse to pushing any limits, but I'll refrain from doing so until
I gain some more experience.


In the meantime ...


On the server, when I click on:

Desktop
My Network Places
Entire Network
Web Client Network

I get an error message window:
= = = = = = = = = = = = = = = = = = = = = = = =
Entire Network
- - - - - - - - - - - - - - - - - - - - - - - -

X Unable to browse the network.

The network is not present or not started.


For more information, click Help.


OK Help

= = = = = = = = = = = = = = = = = = = = = = = =

... but when I click on help, nothing happens
(which isn't very helpful).

What is this all about? Everything SEEMS to be running OK.

What should I look for?

- Sam