Error active directory users and computers



Невозможно запустить средство Пользователи и компьютеры Active Directory, так как сервер не работает

В этой статье описано решение проблемы, из-за которой невозможно запустить Пользователи и компьютеры Active Directory, так как сервер не работает.

Применяется к: Windows Server 2012 R2
Исходный номер базы знаний: 323542

Симптомы

Может возникнуть любой из следующих симптомов:

При попытке запустить средство Пользователи и компьютеры Active Directory вы получите следующее сообщение об ошибке:

Не удается найти сведения об именовании, так как:
Сервер не работает.
Обратитесь к администратору и проверьте правильность настройки домена и что домен работает.

При попытке запустить средство «Сайты и службы Active Directory» вы получите следующее сообщение об ошибке:

Не удается найти сведения об именовании, так как:
Сервер не работает.
Обратитесь к администратору и проверьте правильность настройки домена и что домен работает.

При попытке запустить средство «Домены и отношения доверия Active Directory» вы получите следующее сообщение об ошибке:

Сведения о конфигурации, описываемые для этого предприятия, недоступны.
Сервер не работает.

Обработка входа выполняется очень медленно.

Если у вас несколько контроллеров домена, вы можете подключиться с помощью Пользователи и компьютеры Active Directory к другому контроллеру домена с открытым портом 389 без получения сообщения об ошибке. Но вы не сможете получить доступ к контроллеру домена, пока не откроется порт 389.

Причина

Эти проблемы могут возникнуть, если фильтрация TCP/IP настроена для разрешения только порта 80 для трафика TCP/IP.

Решение

Порт 389 используется для подключений протокола LDAP. Этот порт блокируется, если фильтрация TCP/IP настроена неправильно. По умолчанию фильтрация TCP/IP настроена с параметром «Разрешить все». Чтобы проверить и исправить этот параметр, выполните следующие действия.

  1. Щелкните правой кнопкой мыши «Мои сетевые расположения» на контроллере домена, на котором не удается запустить Пользователи и компьютеры Active Directory, а затем выберите пункт «Свойства».
  2. Щелкните «Протокол Интернета» и выберите пункт «Свойства».
  3. Нажмите кнопку Дополнительно.
  4. Нажмите кнопку Параметры.
  5. Щелкните фильтр TCP/IP, а затем нажмите кнопку «Свойства».
  6. Для параметра TCP/IP-порта нажмите кнопку » Разрешить все».
  7. Перезагрузите компьютер. Откроется все TCP-порты, включая порт 389.

Состояние

Корпорация Майкрософт подтвердила, что это проблема в продуктах Майкрософт, перечисленных в начале этой статьи.

Источник

You cannot start the Active Directory Users and Computers tool because the server is not operational

This article provides a solution to an issue where you cannot start the Active Directory Users and Computers tool because the server is not operational.

Applies to: В Windows Server 2012 R2
Original KB number: В 323542

Symptoms

Any of the following symptoms may occur:

When you try to start the Active Directory Users and Computers tool, you receive the following error message:

Naming Information cannot be located because:
The Server is not operational.
Contact your system administrator to verify that your domain is properly configured and is currently online.

When you try to start the Active Directory Sites and Services tool, you receive the following error message:

Naming Information cannot be located because:
The server is not operational.
Contact your system administrator to verify that your domain is properly configured and is currently online.

When you try to start the Active Directory Domains and Trusts tool, you receive the following error message:

The configuration information describing this enterprise is not available.
The server is not operational.

Logon processing is very slow.

Читайте также:  End user error messages

If you have multiple domain controllers, you can connect with the Active Directory Users and Computers tool to another domain controller that has port 389 open without receiving an error message. But you cannot access a domain controller until port 389 is opened.

Cause

These issues may occur if TCP/IP filtering is configured to permit only port 80 for TCP/IP traffic.

Resolution

Port 389 is used for Lightweight Directory Access Protocol (LDAP) connections. This port is blocked if TCP/IP filtering is configured incorrectly. By default, TCP/IP filtering is configured with the Permit All setting. To verify and correct this setting:

  1. Right-click My Network Places on the domain controller on which you cannot start Active Directory Users and Computers, and then click Properties.
  2. Click Internet Protocol, and then click Properties.
  3. Click Advanced.
  4. Click Options.
  5. Click TCP/IP Filtering, and then click Properties.
  6. For the TCP/IP Port setting, click Permit All.
  7. Restart the computer. This opens all TCP ports, including port 389.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Источник

Error: Access is denied when non-administrator users who have been delegated control try to join computers to a domain controller

This article provides a solution to an error message when non-administrator users who have been delegated control try to join computers to a domain controller.

Applies to: В Windows Server 2012 R2
Original KB number: В 932455

Symptoms

On a Microsoft Windows Server 2003-based or a Windows Server 2008-based domain controller, non-administrator users may experience one or more of the following symptoms:

After a specific user or a specific group is provided with the permission to add or to remove computer objects to the domain on an organizational unit (OU) through the Delegation Wizard, users can’t add some of the computers to the domain. When the user tries to join a computer to a domain, users may receive the following error message:

Administrators can join computers to the domain without any issues.

