Политики ты настраиваешь в разделе пользователя или компьютера? Если в разделе компьютера, то проверь - учётную запись компьютера, введённого в домен, ты в своё OU перенёс?

xoxmodav
политика и в разделе компа, и в разделе пользователя настроена. комп в OU не перенесен, но все равно, даже для пользователя не применяется.

Перенеси ПК в OU, на ПК набери команду "gpupdate /force" и перезагрузи машину.

xoxmodav
перенес, не помогло
"gpupdate /force" - возвращает, что политика была обновлена. после проверяю "gpresult" возвращает - объект групповой политики не найден.

блин еще пару дней и меня повесят...

Опиши структуру своей сети, выкладывай логи настроек сетевых интерфесов (ipconfig /all), dcdiag /v, netdiag /v используя тег [code] с контроллера домена и с рабочей станции (с которой экспериментируешь).

Посмотри "Журнал событий" на предмет наличия в нём ошибок, выложи их номера и описание.

Напиши производившиеся тобой действия при поднятии домена и полученные результаты.

раб. станция
ipconfig -all

Настройка протокола IP для Windows

Имя компьютера . . . . . . . . . : test
Основной DNS-суффикс . . . . . . : trb.uz
Тип узла. . . . . . . . . . . . . : неизвестный
IP-маршрутизация включена . . . . : нет
WINS-прокси включен . . . . . . . : нет
Порядок просмотра суффиксов DNS . : trb.uz

Подключение по локальной сети - Ethernet адаптер:

DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Физический адрес. . . . . . . . . : 00-19-DB-2D-04-D6
Dhcp включен. . . . . . . . . . . : да
Автонастройка включена . . . . . : да
IP-адрес . . . . . . . . . . . . : 192.168.0.55
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . : 192.168.0.22
DHCP-сервер . . . . . . . . . . . : 192.168.0.14
DNS-серверы . . . . . . . . . . . : 192.168.0.14
192.168.0.65
Аренда получена . . . . . . . . . : 13 февраля 2007 г. 16:50:03
Аренда истекает . . . . . . . . . : 20 февраля 2007 г. 16:50:03

сервер
ipconfig
Microsoft Windows [Версия 5.2.3790]
(С) Корпорация Майкрософт, 1985-2003.

C:\Documents and Settings\ADM>ipconfig -all

Настройка протокола IP для Windows

Имя компьютера . . . . . . . . . : it
Основной DNS-суффикс . . . . . . : trb.uz
Тип узла. . . . . . . . . . . . . : неизвестный
IP-маршрутизация включена . . . . : нет
WINS-прокси включен . . . . . . . : нет
Порядок просмотра суффиксов DNS . : trb.uz

Local Area Connection - Ethernet адаптер:

DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : BCM5703 Gigabit Ethernet
Физический адрес. . . . . . . . . : 00-0B-CD-CF-A6-0A
DHCP включен. . . . . . . . . . . : нет
IP-адрес . . . . . . . . . . . . : 192.168.0.14
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . : 192.168.0.22
DNS-серверы . . . . . . . . . . . : 192.168.0.14
192.168.0.65


