And see the following - http://support.microsoft.com/default.aspx?scid=kb;en-us;247151 http://support.microsoft.com/default.aspx?scid=kb;en-us;214676
And also - http://www.microsoft.com/resources/documentation/WindowsServ/2003/standa rd/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2 003/standard/proddocs/en-us/sag_ADadmin.asp Or http://tinyurl.com/6r2hv What I use in a batch file is: start runas /user:DOMAIN\user "mmc c:\directory\Con.msc /server=server1.company.com" Where Con.msc has the dsa snap-in loaded in it and can include others like sites and services, DNS, etc... _Stuart Fuller -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Friday, February 25, 2005 3:50 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC dsa.msc /domain=<fqdn of domain> -DaveC Reuters AITS Infrastructure -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, February 25, 2005 5:45 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC Your guess is as good as mine. It is why I don't like to guess and actually try to see what is failing. Naming issues tend to be related to some problem with the resolution process which tends to come down to DNS. However, without a trace, that is, at best a guess. We could guess for some time and not guess right. However, one other guess is that ADUC is trying to contact the NT4 domain, I seem to recall there being a switch you could use with DSA to point at a specific domain but I don't recall what it is. Finally, if you can't trace from their side, try tracing from your side on the DNS server and DCs. However that is going to be orders of magnitude more difficult to figure out than doing it from the client. An alternative would be to configure a client on your side like theirs and see what happens when you do it. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 25, 2005 5:33 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC How can it be DNS when he can do a NSLOOKUP and find all the SRV Records and is using my DNS Servers??? He can ping the domain name and can resolve every record to IP. Plus, I will not be able to do a Network Monitor since this is not a facility that we can work with, they subscribe to e-mail from us and I wanted to be able to provide them with reset password capabilities. What else can I try? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, February 25, 2005 4:47 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC That sounds like DNS issues. Time to get the network monitor out and watch the traffic and see where it fails. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 25, 2005 4:35 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC It did not work, Still getting Naming Information cannot be located error. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, February 25, 2005 12:16 PM To: [email protected] Subject: RE: [ActiveDir] Custom MMC Assuming the ID has permission to read that location, it should work fine. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 25, 2005 11:49 AM To: [email protected] Subject: RE: [ActiveDir] Custom MMC I will try this however the msc I want to run is located at \\servername\consoles\filename.msc so should I do Runas /netonly /user:DOMAIN\USER cmd Password Type \\servername\consoles\filename.msc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, February 25, 2005 11:10 AM To: [email protected] Subject: RE: [ActiveDir] Custom MMC Try this runas /netonly /user:domain\user cmd Then enter password At the command prompt that is opened type dsa.msc FYI. This is how I do all of my admin work. I fire up various command prompts in the various security contexts I need and color code them all. The more power the specific ID has the brighter more obnoxious the color of the window. I want there to be no clue when I am typing a command, what security context it is running under. Note that the DNS has to be right for this to work. If the machine that isn't trusted can't resolve the AD domain, you aren't going to be able to use MMC. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 25, 2005 10:55 AM To: Jorge de Almeida Pinto; [EMAIL PROTECTED]; [email protected] Subject: RE: [ActiveDir] Custom MMC When I ran this runas command we get an error called MMC unable to open. -----Original Message----- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Thursday, February 24, 2005 5:06 PM To: Salandra, Justin A.; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] Custom MMC Hi, You're connecting to share with user account from the domain in location 2, BUT you're logged with the user account from the domain in location 1 (NT4) and thus the MMC is started in the context of the NT4 user account I don't think RUNAS will work as you don't have a trust between the domains. Try RUNAS /NETONLY /USER:<DOMAIN>\<USER> "MMC.EXE DSA.MSC" DSA.MSC is the "Active Directory Users and Computers MMC" replace this with the MMC of your choice Regards, Jorge -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 2/24/2005 10:43 PM Subject: [ActiveDir] Custom MMC Environment Windows NT 4 Domain Location 1 Windows 2000 Native Domain/Forest Location 2 No Trust relationship Custom MMC Resides on share on server in location 2 User has account in Location 2 domain User logged into Computer in Location 1 Users Computer is a member of Location 1 I have a user who is in a Windows NT 4 domain, running Windows 2000 Professional that I want to grant access for their Location 2 user account to reset passwords on their specific organizational unit. I setup a Custom MMC and saved it on a server share. The user has accessed the server share and when prompted to provide login credentials entered in his user account from Location 2. Double clicks on the MMC console and gets the following error Naming Information Cannot Be Located: The specified domain either does not exist or could not be contacted. When I login as the user form Location 2 on a computer form location 2 the MMC console works. DNS is working perfectly, he is using my DNS Server to do all resolutions. What could be the problem? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Get closer to the financial markets with Reuters Messaging - for more information and to register, visit http://www.reuters.com/messaging Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
