Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, August 17, 2014 8:03 PM
We have a file server (Server 2003 R2 member of a 2003R2 domain) on which I can no longer add users to folder security permissions. When I try to enter a username and click check name it says they can't be found and if I click on locations the AD tree below the domain name won't expand - I just get the domain name and the + box disappears as below.
On the server in Admin Tools ADUC would not work either so I uninstalled and now can't re-install...
I am able to add permissions to files and folders on the server remotely, i.e. browse to the admin share for the relevant drive on the server from my desktop PC and find the file / folder and add permissions that way. After doing this the permissions appear on the server, but I can't add them directly?!?
I'd considered removing the server from the domain and re-adding but the server has a number of user and application shares which would be lost, but I'm concerned it might stop working altogether.
I've tried SFC /Scannow but don't have the install disks (as I wasn't left them but those who I took over from).
I'd be grateful of some diagnostic help / suggestions to fix the issue
Thanks
All replies (5)
Sunday, August 17, 2014 10:18 PM
What you have uninstalled - AD? Then even the same names are different identities. Make basic diagnostics of AD with netdiag /fix /debug and ipconfir /flushdns
Description of what you dai is not crlear as well as intitial and final status of AD.
HTH
Milos
Monday, August 18, 2014 1:32 PM
Thanks for the suggestions and apologies if I wasn't clear. Basically when logged on to the server as a domain admin I cannot add a user to the folder security permissions for any folder. When I try (right click folder --> properties --> security tab --> Add...) and enter a valid username, such as my domain admin logon, it says "An object named "My Logon" cannot be found.
The "Object types" are set to "Users, Groups or Built-in security principals" and the "Location" is set to my domain name.
If I click the locations button and try to browse the domain I get the image shown in the first post with no domain folder structure shown
I've only uninstalled the Administrative Tools of which ADUC is a component, not uninstalled AD.
I've run netdiag as suggested and the only failure is:
Gathering IPX configuration information. Opening \Device\NwlnkIpx failed
We don't use netware so don't see this as being a problem.
I've also run ipconfig /flushdns and there is no change
Thanks for your help.
Wednesday, August 20, 2014 8:28 AM
Hi,
Please try to restore AD objects by performing authoritative restore. On the domain controller that is being restored, an authoritative restore process returns a designated object or container of objects to its state at the time of the backup.
Performing an Authoritative Restore of Active Directory Objects
http://technet.microsoft.com/en-us/library/cc779573(v=ws.10).aspx
If the issue still exists, you could use the support tools in the domain, so we could troubleshoot the issue to check if there is any issue on the AD:
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
Best Regards,
Mandy
Wednesday, August 20, 2014 2:51 PM
Thanks for the reply, but this makes no sense - why would I need to do an authoritative restore?
The problem is affecting one member server which is online and accessible but just can't add users to security permissions on files and folders unless I do it from another computer...
AD is working as far as I'm aware but I will run the dcdiag and see what comes back.
Friday, October 9, 2015 12:36 PM
Hi Kipster
Did you find a resolution to this. I am having the same problem, getting a lot of grief form management.
AD has not been touched, the file server in question (Server 2012) has not had any unexpected shutdowns.
I just wanted to add a domain administrator account onto a shared folder. (I am logged onto the server with a domain account).
clicking add, the in the locations box I only get the local server name so cannot select domain accounts.
Checking the permissions already on folder the accounts show the long name "s-XXXX" etc
Thinking about taking it off the domain and putting it back on
cheers