Adminpak

[Bhavin78]

I installed administrative tools using group policy on two of the computers. Installed successfully but when I try to open it I get below error.

The directory schema is not accessible becuase an invalid pathname was passed. For this reason the new menu may be inaccurate and extension snap may not work correctly.

 

[markdmac]

Check that the client computers are using internal DNS and not configured with ISP DNS.

I hope you find this post helpful.

Regards,

Mark

 

[Bhavin78]

I have two DNS entries one internal and one for internet access.

 

[JimWells]

Bhavin78,

Do you mean that each client computer is configured with two DNS servers? One is internal and one is external?

Active Directory (and everything associated with it) relies on internal DNS -- if you have your clients configured with an external DNS server, I'd suggest instead putting the external DNS as a "forwarder" on your internal DNS server, and configuring clients with just the INTERNAL DNS server's IP.

 

[Bhavin78]

will I be able to get internet acces if I put forwader in internal dns and default gateway as my router.

 

[JimWells]

Yes. The clients will always contact the internal DNS server for ALL DNS queries. If they're asking for a public/internet domain name, the internal DNS server will FORWARD that request to the public DNS server, then return the result to the client.

Default gateway=router, for all practical purposes.

Hope this helps!

 

[Bhavin78]

currently we are on NT platform and using proxy for internet. what's the best replacment for proxy? can I use proxy with windows 2003 or ISA is the only option.

right know I am just getting internet connection through (router)default gateway.
any suggestion

 

[JimWells]

When you say "NT" - can you elaborate? What systems are still running NT4, if any?

If by "proxy" you mean Microsoft Proxy Server, then ISA 2003 is your best replacement. The ISA product line replaced Microsoft Proxy Server. It will function as a gateway/proxy/firewall and more.

 

[Bhavin78]

currently we have two platform.
NT domain and 2003 domain

NT domain where all the user are part of the domain.

2003 Just one server and 2 clients (just for testing)

thanks for all you help and quick response. share your suggestion if you have any.

 

[JimWells]

OK - so you're testing Windows 2003/Active Directory? Good for you.

I'd try an evaluation of ISA 2003, if you can. It has a great featureset, though you'll have to become technically competent with it to do much. It can do content filtering, handle all sorts of VPN and security needs, firewall, etc. I'd use it myself, but I prefer hardware appliances for internet access. There's nothing wrong with ISA 2003 if it's on the right hardware, though.

 

[Bhavin78]

I did put internal DNs on client pc and added forwader but I still cannot oper Administrative tools from client PC. What could be the reason?

I get the below error
naming information cannot be located for the following location. Ther server in snot operational.

 

[JimWells]

Are these client computers on the TEST (2003) domain? Is the 2003 domain isolated on the network from the NT4 domain?

If this is happening with clients attached only to the 2003 network, then there may be a misconfiguration in DNS. Did you allow the GUI wizard to configure DNS/domain stuff for you? Were there any errors in that process?

Run "dcdiag /n:domainname.domain" (where domainname.domain is the FQDN for your 2003 test domain). Paste any errors into a post on this thread...

 

[Bhavin78]

I did allow GUI wizard to set up DNS?
Both domain have trust with each other.
Testing clients for 2003 are on 2003 domain.

I ran dcdiag
error:
the domain holding domainname.domain cannot be contacted or does not exist

There is an Host A entry in DNs for the domain controller

 

[JimWells]

You did replace domainname.domain with your ACTUAL domain name, right? ;-)

Did you run dcpromo or some other tool to create Active Directory on the 2003 domain?

 

[Bhavin78]

my computer name was w2k3dc1. I changed it to w2k3-dc1. from system properties. thats the change I made. I used dcpromo to create AD.
yes I ran this command as below.
dcdiag /n:w2k3-dc1.360incliv.com

Error:
the domain holding domainname.domain cannot be contacted or does not exist

 

[JimWells]

On your Windows 2003 DNS server, open the DNS Management snap-in. Go to the Forward lookup zones and look for your domain. Verify that there are SOA entries for your domain (record should indicate the IP of the 2003 DNS server). Also check for the following subfolders under your domain:_msdcs, _sites, _tcp, _udp.

Let us know what you find...

 

[Bhavin78]

I did check that and some of the entries had the old name w2k3dc1.360incliv.com
now its changed to
w2k3-dc1.360incliv.com (reason: name of the computer is changed)

it does not update all entries by itself when you change the computer name.

my default site name by default was default site..I changed it to livsite. but I still see 2 sites in my DNS consel. Can I go ahead and delete manually.

I will try this and see if I can acces admin tools from client pc.

 

[JimWells]

Also try on the command line: net stop netlogon, net startlogon and finally, ipconfig /registerdns. (All on the DC w2k3-dc1). This might fix some of those DNS entries.

You can also run dcdiag again before you worry about the MMC snap-ins again. It sounds like you have/had some missing DNS entries -- you'll want to get those PERFECT before rolling any of your users/servers into this new domain.

 

[Bhavin78]

my default site name by default was default site..I changed it to livsite. but I still see 2 sites in my DNS consel.defaultsite and livsite (rename of defaultsite) Can I go ahead and delete manually>
why it didnt update by itself?

i see all king of entries for default site in dns.

I tried to access AD domains and trust. I was able to do that but, it takes very long time? reason?

I am trying AD users and computers and this is still not there...more than 15 minutes passed

 

[JimWells]

Most slow responses are still DNS-related in AD. On the computer you're trying the tools on -- is the 2003 DNS server your ONLY listed DNS server?

Not sure why the site name hasn't changed yet in DNS. Run DCDIAG again and see where you are. I'd recommend AGAINST deleting things manually, especially if you don't know that they are causing problems yet.

Find the Replication Monitor (Support Tools on the W2K/W2K3 server CD). That might help illustrate problems, too.