Announcement

Collapse
No announcement yet.

AD editing from an NT domain

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD editing from an NT domain

    We have two domains where I work. One is a Windows 2000 domain (mixed mode) and the other is an NT 4.0 domain (sp6a). The computer I use HYENA on is in the NT domain. I can access all computers in the 2000 domain but I try to access any AD information, like a group policy, I get and error about being "unable to access the active directory path ldap:// blah blah blah blah....the specified domain either does not exist or could not be contacted".

    I have the path set up in the Object Manager right. Is this a matter of the NT domain limitations with an AD domain?

    Thanks,

    MW

  • #2
    Re: AD editing from an NT domain

    This is because your system is part of the NT domain. It probably doesn't have the correct/newer modules/dlls/coms installed to access/edit AD info.

    Try installing Win2K or Win2K3 Admin Tools off of the server CD. This will update certain modules and MIGHT (did I stress MIGHT...yes I did) help your problem.

    Your main issue is that NT just can't deal with AD on that level (editing). Plus, Hyena, installed on your machine (in an NT domain), knows you're on an NT domain, and may not be "prepared" to assist you in editing AD objects.

    Is that correct Chuck/Kevin?

    Comment


    • #3
      Re: AD editing from an NT domain

      Sorry you didn't get a reply earlier.

      You indicate that the computer you are using to manage your domains (the one with Hyena installed on it) is part of the NT domain. But what operating system is this computer using: NT, 2000, XP ?

      Management of Active Directory information from an NT computer is not supported in Hyena. You can do some things, but most things don't work right/fully and Hyena makes every attempt to keep you from changing Active Directory data when run on NT 4.0. Microsoft's 'tools' are full of bugs and don't offer 100% compatibility with AD, so we had to take this precaution.

      Assuming that your workstation is a 2000/XP client, then are your NT and 2000 domains either trusted or have the same username/password for the admin account that you are using ?
      Kevin Stanush
      SystemTools Software Inc.

      Comment


      • #4
        Re: AD editing from an NT domain

        My HYENA computer is running Window XP pro. It has the Windows 2003 Admin Pak installed. I can see the OU's and other containers, even open them up, yet when I try to open a GPO for one of those objects, I get that error. I also am the administrator in both domains and there is a full trust between them. I don't have any issue seeing or even getting into machines in the W2K domain, just working with the GPO's.

        I may try today to log into the W2K domain and see if by being a member of that domain, I can do what I want.

        Early next year, we are upgrading the NT domain to W2? Either 2000 or 2003. Porbably 2003 though, so mabye that will take care of this.

        MW

        Comment


        • #5
          Re: AD editing from an NT domain

          Hyena has minimal support for GPOs, so let us know how you are managing the GPOs. You originally said that you are getting errors when you try to manage an AD information. What happens when you try to modify a user, group, or contact ?

          The two biggest reasons for problems in managing AD is DNS configuration and security. Generally, if you can get to most AD elements, then your DNS configuration is OK. Active Directory (unfortunately) is based on standardized directory LDAP syntax that makes it hard to debug problems. Verify that your LDAP path in Hyena's Object Manager is NOT using the Netbios-style format and instead has a DNS-style address, ie LDAP://mydomain.com

          Finally, you could try doing a Run As when you run Hyena and use a security context in the Windows 2000 domain.
          Kevin Stanush
          SystemTools Software Inc.

          Comment

          Working...
          X