сервер
dcdiag /v
C:\Documents and Settings\ADM>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine it, is a DC.
* Connecting to directory service on server it.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\IT
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... IT passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\IT
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... IT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=trb,DC=uz
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=trb,DC=uz
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=trb,DC=uz
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=trb,DC=uz
(Configuration,Version 2)
* Security Permissions Check for
DC=trb,DC=uz
(Domain,Version 2)
......................... IT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... IT passed test NetLogons
Starting test: Advertising
The DC IT is advertising itself as a DC and having a DS.
The DC IT is advertising as an LDAP server
The DC IT is advertising as having a writeable directory
The DC IT is advertising as a Key Distribution Center
The DC IT is advertising as a time server
The DS IT is advertising as a GC.
......................... IT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Domain Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role PDC Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Rid Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Infrastructure Update Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
......................... IT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1603 to 1073741823
* it.trb.uz is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1157
......................... IT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/it.trb.uz/trb.uz
* SPN found :LDAP/it.trb.uz
* SPN found :LDAP/IT
* SPN found :LDAP/it.trb.uz/TRB
* SPN found :LDAP/19c5421b-b908-43f0-a9fe-d993e6a002d7._msdcs.trb.uz
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/19c5421b-b908-43f0-a9
fe-d993e6a002d7/trb.uz
* SPN found :HOST/it.trb.uz/trb.uz
* SPN found :HOST/it.trb.uz
* SPN found :HOST/IT
* SPN found :HOST/it.trb.uz/TRB
* SPN found :GC/it.trb.uz/trb.uz
......................... IT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... IT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
IT is in domain DC=trb,DC=uz
Checking for CN=IT,OU=Domain Controllers,DC=trb,DC=uz in domain DC=trb,
DC=uz on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=trb,DC=uz in domain CN=Configuration,DC=trb,DC=u
z on 1 servers
Object is up-to-date on all servers.
......................... IT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... IT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... IT passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... IT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... IT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=IT,OU=Domain Controllers,DC=trb,DC=uz and backlink on
CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D
C=trb,DC=uz
are correct.
The system object reference (frsComputerReferenceBL)
CN=IT,CN=Domain System Volume (SYSVOL share),CN=File Replication Servic
e,CN=System,DC=trb,DC=uz
and backlink on CN=IT,OU=Domain Controllers,DC=trb,DC=uz are correct.
The system object reference (serverReferenceBL)
CN=IT,CN=Domain System Volume (SYSVOL share),CN=File Replication Servic
e,CN=System,DC=trb,DC=uz
and backlink on
CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=trb,DC=uz
are correct.
......................... IT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : trb
Starting test: CrossRefValidation
......................... trb passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... trb passed test CheckSDRefDom

Running enterprise tests on : trb.uz
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... trb.uz passed test Intersite
Starting test: FsmoCheck
GC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
PDC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
Time Server Name: \\it.trb.uz
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\it.trb.uz
Locator Flags: 0xe00003fd
KDC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
......................... trb.uz passed test FsmoCheck

netdiag /v
C:\Documents and Settings\ADM>netdiag /v

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing for autoconfiguration... Passed
Testing IP loopback ping... Passed
Testing default gateways... Passed
Enumerating local and remote NetBT name cache... Passed
Testing the WINS server
Local Area Connection
There is no primary WINS server defined for this adapter.
There is no secondary WINS server defined for this adapter.
Gathering Winsock information.
Testing DNS
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.14
'.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.0.65'. Please wait for 30 minutes for DNS server replication.
Testing redirector and browser... Passed
Testing DC discovery.
Looking for a DC
Looking for a PDC emulator
Looking for a Windows 2000 DC
Gathering the list of Domain Controllers for domain 'TRB'
Testing trust relationships... Skipped
Testing Kerberos authentication... Passed
Testing LDAP servers in Domain TRB ...
Gathering routing information
Gathering network statistics information.
Gathering configuration of bindings.
Gathering RAS connection information
Gathering Modem information
Gathering Netware information
Gathering IP Security information

Tests complete.


Computer Name: IT
DNS Host Name: it.trb.uz
DNS Domain Name: trb.uz
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
Hotfixes :
Installed? Name
Yes Q147222


Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:

---------------------------------------------------------------------------
Description: RAS Async Adapter
Device: \DEVICE\{825C3C23-A83B-4072-8BDA-38AB93496943}

Media State: Connected

Device State: Connected
Connect Time: 07:10:30
Media Speed: 28 Kbps

Packets Sent: 0
Bytes Sent (Optional): 0

Packets Received: 0
Directed Pkts Recd (Optional): 0
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0

[WARNING] The net card 'RAS Async Adapter' may not be working because it has
not received any packets.
---------------------------------------------------------------------------
Description: BCM5703 Gigabit Ethernet
Device: \DEVICE\{C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}

Media State: Connected

Device State: Connected
Connect Time: 07:11:18
Media Speed: 100 Mbps

Packets Sent: 74875
Bytes Sent (Optional): 0

Packets Received: 208077
Directed Pkts Recd (Optional): 73822
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0

---------------------------------------------------------------------------
[PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

Adapter : Local Area Connection
Adapter ID . . . . . . . . : {C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}

Netcard queries test . . . : Passed

Adapter type . . . . . . . : Ethernet
Host Name. . . . . . . . . : it
Description. . . . . . . . : BCM5703 Gigabit Ethernet
Physical Address . . . . . : 00-0B-CD-CF-A6-0A
Dhcp Enabled . . . . . . . : No
DHCP ClassID . . . . . . . :
Autoconfiguration Enabled. : Yes
IP Address . . . . . . . . : 192.168.0.14
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.22
Dns Servers. . . . . . . . : 192.168.0.14
192.168.0.65

IpConfig results . . . . . : Passed

AutoConfiguration results. . . . . . : Passed
AutoConfiguration is not in use.

