Hi
Simon,
Thanks
a million for the help. Thanks to this list.
Finally i was able to open the Default GPO. The only
change which i have done is, Restarted the server and it worked for me Ofcourse,
I recreated the Sysvol structure before the restart.
Thanks
again,
Athif
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 7 April 2004 2:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Failed to open Group PolicyHi Athif, I don't see the guid of the GPO in this ldp output. Follow these directions to obtain the guid for the Default Domain Policy. Then it is this guid you use to rebuild the sysvol structure.Open ldp, connect and bind to the server.Select Connection > New to clear the screenSelect Browse > SearchIn the base DN type dc=ebttikarhq,dc=comClick the Subtree radio buttonin the filter box type this... (&(objectClass=groupPolicyContainer)(displayName=Default Domain Policy))Click the options button, delete everything from the attributes box and type in... nameRun the search, it will give you the correct guid. Now recreate the sysvol structure as per the kb article and try again to open the default domain policy.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 07 April 2004 10:57
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Failed to open Group PolicyHi Simon,Yes, I do have a Second Dc but i cant find that folders, guess this is also skrewd, mean they dont have corect sysvol structure.Well, I only have one Network Card and cant see event id 1000 and 10001.I cant see any blank policy tho. Yes, I am trying to open tha Default Domain PolicyYes, i was using wrong syntax. Here is the output,I shall attach the output of dcdiag in next mail.Thanks for all the help.Thanks a lot,Athif--------------------------------------------------------------------------------------------------------------------------------------------Id = ldap_open("ebtdc0.ebttikarhq.com", 389);
Established connection to ebtdc0.ebttikarhq.com.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: <ldp error <0x0>: cannot format time field;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> dsServiceName: CN=NTDS Settings,CN=EBTDC0,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com;
3> namingContexts: CN=Schema,CN=Configuration,DC=EBTTIKARHQ,DC=com; CN=Configuration,DC=EBTTIKARHQ,DC=com; DC=EBTTIKARHQ,DC=com;
1> defaultNamingContext: DC=EBTTIKARHQ,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> configurationNamingContext: CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> rootDomainNamingContext: DC=EBTTIKARHQ,DC=com;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
1> highestCommittedUSN: 5197028;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: EBTDC0.EBTTIKARHQ.COM;
1> ldapServiceName: EBTTIKARHQ.COM:[EMAIL PROTECTED];
1> serverName: CN=EBTDC0,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com;
2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
-----------
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='administrator'; Pwd= <unavailable>; domain = 'ebttikarhq.com'.}
Authenticated as dn:'administrator'.
Expanding base 'dc=ebttikarhq.com,dc=com'...
Error: Search: Referral. <10>
Result <10>: 0000202B: RefErr: DSID-03100693, data 0, 1 access points
ref 1: 'ebttikarhq.com.com'Matched DNs:
Getting 0 entries:
-----------
Expanding base 'dc=ebttikarhq,dc=com'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: dc=ebttikarhq,dc=com
5> masteredBy: CN=NTDS Settings,CN=EBTEXCH,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com; CN=NTDS Settings,CN=EBTOWA,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com; CN=NTDS Settings,CN=EBTJEDDC2,CN=Servers,CN=Jeddah,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com; CN=NTDS Settings,CN=EBTKHODC1,CN=Servers,CN=Khobar,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com; CN=NTDS Settings,CN=EBTDC0,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> auditingPolicy: <ldp: Binary blob>;
1> creationTime: 126960898866406250;
1> dc: EBTTIKARHQ;
1> forceLogoff: -9223372036854775808;
1> fSMORoleOwner: CN=NTDS Settings,CN=EBTDC0,CN=Servers,CN=Riyadh,CN=Sites,CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> gPLink: [LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=EBTTIKARHQ,DC=com;0][LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=EBTTIKARHQ,DC=com;0];
1> gPOptions: 0;
1> instanceType: 5;
1> isCriticalSystemObject: TRUE;
1> lockOutObservationWindow: -18000000000;
1> lockoutDuration: -18000000000;
1> lockoutThreshold: 0;
1> maxPwdAge: -37108517437440;
1> minPwdAge: 0;
1> minPwdLength: 0;
1> modifiedCount: 106;
1> modifiedCountAtLastProm: 0;
1> ms-DS-MachineAccountQuota: 10;
1> nextRid: 1002;
1> nTMixedDomain: 0;
1> distinguishedName: DC=EBTTIKARHQ,DC=com;
1> objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=EBTTIKARHQ,DC=com;
3> objectClass: top; domain; domainDNS;
1> objectGUID: f56012fb-78ac-4292-952f-c30353de083b;
1> objectSid: S-15-3CDC3E7E-92687F41-7179012;
1> pwdHistoryLength: 1;
1> pwdProperties: 0;
1> name: EBTTIKARHQ;
1> replUpToDateVector: dwVersion: 1, dwReserved1: 0, V1.cNumCursors: 6, V1.dwReserved2: 0,rgCursors: {uuidDsa: 0c3d067b-c6c2-4f2a-92fc-9153830e9130, usnHighPropUpdate: 5558164}, {uuidDsa: 430be8a4-3bdf-48e6-ad9b-b60598cb628c, usnHighPropUpdate: 349800164}, {uuidDsa: 5ec13ac7-2ddd-4560-9fcc-b56edc24d4a8, usnHighPropUpdate: 31996564}, {uuidDsa: ac52c86d-952d-4d3e-89ef-dbde275e06c7, usnHighPropUpdate: 1050664}, {uuidDsa: b100db63-7341-4ffd-8ce5-8273c364f531, usnHighPropUpdate: 40014964}, {uuidDsa: cde7c8a8-69c9-4cad-9ad5-71707fe24494, usnHighPropUpdate: 404350764}, ;
