Accessing local user accounts on a bdc

[bubarooni]

I need to be able to access local user accounts on a bdc and can't. I have tried 'usrmgr \\servername' at a dos prompt and get '\\SERVERNAME is a member of the YADDAYADDA domain. Focus will be set to YADDAYADDA'. Same thing happens if I try to manaully change the focus from YADDAYADDA to \\servername in User Manager for Domains. I am running IIS on this machine and need to change properties on the IUSR account.

Thanks in advance for any suggestions.

Kelly

 

[yizhar]

HI!

User Manager always connects to the PDC.
If the PDC is not available, you'll have to solve it, or to promote the BDC to a PDC (using Server Manager) if you are not intending to bring the PDC back up in the near future.

A Windows NT4 Domain Controller (like W2K DC) does not have local user accounts. Only the domain accounts.
This is different then a member server which has its own local database, and also recognizes the Domain it is part of.

Bye
Yizhar


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Maruis]

All you do is log on local after a reboot.
Do your changes and reboot log on to the domain..


Hope this helps

 

[bubarooni]

It won't give me an option to log on local at boot up. How do I access the IUSR account. NTOption Pack didn't create this as a domain account when I installed it.

 

[Maruis]

When you log on you get 3 lines
The bottom line has a drop down list
Change that to local , most proberly it will have the machine name in it.
What it means is you do not log on to the domain but you log on to the machine itself.
Once you have logged on local in this way then you will have access to the local accounts.

The problem you have only accures on PDC's & BDC's.

Your IUSR user account is default.

Hope this helps

 

[bubarooni]

Yes, it is a bdc so I suppose that means I can't logon locally. OK, how am I gonna get at that IUSR account if I can't logon locally?

 

[ChrisBurch]

Just a thought. Can you promote the bdc to pdc, do your stuff and demote again? Oh! If only I knew then what I know now.

 

[GSC]

Hi,

If it's a BDC that means that you CAN'T log on locally and it also means that you DON'T have a Local User Manager on that machine!!! So there is no local account that you can change on that machine.
Can I ask what the IUSR account is?

GSC

 

[bubarooni]

OK, no local account seems to be the definitive answer. The IUSR account is the anonymous internet user account, generally something along this line, IUSR_MachineName. It is used by anyone accessing web pages on the machine which is running IIS 4.0. The machine is my mail server (Exchange 5.5) and I want to implement Outlook Web Access. The IUSR account is supposed to be created when you install IIS but it wasn't (at least I think it is supposed to be auto created). Should I create the account as a domain account under User Manager for Domains?

 

[jrdebug]

yes it is supposed to be automatically created. the point is, i think u have to install the proxy server software. it is only then that this account shall be created. ur IIS server must also have a proxy server software installed.

Jeffrey Rebong
Computer Engineer/Network Administrator
jrtech@email.com

 

[Guest_imported]

Hope this helps you....
When implementing Outlook Web Access you must always apply this service to a member server and not a domain controller. IIS wants to create this IUSR (internet usr account) during the intial install of IIS within the local user database. Installing IIS on a dc creates this IUSr account within domain users resulting in this account always getting locked out when a user tries to connect. Also, Installing IIS on a dc isnt the best idea for security reasons. Reinstall on a member, configure your security within IIS, maybe create a OWA group for access rights and then create your conduits from the firewall...Presto....

gvinyard@charter.net