Default gateway test . . . : Passed
Pinging gateway 192.168.0.22 - reachable
At least one gateway reachable for this adapter.

NetBT name test. . . . . . : Passed
NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
IT <00> UNIQUE REGISTERED
TRB <00> GROUP REGISTERED
TRB <1C> GROUP REGISTERED
IT <20> UNIQUE REGISTERED
TRB <1B> UNIQUE REGISTERED
TRB <1E> GROUP REGISTERED
TRB <1D> UNIQUE REGISTERED
..__MSBROWSE__.<01> GROUP REGISTERED
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

NetBios Resolution : via DHCP

Netbios Remote Cache Table
Name Type HostAddress Life [sec]
---------------------------------------------------------------
TEST <20> UNIQUE 192.168.0.55 322


WINS service test. . . . . : Skipped
There is no primary WINS server defined for this adapter.
There is no secondary WINS server defined for this adapter.
There are no WINS servers configured for this interface.
IPX test : IPX is not installed on this machine.


Global results:


IP General configuration
LMHOSTS Enabled. . . . . . . . : Yes
DNS for WINS resolution. . . . : Enabled
Node Type. . . . . . . . . . . : Broadcast
NBT Scope ID . . . . . . . . . :
Routing Enabled. . . . . . . . : No
WINS Proxy Enabled . . . . . . : No
DNS resolution for NETBIOS . . : No



Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : TRB
Dns domain name. . . . . . . . : trb.uz
Dns forest name. . . . . . . . : trb.uz
Domain Guid. . . . . . . . . . : {EA7C2081-CE42-4F8E-86F1-243FC75A2ADD}
Domain Sid . . . . . . . . . . : S-1-5-21-1711050988-4257622575-1540512868
Logon User . . . . . . . . . . : ADM
Logon Domain . . . . . . . . . : TRB


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed
PASS - you have at least one non-autoconfigured IP address


IP loopback ping test. . . . . . . : Passed
PASS - pinging IP loopback address was successful.
Your IP stack is most probably OK.


Default gateway test . . . . . . . : Passed
PASS - you have at least one reachable gateway.


NetBT name test. . . . . . . . . . : Passed
No NetBT scope defined
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed
The number of protocols which have been reported : 10
Description: MSAFD Tcpip [TCP/IP]
Provider Version :2
Max message size : Stream Oriented
Description: MSAFD Tcpip [UDP/IP]
Provider Version :2
Description: RSVP UDP Service Provider
Provider Version :6
Description: RSVP TCP Service Provider
Provider Version :6
Max message size : Stream Oriented
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA
-F99E86DF3DDA}] SEQPACKET 0
Provider Version :2
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA
-F99E86DF3DDA}] DATAGRAM 0
Provider Version :2
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{336F1A1A-311B-4C64-83E9
-2B294BCF2317}] SEQPACKET 1
Provider Version :2
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{336F1A1A-311B-4C64-83E9
-2B294BCF2317}] DATAGRAM 1
Provider Version :2
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F907317-3249-4458-A23D
-3C52BC71BD9B}] SEQPACKET 2
Provider Version :2
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1F907317-3249-4458-A23D
-3C52BC71BD9B}] DATAGRAM 2
Provider Version :2

Max UDP size : 65507 bytes


DNS test . . . . . . . . . . . . . : Passed
Interface {C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
DNS Domain:
DNS Servers: 192.168.0.14 192.168.0.65
IP Address: Expected registration with PDN (primary DNS domain n
ame):
Hostname: it.trb.uz.
Authoritative zone: trb.uz.
Primary DNS server: it.trb.uz 192.168.0.14
Authoritative NS:192.168.0.14
Check the DNS registration for DCs entries on DNS server '192.168.0.14'
The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

The Record is correct on DNS server '192.168.0.14'.

