Resolved: When adding a domain to a Windows Server 2003 domain: Domain denied * * * access

Source: Internet
Author: User
Tags in domain

Recurrence: After you set up the AD, a pop-up dialog box appears when another computer in the same domain uses user A to log on and then uses B on the same computer: * * * Domain denied * * access. But log on as a normal

Analysis: After a computer uses user a logon domain, the name of the logon computer is automatically established in the computer group under Server AD, and the log on computer is bound to the user ID of the first logon, that is, with a. When you log on with B because this computer name is already added to the ad, and User B (here is the general user) does not have permission to overwrite the existing logon computer.

Resolved: Reproduced below Http://tech.techweb.com.cn/redirect.php?fid=38&tid=418696&goto=nextnewset

I. The issue of competence. To join a computer to a domain, you must be logged on as a local administrator on this computer (the default administrator) to ensure that you have administrative control over this computer. Normal user logged in, changing the button to Gray is not available. and follow the prompts to enter a domain user account or domain Administrator account to ensure that you can create a computer account for this computer within the domain.

Two, not to say "in 2000/03 domains, the default is a normal domain user (authenticated Users) can add 10 computers to the domain." "?" he said. Then how to log on to the domain on this computer. Obviously this webmaster misunderstood the meaning of this remark, the computer has not joined the domain, of course, can not log on to the domain. There are also some ways to build a local user with the same password as the domain user, the results can be imagined. This means that ordinary domain users will be able to create 10 new computer accounts in the domain, but you want to add a computer to the domain, first of all, you have to manage permissions on this computer. And then there is when you add the 11th new computer account, there will be error prompts, at this time can be in Group Policy, the account reset, or simply deleted a new domain user account, such as JoinDomain. Note: Domain administrators are not subject to 10 sets of restrictions.

Three, with the same common domain account with the computer to the domain, sometimes there is no problem, sometimes the "access denied" prompt. This problem arises because ad already has a computer account with the same name, usually due to an abnormally detached domain, the computer account is not automatically disabled or manually removed, and the normal domain account does not have permission to overwrite it. Solution: 1, manually delete the computer account in the AD, 2, use the Administrator account to join the computer to the domain, 3, the user can be joined to the domain when the account is initially built. WORKAROUND: After you set up user users in a Windows Server 2003 domain, the user will not be able to use the server's shared folder after logging on: Because of user settings in Domain Users in 2003, and permissions on that user's computer are user, Then the permissions that it logs on the server are equivalent to the local normal user, it is not possible to use shared folders in a domain (this shared folder's permissions are shared in a workgroup if you use everyone permission, and the domain concept is different and does not conform to the requirements of the schema domain). The workaround is to use the Administrator account on the user's computer to elevate the user rights for the login to power users or administrators, that is, to access shared folders in the domain

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.