Stop using the netgear for dhcp & dns. AD relies on Windows DNS.
That's why it ain't working. S From: Len Hammond [mailto:[EMAIL PROTECTED] Sent: Sunday, January 20, 2008 3:29 PM To: NT System Admin Issues Subject: Re: permissions problem Yes, I had checked those first and no firewalls are up between the two servers or on either of the servers. The servers are on the same subnet with the same DNS server IP. There are no problems pinging from any box to any other box on the network by name or IP regardless of domain or workgroup membership. As I am building this in my home prior to delivering this to the organization that it is intended for, all machines in this domain, (currently 1 DC, 1 member server and 1 workstation) are on the same subnet. And currently the DHCP and DNS are being handled by my Netgear Firewall/Router. All three of these machines along with my personal workstation, my wifes workstation, my son's workstation and my laptop are on the same subnet - all receiving DHCP from the Netgear device. This being a Netgear WGT624, the default config for the WGT is to deliver it's internal IP address as both DHCP and DNS server IP addresses. Currently I can ping all networked workstations in the house by name and by address regardless that my personal workstation, my wife's workstation and my laptop are in one workgroup, my son's workstation in another workgroup and the two servers and one workstation in the same Domain. All computers can surf the web without problems. The network that these units are headed for also has DHCP and DNS served by the Linksys firewall/router installed there. I had kind of planned to at least move DHCP to the Domain Controller and was thinking about the DNS as well, but had not made my mind up yet on that. They are not hosting and e-mail or web stuff there, that is done outside so having to split DNS between inside and outside stuff should not be needed. As least as I understand it right now. Thanks for making me cover the basics in the post On Jan 20, 2008 1:01 PM, Jon Harris <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Have you checked to see that there are no firewalls up? Does the DC also have DNS/DHCP running? Are both machines in the same subnet? You said anything but these are usually the things that occur first when doing any testing. Jon On Jan 20, 2008 12:56 PM, Len Hammond <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: It's a brand new domain and I have made NO policy changes to the DC. I have enabled several services that I always enable like Messenger and Alerter services so that users can get print job completion notices and such but that is all of the chnages made. I didn't remember making any changes to the other domains I created to get this to work. In this domain I have set the Admin password to the member server the same as the password to the admin account for the domain and there might be some kind of confusion in the member server over that. After lunch today I will change the Admin password in hte domain and see if that make any changes and lets me do what I need to do. Keep the ideas coming - I'll try just about anything at this point. Thanks for the thoughts Len On Jan 20, 2008 11:08 AM, Steve Pruitt <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: I don't think there's anything special needed - the default configuration should allow what you want. You should see what groups your account is in, what's in the local administrators group on the second machine, what GPOs apply, and review anything else you might have configured. Steve ----- Original Message ----- From: Len Hammond<mailto:[EMAIL PROTECTED]> To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com> Sent: Sunday, January 20, 2008 8:49 AM Subject: Re: permissions problem I was using a Domain Admin Account. Although the local admin account does exactly the same thing. I'm thinking that I missed something in the setup of the DC - like enabling something in policy that would let a Domain Admin set things on member servers. I must not be googling for the right keywords because this should not be this obscure to find the solution to. It can't be that hard as I've done it for another scratch built domain a couple of years ago. I just can't seem to remember what it was. <scowls at self> Len Was it something about delegation of authority? on the DC? Len On Jan 19, 2008 10:32 PM, Steve Pruitt <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Are you using a domain admin account or a local admin account on the second server? That sounds like a local account, though I haven't tried doing that. Steve ----- Original Message ----- From: Len Hammond<mailto:[EMAIL PROTECTED]> To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com> Sent: Saturday, January 19, 2008 10:23 PM Subject: permissions problem Hi people, Been off the list a while. My corporate gig ended a while back and now I'm doing some freelance stuff while looking for another permanent position. But now I have a problem with a new domain I'm setting up for a small non-profit. Background: New domain (they are peer to peer until I get the new domain built and installed) New DC (HP dl380) - Server 2003 - file & print shares New database member server (HP dl360) - Server 2003 - small database program and a couple of small, low usage file shares. One XP workstation Problem: for some reason I can't set domain permissions on the member server shares. When attempting to set permissions the only item in the list is the member server name, the DC server name is not listed and the 'location' selection button and selection line is not accessible and cannot be changed from the member server name to the domain name. The member server is a member of the domain. I even tried removing the member server and adding it back to the domain without success. It has been a long time since I set up a new domain with more than one server so maybe my feeble memory is forgetting a step in the setup. My googling has not turned up an answer yet. Could someone kindly refresh my memory? Thanks -- Len Hammond Hammond Enterprises [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> -- Len Hammond Hammond Enterprises [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> -- Len Hammond Hammond Enterprises [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~