PASS - All the DNS entries for DC are registered on DNS server '192.168.0.14
'.
Check the DNS registration for DCs entries on DNS server '192.168.0.65'
Query for DC DNS entry trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.trb.uz. on DNS
server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.pdc._msdcs.trb.uz. on DNS server 192.168.0.65
failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.gc._msdcs.trb.uz. on DNS server 192.168.0.65 f
ailed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.trb.u
z. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.ea7c2081-ce42-4f8e-86f1-243fc75a2add.domains._
msdcs.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry gc._msdcs.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry 19c5421b-b908-43f0-a9fe-d993e6a002d7._msdcs.trb.uz. on DN
S server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.dc._msdcs.trb.uz. on DNS server 192.168.0.
65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.t
rb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.dc._msdcs.trb.uz. on DNS server 192.168.0.65 f
ailed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.trb.u
z. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.trb.uz. on DNS server 192.168.0.65 failed.

DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._tcp.Default-First-Site-Name._sites.trb.uz. on
DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _gc._tcp.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _gc._tcp.Default-First-Site-Name._sites.trb.uz. on DNS se
rver 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kerberos._udp.trb.uz. on DNS server 192.168.0.65 failed.

DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kpasswd._tcp.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _kpasswd._udp.trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry DomainDnsZones.trb.uz. on DNS server 192.168.0.65 failed.

DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.DomainDnsZones.trb.uz. on DNS server 192.168.0
.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.
trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry ForestDnsZones.trb.uz. on DNS server 192.168.0.65 failed.

DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.ForestDnsZones.trb.uz. on DNS server 192.168.0
.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
Query for DC DNS entry _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.
trb.uz. on DNS server 192.168.0.65 failed.
DNS Error code: DNS_ERROR_RCODE_NAME_ERROR (Name does not exist on DNS server)
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver '192.168.0.65'. Please wait for 30 minutes for DNS server replication.


Redir and Browser test . . . . . . : Passed
List of transports currently bound to the Redir
NetbiosSmb
NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
The redir is bound to 1 NetBt transport.

List of transports currently bound to the browser
NetBT_Tcpip_{C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
The browser is bound to 1 NetBt transport.
Mailslot test for TRB* passed.


DC discovery test. . . . . . . . . : Passed

Find DC in domain 'TRB':
Found this DC in domain 'TRB':
DC. . . . . . . . . . . : \\it.trb.uz
Address . . . . . . . . : \\192.168.0.14
Domain Guid . . . . . . : {EA7C2081-CE42-4F8E-86F1-243FC75A2ADD}
Domain Name . . . . . . : trb.uz
Forest Name . . . . . . : trb.uz
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRIT
ABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

Find PDC emulator in domain 'TRB':
Found this PDC emulator in domain 'TRB':
DC. . . . . . . . . . . : \\it.trb.uz
Address . . . . . . . . : \\192.168.0.14
Domain Guid . . . . . . : {EA7C2081-CE42-4F8E-86F1-243FC75A2ADD}
Domain Name . . . . . . : trb.uz
Forest Name . . . . . . : trb.uz
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRIT
ABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

продолжение netdiag (оказывается пост на форуме не может быть длиннее 20000 символов)
Find Windows 2000 DC in domain 'TRB':
Found this Windows 2000 DC in domain 'TRB':
DC. . . . . . . . . . . : \\it.trb.uz
Address . . . . . . . . : \\192.168.0.14
Domain Guid . . . . . . : {EA7C2081-CE42-4F8E-86F1-243FC75A2ADD}
Domain Name . . . . . . : trb.uz
Forest Name . . . . . . : trb.uz
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRIT
ABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8


DC list test . . . . . . . . . . . : Passed
List of DCs in Domain 'TRB':
it.trb.uz


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed
Cached Tickets:
Server: krbtgt/TRB.UZ
End Time: 2/14/2007 2:49:57
Renew Time: 2/20/2007 16:49:57
Server: krbtgt/TRB.UZ
End Time: 2/14/2007 2:49:57
Renew Time: 2/20/2007 16:49:57
Server: cifs/it.trb.uz
End Time: 2/14/2007 2:49:57
Renew Time: 2/20/2007 16:49:57
Server: host/it.trb.uz
End Time: 2/14/2007 2:49:57
Renew Time: 2/20/2007 16:49:57


