Strange Active Directory Problem

[Bubbers214]

I have recently created a test domain on Server 2003 so that I can learn AD before putting it into production. I created a primary domain controller and then i created a child domain controller under that same domain for replication. Everything is working fine, including replication both ways, except when I try to create a user account on the child domain controller it gives me a "An Error Occured. Contact your system administrator." I can create groups on this server just fine and OU's but I can't create users. I am able to create users on the primary domain controller as well as an XP machine that I have joined to the domain and installed the Server 2003 Administration tools on. I have searched the logs on Event Viewer and I can't find anything. I'm new to AD so I have no idea where to start. Thanks.

 

[dbwillis]

Logged on as the same domain account on all machines?

 

[Bubbers214]

Yeah, i'm using the default administrator account on all 3 of them

 

[nessus]

Any event logs related to the error?

What do you mean by "child domain controller"? Do you meen a domain controller in a child domain of the forest root?

 

[dbwillis]

computername\administrator or domainname\administrator

 

[LittleMe]

computername\administrator or domainname\administrator

He can't be logging on as the local administrator on a DC with a normal startup. Does the second DC get updates when a new object is created on the primary DC? Have you promoted the second server to a GC and if so, were there any errors logged?

 

[Bubbers214]

He can't be logging on as the local administrator on a DC with a normal startup. Does the second DC get updates when a new object is created on the primary DC? Have you promoted the second server to a GC and if so, were there any errors logged?

I am logging in as the domain administrator. Yes the second DC gets updates when a new object is created on the primary DC. And Vice versa, i can create groups and OU's on the second DC and the primary PC picks them up. I just can't create users. Exceuse my nubbishness but what is a GC?

 

[Fint]

GC = Global Catalog server. Think of it like a DC on steroids (or rather, think of a DC as bring crippled if it isn't a GC)

 

[Bubbers214]

Have you promoted the second server to a GC and if so, were there any errors logged?

I promoted the second server to a GC and recieved zero errors, it is currently running as a GC. I still cannot create users.

 

[HitmanZ]

I promoted the second server to a GC and recieved zero errors, it is currently running as a GC. I still cannot create users.

Is there any specific error messages you're getting? Anything that points to a event id or special #'s and codes that you're forgetting?

 

[LittleMe]

Are you sure there are no errors or warnings in the Directory Service Event Log?

 

[cooltron]

GC = Global Catalog server. Think of it like a DC on steroids (or rather, think of a DC as bring crippled if it isn't a GC)

Actually the global catalog is basically a database of all the objects in the domain that is searchable as well as allowing the ability for loging on

Common practice for having 2 domain controllers is to have the rolls split and to have the dc that is not the pdc to be the gc

And for larger networks to have the gc reside on its own server (dc)

 

[HitmanZ]

DNS is setup correctly...RIGHT?

 

[Bubbers214]

Yeah, DNS was setup correctly, I ended up just getting frustrated with it, removed AD and reinstalled it and everything worked.