none
Problem adding domain user to Vista local group

    Question

  • I am trying to add members to a local group on a Vista PC that is a member of a domain.  When I attempt to add a domain member, I get an error that says the domain cannot be contacted.  This is odd because first, I get this:

    More than one object matched the name "Dale". Select one or more names from this list, or, reenter the name.
    

    That message is expected because there are more than one user accounts that include Dale in the login name or full name.  This message also indicates that the process successfully contacted the domain server up to this point.  When I select the correct ID and click OK, then I get this:

    Windows cannot process the object with the name "Dale" because of the following error:
    
    The specified domain either does not exist or could not be contacted.

    Is there something I am missing or known issue adding domain members to groups in Vista?


        

    Saturday, July 04, 2009 10:38 PM

Answers

  • Hello,

    are you using only the domain DNS server on the client machine? Please post an unedited ipconfig /all from the server and the client, so we can exclude DNS problems. Any firewall activated on the server or client? What OS with SP/patch level is the server running?
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Sunday, July 05, 2009 11:48 AM
  • Hello,
    it seems the DPVISTADEV01 W2K3 server is getting DNS from 75.105.128.61 which I presume is your ISP. Suggested solution:
    1-Installed MS DNS, make it Active Directory Integrated, on the DPVISTADEV01 Domain controller, point DPVISTADEV01 PRI DNS settings from 75.105.128.61 to 192.168.1.107
    2- Disable IPV6 (to do this go to LAN properties and uncheck the IPV6 box)
    3-Add the 75.105.128.61 as forwarder. (Optional)
    4-make sure the Vista machine is pointing to the new DNS 192.168.1.107. If not do an ipconfig /flushdns and ipconfig /registerdns

    this should reslove your issue.

    Isaac Oben MCITP:EA, MCSE
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 12:21 AM
  • Start by disabling all IPv6 components on your Vista client using instructions provided in http://support.microsoft.com/kb/929852
    Next, make sure that it points to the DNS server which hosts the zone representing your internal AD domain...

    hth
    Marcin

    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 1:58 AM
  • Hello,

    remove the 75.105.128.61 from the NIC configuration. There you have to add the domain DNS server and not the ISP. The ISP should be configured as a Forwarder under the DNS server properties in the DNS management console.

    Also if you don't use IPv6 i would disable it's functionality. Also you have added wildblue.com as DNS search suffix, why did you do it? Your domain is DPreston.net.

    Also i would not use the router for DHCP, better use the server, there you have more options to configure and are also able to update DNS according to:
    http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

    Let the router do it's basic job routing and nothing else.

    If your server also has that configuraiton with the ISPs DNS on the NIC remove that also and configure it's own ip address as preferred DNS.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 8:44 AM

All replies

  • More info. I log in on the Vista workstation as a domain admin and try it and I get the same results.  Also, I was creating the group to manage permissions to a specific folder.  I was able to add the appropriate domain user accounts individually to the folder permissions so accessing the domain controller worked fine for the folder permissions operation, just not for group membership.

    I hope this sheds more light on the problem and helps identify a solution.

    Regards
    Saturday, July 04, 2009 10:55 PM
  • Hello,

    are you using only the domain DNS server on the client machine? Please post an unedited ipconfig /all from the server and the client, so we can exclude DNS problems. Any firewall activated on the server or client? What OS with SP/patch level is the server running?
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Sunday, July 05, 2009 11:48 AM
  • This might be a due to a trust issue between vista client and Server. Did you use an administrator account to join vista machine into domain? If not delete the computer account from AD. Disjoin the client and join again using administrator credentials.
    Ozan Veranyurt MCITP-MCT
    Sunday, July 05, 2009 12:16 PM
  • Meinolf, I took your question as a suggestion.  The Vista workstation did have the Windows firewall running.  I disabled it and ran the test again.  There were no changes in the behavior. 

    The server is W2K3R2 SP2.

    IPConfig /all yields the following:


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DPVISTADEV01
       Primary Dns Suffix  . . . . . . . : DPreston.net
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : DPreston.net
                                           wildblue.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . : wildblue.com
       Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #2
       Physical Address. . . . . . . . . : 00-0C-29-CB-59-96
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::742f:7dc2:6b67:c1cf%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, July 03, 2009 9:29:21 PM
       Lease Expires . . . . . . . . . . : Monday, July 06, 2009 9:32:13 AM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 268438569
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-85-7C-79-00-0C-29-CB-59-96
       DNS Servers . . . . . . . . . . . : 75.105.128.61
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : wildblue.com
       Description . . . . . . . . . . . : isatap.wildblue.com
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Sunday, July 05, 2009 10:54 PM
  • I am pretty sure that the Vista PC was joined properly to the domain.  I am not aware that you can join a PC to a domain without doing so as an admin.  It was a long time ago (and this is the only Vista PC on the domain) but I am pretty sure I ended up having to log in as a domain admin to join the domain; if I remember correctly, it wouldn't even let me join the domain as a non-admin user and supplying an admin login during the process like I could do previous to Vista.

    Regards,

    Dale
    Sunday, July 05, 2009 10:56 PM
  • Hello,
    it seems the DPVISTADEV01 W2K3 server is getting DNS from 75.105.128.61 which I presume is your ISP. Suggested solution:
    1-Installed MS DNS, make it Active Directory Integrated, on the DPVISTADEV01 Domain controller, point DPVISTADEV01 PRI DNS settings from 75.105.128.61 to 192.168.1.107
    2- Disable IPV6 (to do this go to LAN properties and uncheck the IPV6 box)
    3-Add the 75.105.128.61 as forwarder. (Optional)
    4-make sure the Vista machine is pointing to the new DNS 192.168.1.107. If not do an ipconfig /flushdns and ipconfig /registerdns

    this should reslove your issue.

    Isaac Oben MCITP:EA, MCSE
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 12:21 AM
  • Start by disabling all IPv6 components on your Vista client using instructions provided in http://support.microsoft.com/kb/929852
    Next, make sure that it points to the DNS server which hosts the zone representing your internal AD domain...

    hth
    Marcin

    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 1:58 AM
  • Hello,

    remove the 75.105.128.61 from the NIC configuration. There you have to add the domain DNS server and not the ISP. The ISP should be configured as a Forwarder under the DNS server properties in the DNS management console.

    Also if you don't use IPv6 i would disable it's functionality. Also you have added wildblue.com as DNS search suffix, why did you do it? Your domain is DPreston.net.

    Also i would not use the router for DHCP, better use the server, there you have more options to configure and are also able to update DNS according to:
    http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

    Let the router do it's basic job routing and nothing else.

    If your server also has that configuraiton with the ISPs DNS on the NIC remove that also and configure it's own ip address as preferred DNS.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Dale987 Saturday, July 11, 2009 3:18 PM
    Monday, July 06, 2009 8:44 AM
  • I changed the DNS server setting for the workstation to point to the domain controller.  That fixed the problem.  Thanks to all of you for your help.
    Saturday, July 11, 2009 3:20 PM