Problems with AD: need help to salvage or demote

Questions about using Windows AD service.
Post Reply
amleslie
First post
Posts: 1
Joined: Mon May 29, 2017 12:30 am

Problems with AD: need help to salvage or demote

Post by amleslie »

Hi folks,

I have an TS-869L that has been working like a charm until recently. In the past two weeks, users on my domain are either unable to login ("User profile cannot be loaded") or a cached version lets them in, but the redirected folders can not be accessed.

Setup:
Windows Server 2003 with Active Directory, roaming profiles and folder redirection (back to the NAS)
Windows 7 64 bit as client
NAS has Active Directory Authentication turned on (linked to my PDC) under the Domain Security settings.
Redirected folders (by Group Policy) include user's "my documents", desktop and "application data" (among others, but they are the ones I care about).

I've been struggling with this now for two weeks and can't get into the data. If I log in as administrator on the PDC, I can't view permissions of folders. I can't take ownership of folders on the NAS (access denied).

At one point, I was able to use an off-domain computer and manually map drives using the domain user account to access files. Even that is now dead.

It's almost as if the NAS is unable to validate the user's authentication on the PDC, but I can't for the life of me find a crumb trail as to why.

So - I'm open to suggestions on how to get it back on the rails. I'm also willing to blow it all up and start over (I want to rebuild my domain anyway). My fear is if I change the domain security back to "No active directory (Local users only)", I'm afraid I'll lose the user data or access to it.

Suggestions?

Thanks,
Adam

UPDATE: just noticed that when I go to Control Panel -> Privilege -> Users (or User Groups) and then try to choose my Domain Users (or Domain Groups), I get a "Connection Timeout" message after about 10 seconds. After that - it stops faulting and simply displays nothing.

UPDATE #2: Okay - completely freaked out when my administrator account couldn't reach files when logging in on my PDC. Recognized that the NAS, when flipped to a static IP, needs a DNS assigned (under the redundant server bit) (why it doesn't pick that up from the Network tab, I don't know). So, putting the DNS server info in the AD tab and then rebuilding the DNS server on my PDC rectified the issue I noted in the update above. This has also allowed me to use an off-domain computer to map the drives manually and access the files (by using the domain user account). So, I'm back to my original problem: log into a computer with domain user account, but can't access the remote folders.

UPDATE #3: Alright... having successfully reverted back to my original problem (Update #2), I was able to access the files via an off-domain machine. This allowed me to update the ownership and reassign user rights on a user by user basis for their data and profiles. What's concerning me is why the rights were changed. Attached are a couple of images for two different users. You'll see krgtbt on User 1 and System Mailbox (XXXX) on User 2. Other users had similar random users (CN=Microsoft, for example). Needless to say, I'm making multiple backups at the moment as well. I'm interested to know if anyone has had user rights randomly switch in a Windows AD environment (Can't tell if this is the NAS or my PDC, but I'm leaning towards my NAS). I'd also still like to know if anyone has any experience turning the AD option off and simply reverting the NAS back to local user security what happens to the AD user controlled data?.
You do not have the required permissions to view the files attached to this post.
Post Reply

Return to “Windows Domain & Active Directory”