4> repsFrom: dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F6845EB164 V1.timeLastAttempt: F6845EB164 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x70 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 404348764 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 404348764 V1.uuidDsaObj: cf0823b9-bdaf-4751-8786-df184430b301 V1.uuidInvocId: cde7c8a8-69c9-4cad-9ad5-71707fe24494 V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 ; dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F6845E2364 V1.timeLastAttempt: F6845E2364 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x70 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 349799864 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 349799864 V1.uuidDsaObj: 8ee82df0-68e2-41f9-8e42-29bfef1f1e9b V1.uuidInvocId: 430be8a4-3bdf-48e6-ad9b-b60598cb628c V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 ; dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F684368564 V1.timeLastAttempt: F684368564 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x30000050 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 31984864 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 31984864 V1.uuidDsaObj: 5068dfde-34f1-413a-a43a-9e590241fbce V1.uuidInvocId: 5ec13ac7-2ddd-4560-9fcc-b56edc24d4a8 V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 ; dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F684368464 V1.timeLastAttempt: F684368464 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x30000050 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 40014564 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 40014564 V1.uuidDsaObj: 2060ff24-4f43-459d-b020-54a806f2acf3 V1.uuidInvocId: b100db63-7341-4ffd-8ce5-8273c364f531 V1.uuidTransportObj: 00000000-0000-0000-0000-00000...
2> repsTo: dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F4D84CD764 V1.timeLastAttempt: 064 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x10 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 064 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 064 V1.uuidDsaObj: cf0823b9-bdaf-4751-8786-df184430b301 V1.uuidInvocId: 00000000-0000-0000-0000-000000000000 V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 ; dwVersion = 1, V1.cb: 271, V1.cConsecutiveFailures: 0 V1.timeLastSuccess: F4D2A48164 V1.timeLastAttempt: 064 V1.ulResultLastAttempt: 0x0 V1.cbOtherDraOffset: 208 V1.cbOtherDra: 63 V1.ulReplicaFlags: 0x10 V1.rtSchedule: <ldp:skipped> V1.usnvec.usnHighObjUpdate: 064 V1.usnvec.usnReserved: 064 V1.usnvec.usnHighPropUpdate: 064 V1.uuidDsaObj: 8ee82df0-68e2-41f9-8e42-29bfef1f1e9b V1.uuidInvocId: 00000000-0000-0000-0000-000000000000 V1.uuidTransportObj: 00000000-0000-0000-0000-000000000000 ;
1> rIDManagerReference: CN=RID Manager$,CN=System,DC=EBTTIKARHQ,DC=com;
1> serverState: 1;
1> subRefs: CN=Configuration,DC=EBTTIKARHQ,DC=com;
1> systemFlags: -1946157056;
1> uASCompat: 1;
1> uSNChanged: 4419215;
1> uSNCreated: 1154;
7> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=EBTTIKARHQ,DC=com; B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=EBTTIKARHQ,DC=com; B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=EBTTIKARHQ,DC=com; B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=EBTTIKARHQ,DC=com; B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=EBTTIKARHQ,DC=com; B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=EBTTIKARHQ,DC=com; B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=EBTTIKARHQ,DC=com;
1> whenChanged: <ldp error <0x0>: cannot format time field;
1> whenCreated: <ldp error <0x0>: cannot format time field;
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 12:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Failed to open Group PolicyDo you have a second DC in the domain by any chance? If you do you should check the other DC's in case they already have the correct sysvol structure. If they do you may have a replication problem that can be resolved without manually creating files.According to the kb, once you have recreated the sysvol folder structure you should have a blank policy that you can edit with the snap-in. Are you trying to edit the default domain policy? If this is still not working, run a dcdiag /v and post back any errors it shows up.Also read this and check if any of the event log errors it mentions are present http://support.microsoft.com/?id=258296
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 07 April 2004 10:19
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Failed to open Group PolicyHi Simon,Thanks for the link. I have also followed the same from http://www.jsiinc.com/SUBG/TIP3100/rh3125.htmSince, I dont have backup, I have recreated the folder structure, since i culdnt find GUIDs in policies folder. I took that from Active Directory, I culd find 3 GUIDs, then created a folder with this GUID name and then 2 subfolders, machine and user.Now, how shuld i proceed. When will the contents of the folders will be recreated. Even now, i can open the GPO.Do, i need to use SECEDIT to refresh the GPO.Please let me know.Thanks,Athif-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 12:04 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Failed to open Group PolicyHave a read of this and see if it helps. It basically says to check your sysvol folder for problems.Another couple of options thrown up by a kb search are to check the account is not denied permissions on the GPO and to check your PDC Emulator is up and available.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 07 April 2004 09:51
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Failed to open Group PolicyHi all,When i am trying to open GPO for the domain thru Terminal Services, I am getting this error, "Failed to open the Group Policy Object. You may not have apporpriate rights.Details: The system cannot find the path specified"Operating System windows 2000 Advanced Server, SP4.Any thoughts!TIA,Athif.
-----------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: [EMAIL PROTECTED]
-----------------------------------------------------