LDAP test. . . . . . . . . . . . . : Passed

Do un-authenticated LDAP call to 'it.trb.uz'.
Found 1 entries:
Attr: currentTime
Val: 17 20070213120421.0Z
Attr: subschemaSubentry
Val: 52 CN=Aggregate,CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: dsServiceName
Val: 99 CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=trb,DC=uz
Attr: namingContexts
Val: 12 DC=trb,DC=uz
Val: 29 CN=Configuration,DC=trb,DC=uz
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Val: 30 DC=DomainDnsZones,DC=trb,DC=uz
Val: 30 DC=ForestDnsZones,DC=trb,DC=uz
Attr: defaultNamingContext
Val: 12 DC=trb,DC=uz
Attr: schemaNamingContext
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: configurationNamingContext
Val: 29 CN=Configuration,DC=trb,DC=uz
Attr: rootDomainNamingContext
Val: 12 DC=trb,DC=uz
Attr: supportedControl
Val: 22 1.2.840.113556.1.4.319
Val: 22 1.2.840.113556.1.4.801
Val: 22 1.2.840.113556.1.4.473
Val: 22 1.2.840.113556.1.4.528
Val: 22 1.2.840.113556.1.4.417
Val: 22 1.2.840.113556.1.4.619
Val: 22 1.2.840.113556.1.4.841
Val: 22 1.2.840.113556.1.4.529
Val: 22 1.2.840.113556.1.4.805
Val: 22 1.2.840.113556.1.4.521
Val: 22 1.2.840.113556.1.4.970
Val: 23 1.2.840.113556.1.4.1338
Val: 22 1.2.840.113556.1.4.474
Val: 23 1.2.840.113556.1.4.1339
Val: 23 1.2.840.113556.1.4.1340
Val: 23 1.2.840.113556.1.4.1413
Val: 23 2.16.840.1.113730.3.4.9
Val: 24 2.16.840.1.113730.3.4.10
Val: 23 1.2.840.113556.1.4.1504
Val: 23 1.2.840.113556.1.4.1852
Val: 22 1.2.840.113556.1.4.802
Attr: supportedLDAPVersion
Val: 1 3
Val: 1 2
Attr: supportedLDAPPolicies
Val: 14 MaxPoolThreads
Val: 15 MaxDatagramRecv
Val: 16 MaxReceiveBuffer
Val: 15 InitRecvTimeout
Val: 14 MaxConnections
Val: 15 MaxConnIdleTime
Val: 11 MaxPageSize
Val: 16 MaxQueryDuration
Val: 16 MaxTempTableSize
Val: 16 MaxResultSetSize
Val: 22 MaxNotificationPerConn
Val: 11 MaxValRange
Attr: highestCommittedUSN
Val: 5 58349
Attr: supportedSASLMechanisms
Val: 6 GSSAPI
Val: 10 GSS-SPNEGO
Val: 8 EXTERNAL
Val: 10 DIGEST-MD5
Attr: dnsHostName
Val: 9 it.trb.uz
Attr: ldapServiceName
Val: 17 trb.uz:it$@TRB.UZ
Attr: serverName
Val: 82 CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=trb,DC=uz
Attr: supportedCapabilities
Val: 22 1.2.840.113556.1.4.800
Val: 23 1.2.840.113556.1.4.1670
Val: 23 1.2.840.113556.1.4.1791
Attr: isSynchronized
Val: 4 TRUE
Attr: isGlobalCatalogReady
Val: 4 TRUE
Attr: domainFunctionality
Val: 1 0
Attr: forestFunctionality
Val: 1 0
Attr: domainControllerFunctionality
Val: 1 2

