Re: Adding Global Groups to Local

"Tony Seaward" <(E-Mail Removed)> wrote in message
news:1b5cb01c42006$b0cf1330$(E-Mail Removed)...
> I am logged into my 2003 domain on XP machines, but I
> can't access all the resources needed because when i try
> to add user/groups to the local groups, the only location
> that is available is the local machines, eventhough I log
> into the domain.

Are you perhaps using cached credentials? -- technically
a login to a "domain account" but ONLY for the purposes
of using the local machine.

If you don't see the domain as a choice then you likely are
NOT authenticated with the domain, or the machine cannot
find a DC now.

> Additionally if i change the domain under Computer Name
> which is Company.Local to just Company. It welcomes me to
> the domain, and then I can look up the usernames/groups
> under the domain properly, but soon as I try to add an
> object, it says the Specified domain name is incorrect.

The computer name should NEVER match the Domain
Netbios name etc. even though that it technically legal.

The machine name should be something like NewMachine,
and it's full name should be NewMachine.Company.local.

Also make sure the DNS/WINS settings on the client NIC
point ONLY to the internal DNS(and WINS) servers.

"Clients" include DCs too!!!!! If not, they won't register
and be locatable by the 'real' clients.

> I am assuming it is some configuration on the server
> side. But I could be wrong. Thanks.

--
Herb Martin




Herb Martin

Well, I just realized that I can control User Groups from
the server for each individual machine. Wow! That solves
the problem of trying to add Global Groups to Local
Groups on machines.

However, I don't quite follow on the autheticated
computer part. Where can I tell if the computers are
being authenticated onto the domain. I'll try and look
around a little more, but I dont see anything thus far.
Thanks for your help Herb.

Tony Seaward

>-----Original Message-----
>"Tony Seaward" <(E-Mail Removed)> wrote in
message
>news:1b5cb01c42006$b0cf1330$(E-Mail Removed)...
>> I am logged into my 2003 domain on XP machines, but I
>> can't access all the resources needed because when i
try
>> to add user/groups to the local groups, the only
location
>> that is available is the local machines, eventhough I
log
>> into the domain.
>
>Are you perhaps using cached credentials? -- technically
>a login to a "domain account" but ONLY for the purposes
>of using the local machine.
>
>If you don't see the domain as a choice then you likely
are
>NOT authenticated with the domain, or the machine cannot
>find a DC now.
>
>> Additionally if i change the domain under Computer Name
>> which is Company.Local to just Company. It welcomes me
to
>> the domain, and then I can look up the usernames/groups
>> under the domain properly, but soon as I try to add an
>> object, it says the Specified domain name is incorrect.
>
>The computer name should NEVER match the Domain
>Netbios name etc. even though that it technically legal.
>
>The machine name should be something like NewMachine,
>and it's full name should be NewMachine.Company.local.
>
>Also make sure the DNS/WINS settings on the client NIC
>point ONLY to the internal DNS(and WINS) servers.
>
>"Clients" include DCs too!!!!! If not, they won't
register
>and be locatable by the 'real' clients.
>
>> I am assuming it is some configuration on the server
>> side. But I could be wrong. Thanks.
>
>--
>Herb Martin
>
>
>.
>

<(E-Mail Removed)> wrote in message
news:1c53d01c42196$121fee30$(E-Mail Removed)...
> Well, I just realized that I can control User Groups from
> the server for each individual machine. Wow! That solves
> the problem of trying to add Global Groups to Local
> Groups on machines.

Cool.

> However, I don't quite follow on the autheticated
> computer part. Where can I tell if the computers are
> being authenticated onto the domain. I'll try and look
> around a little more, but I dont see anything thus far.
> Thanks for your help Herb.

Technically you can look a couple of places; simplest
is to type "set Logon" and see if the logon server is
listed -- I wouldn't consider that definitive but at least
you can see if there is one listed.

Better is to use "nltest.exe" to actually determine the
DC, Domain, or even reset it.

(NLtest.exe is in support tools from the CDROM.)

--
Herb Martin
>
> Tony Seaward
>
> >-----Original Message-----
> >"Tony Seaward" <(E-Mail Removed)> wrote in
> message
> >news:1b5cb01c42006$b0cf1330$(E-Mail Removed)...
> >> I am logged into my 2003 domain on XP machines, but I
> >> can't access all the resources needed because when i
> try
> >> to add user/groups to the local groups, the only
> location
> >> that is available is the local machines, eventhough I
> log
> >> into the domain.
> >
> >Are you perhaps using cached credentials? -- technically
> >a login to a "domain account" but ONLY for the purposes
> >of using the local machine.
> >
> >If you don't see the domain as a choice then you likely
> are
> >NOT authenticated with the domain, or the machine cannot
> >find a DC now.
> >
> >> Additionally if i change the domain under Computer Name
> >> which is Company.Local to just Company. It welcomes me
> to
> >> the domain, and then I can look up the usernames/groups
> >> under the domain properly, but soon as I try to add an
> >> object, it says the Specified domain name is incorrect.
> >
> >The computer name should NEVER match the Domain
> >Netbios name etc. even though that it technically legal.
> >
> >The machine name should be something like NewMachine,
> >and it's full name should be NewMachine.Company.local.
> >
> >Also make sure the DNS/WINS settings on the client NIC
> >point ONLY to the internal DNS(and WINS) servers.
> >
> >"Clients" include DCs too!!!!! If not, they won't
> register
> >and be locatable by the 'real' clients.
> >
> >> I am assuming it is some configuration on the server
> >> side. But I could be wrong. Thanks.
> >
> >--
> >Herb Martin
> >
> >
> >.
> >