Users who are members of the Account Operators group or who have been delegated control can’t create new user accounts or reset passwords when they sign in locally or when they sign in through terminal services to the domain controller.

When users try to reset a password, they may receive the following error message:

Windows cannot complete the password change for username because: Access is denied.

When users try to create a new user account, they receive the following error message:

The password for username cannot be set due to insufficient privileges, Windows will attempt to disable this account. If this attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set, and the account must be enabled.

Cause

These symptoms may occur if one or more of the following conditions are true:

Читайте также:  During read error occurred

A user or a group hasn’t been granted the Reset Passwords permission for the computer objects.

A user or a group cannot join a computer to a domain if the specified user or specified group does not have the Reset Password permission set for the computer objects. Users can create new computer accounts for the domain without this permission. But if the computer account is present in Active Directory already, they will receive the «Access is denied» error message because the Reset Password permission is required to reset the computer object properties for the existing computer object.

Users have been delegated control of the Account Operators group or are members of the Account Operators group. These users haven’t been granted the Read permission on the built-in OU in «Active Directory Users and Computers.»

Resolution

To resolve the issue in which users can’t join a computer to a domain, follow these steps:

  1. Select Start, select Run, type dsa.msc, and then select OK.
  2. In the task pane, expand the domain node.
  3. Locate and right-click the OU that you want to modify, and then select Delegate Control.
  4. In the Delegation of Control Wizard, select Next.
  5. Select Add to add a specific user or a specific group to the Selected users and groups list, and then select Next.
  6. In the Tasks to Delegate page, select Create a custom task to delegate, and then select Next.
  7. Select Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, Create selected objects in this folder and Delete selected objects in this folder.
  8. Select Next.
  9. In the Permissions list, click to select the following check boxes:
    • Reset Password
    • Read and write Account Restrictions
    • Validated write to DNS host name
    • Validated write to service principal name
  10. Select Next, and then select Finish.
  11. Close the «Active Directory Users and Computers» MMC snap-in.

To resolve the issue in which users can’t reset passwords, follow these steps:

Select Start, select Run, type dsa.msc, and then select OK.

In the task pane, expand the domain node.

Locate and right-click Builtin, and then select Properties.

In the Builtin Properties dialog box, select the Security tab.

In the Group or user names list, select Account Operators.

Under Permissions for Account Operators, click to select the Allow check box for the Read permission, and then select OK.

If you want to use a group or a user other than the Account Operators group, repeat steps 5 and 6 for that group or that user.

Close the «Active Directory Users and Computers» MMC snap-in.

Источник

Error active directory users and computers

Вопрос

I’m trying to open Active Directory Users and Computers from the Server Manager but I’ve always get the same error, and I can’t reach the active directory in my localhost.

Читайте также:  What is logical error

I followed the next link to install LDAP in my WS 2016 ( https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/).

Then I followed the next link to activate the Active Directory Users and Computers option in my Server Manager (https://www.windows-server-2012-r2.com/how-to-install-active-directory-users-and-computers-in-windows-server-2012.html)

But when I click in the Tools option «Active Directory Users and Computers»

I get the next message warning message (note that I’m the admin user)

Then I click «OK» and I’m supposed to see my active directory information but all I see is this:

(as you can see there is a red cross and my info is not reacheable)

What I tried to do is to connect to my directory by just right clicking in Active Directory Users and Computers —> Change domain —> browse, and I get the next error message:

Unable to browse the domain because: The RPC server is unaviable

I googled this error and I tried different solutions but didn’t solve my problem, there must be something that I’m forgetting.

I’m quite new dealing with LDAP and the configuration from LDAP with other applications. I’m also new in psoting so if you think I have to edit or complete something let me know.

I’m using Windows Server 2016, with IIS installed and I just want to access my Active directory from my own server called «echolima»

Источник

Error active directory users and computers

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

I’m trying to open Active Directory Users and Computers from the Server Manager but I’ve always get the same error, and I can’t reach the active directory in my localhost.

I followed the next link to install LDAP in my WS 2016 ( https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/).

Then I followed the next link to activate the Active Directory Users and Computers option in my Server Manager (https://www.windows-server-2012-r2.com/how-to-install-active-directory-users-and-computers-in-windows-server-2012.html)

But when I click in the Tools option «Active Directory Users and Computers»

I get the next message warning message (note that I’m the admin user)

Then I click «OK» and I’m supposed to see my active directory information but all I see is this:

(as you can see there is a red cross and my info is not reacheable)

What I tried to do is to connect to my directory by just right clicking in Active Directory Users and Computers —> Change domain —> browse, and I get the next error message:

Unable to browse the domain because: The RPC server is unaviable

I googled this error and I tried different solutions but didn’t solve my problem, there must be something that I’m forgetting.

I’m quite new dealing with LDAP and the configuration from LDAP with other applications. I’m also new in psoting so if you think I have to edit or complete something let me know.

I’m using Windows Server 2016, with IIS installed and I just want to access my Active directory from my own server called «echolima»

Источник

Оцените статью
toolgir.ru
Adblock
detector