unable to edit GPOs in W2K AD domain controller

[PeeluckyDuckee]

Its only one domain with one dc, in native mode. After I switched to native mode (and this happened before in other test labs before) Windows says it cannot find a dc, even though IT is the dc.

I have let some time past by before I try modifying a GPO. Same message. So I tried seizing all operation master roles again, and retried. Still no luck.

Anybody knows why this happens? Like I say, this has happened before too. I double checked and made sure that my account is member of domain admins and enterprise admins. Also double checked that enterprise admin is my primary group membership and that I did machine and user secedit, not that I think it would make a difference.

Doublechecked the tabs for the 3 domain specific operation masters, and they to the correct server.

 

[PeeluckyDuckee]

anybody have an idea about this?

 

[doorguy]

Did you uncheck the File and printer sharing on one of your network cards?

Also, make sure DNS is setup properly.

 

[PeeluckyDuckee]

I didn't touch any of the dns/network configs before and after the switch to native mode.

 

[CrazyHelloDeli]

When you click on the GPO tab is everything greyed out and there doesnt seem to be any default GPO listed? If so, uninstall and reinstall file and print services in Network Properties.

 

[Saltin]

<< Windows says it cannot find a dc, even though IT is the dc. >>



That smells like DNS to me. Specifically the lack of proper Service records (LDAP).

Under your primary forward lookup zone in the DNS snap in, do you see four folders?

_msdcs
_sites
_tcp
_udp

If you don't, that's what is wrong

 

[PeeluckyDuckee]

HelloDeli, correct, when I go to the GPO tab within ADUC, its all grayed out. I'm not sure what file and print services has to do with it, but I'll give it a try nonetheless.

Saltin, I doublechecked it and all 4 folders are there as they should be.

 

[CrazyHelloDeli]

<< HelloDeli, correct, when I go to the GPO tab within ADUC, its all grayed out. I'm not sure what file and print services has to do with it, but I'll give it a try nonetheless.

Saltin, I doublechecked it and all 4 folders are there as they should be. >>



This happened on my computers at work, thats why im pretty sure thats whats up. For some odd reason the DC couldnt find the SYSVOL share, and consequently couldnt load the default group policy template. There should be an error in one of the event viewer folders cryptically hinting at this. I remember this very clearly because it drove me nuts for a while Does the DC happen to be Multi-Homed?

 

[PeeluckyDuckee]

HelloDeli, you are my HERO

I did what you suggested, and BINGO, it worked Thankyou sir and others for the help.

 

[CrazyHelloDeli]

<< HelloDeli, you are my HERO

I did what you suggested, and BINGO, it worked Thankyou sir and others for the help. >>



Awsome!

Just out of curiosity, did it report something along those lines regarding the SYSVOL share in event viewer?

 

[PeeluckyDuckee]

Yes, exactly as you said. I cleared the event viewer already but it some something along the lines of Cannot find/connect to SYSVOL share.