Do NTLM authenticated LDAP call to 'it.trb.uz'.
Found 1 entries:
Attr: currentTime
Val: 17 20070213120421.0Z
Attr: subschemaSubentry
Val: 52 CN=Aggregate,CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: dsServiceName
Val: 99 CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=trb,DC=uz
Attr: namingContexts
Val: 12 DC=trb,DC=uz
Val: 29 CN=Configuration,DC=trb,DC=uz
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Val: 30 DC=DomainDnsZones,DC=trb,DC=uz
Val: 30 DC=ForestDnsZones,DC=trb,DC=uz
Attr: defaultNamingContext
Val: 12 DC=trb,DC=uz
Attr: schemaNamingContext
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: configurationNamingContext
Val: 29 CN=Configuration,DC=trb,DC=uz
Attr: rootDomainNamingContext
Val: 12 DC=trb,DC=uz
Attr: supportedControl
Val: 22 1.2.840.113556.1.4.319
Val: 22 1.2.840.113556.1.4.801
Val: 22 1.2.840.113556.1.4.473
Val: 22 1.2.840.113556.1.4.528
Val: 22 1.2.840.113556.1.4.417
Val: 22 1.2.840.113556.1.4.619
Val: 22 1.2.840.113556.1.4.841
Val: 22 1.2.840.113556.1.4.529
Val: 22 1.2.840.113556.1.4.805
Val: 22 1.2.840.113556.1.4.521
Val: 22 1.2.840.113556.1.4.970
Val: 23 1.2.840.113556.1.4.1338
Val: 22 1.2.840.113556.1.4.474
Val: 23 1.2.840.113556.1.4.1339
Val: 23 1.2.840.113556.1.4.1340
Val: 23 1.2.840.113556.1.4.1413
Val: 23 2.16.840.1.113730.3.4.9
Val: 24 2.16.840.1.113730.3.4.10
Val: 23 1.2.840.113556.1.4.1504
Val: 23 1.2.840.113556.1.4.1852
Val: 22 1.2.840.113556.1.4.802
Attr: supportedLDAPVersion
Val: 1 3
Val: 1 2
Attr: supportedLDAPPolicies
Val: 14 MaxPoolThreads
Val: 15 MaxDatagramRecv
Val: 16 MaxReceiveBuffer
Val: 15 InitRecvTimeout
Val: 14 MaxConnections
Val: 15 MaxConnIdleTime
Val: 11 MaxPageSize
Val: 16 MaxQueryDuration
Val: 16 MaxTempTableSize
Val: 16 MaxResultSetSize
Val: 22 MaxNotificationPerConn
Val: 11 MaxValRange
Attr: highestCommittedUSN
Val: 5 58349
Attr: supportedSASLMechanisms
Val: 6 GSSAPI
Val: 10 GSS-SPNEGO
Val: 8 EXTERNAL
Val: 10 DIGEST-MD5
Attr: dnsHostName
Val: 9 it.trb.uz
Attr: ldapServiceName
Val: 17 trb.uz:it$@TRB.UZ
Attr: serverName
Val: 82 CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=trb,DC=uz
Attr: supportedCapabilities
Val: 22 1.2.840.113556.1.4.800
Val: 23 1.2.840.113556.1.4.1670
Val: 23 1.2.840.113556.1.4.1791
Attr: isSynchronized
Val: 4 TRUE
Attr: isGlobalCatalogReady
Val: 4 TRUE
Attr: domainFunctionality
Val: 1 0
Attr: forestFunctionality
Val: 1 0
Attr: domainControllerFunctionality
Val: 1 2

Do Negotiate authenticated LDAP call to 'it.trb.uz'.
Found 1 entries:
Attr: currentTime
Val: 17 20070213120421.0Z
Attr: subschemaSubentry
Val: 52 CN=Aggregate,CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: dsServiceName
Val: 99 CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=trb,DC=uz
Attr: namingContexts
Val: 12 DC=trb,DC=uz
Val: 29 CN=Configuration,DC=trb,DC=uz
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Val: 30 DC=DomainDnsZones,DC=trb,DC=uz
Val: 30 DC=ForestDnsZones,DC=trb,DC=uz
Attr: defaultNamingContext
Val: 12 DC=trb,DC=uz
Attr: schemaNamingContext
Val: 39 CN=Schema,CN=Configuration,DC=trb,DC=uz
Attr: configurationNamingContext
Val: 29 CN=Configuration,DC=trb,DC=uz
Attr: rootDomainNamingContext
Val: 12 DC=trb,DC=uz
Attr: supportedControl
Val: 22 1.2.840.113556.1.4.319
Val: 22 1.2.840.113556.1.4.801
Val: 22 1.2.840.113556.1.4.473
Val: 22 1.2.840.113556.1.4.528
Val: 22 1.2.840.113556.1.4.417
Val: 22 1.2.840.113556.1.4.619
Val: 22 1.2.840.113556.1.4.841
Val: 22 1.2.840.113556.1.4.529
Val: 22 1.2.840.113556.1.4.805
Val: 22 1.2.840.113556.1.4.521
Val: 22 1.2.840.113556.1.4.970
Val: 23 1.2.840.113556.1.4.1338
Val: 22 1.2.840.113556.1.4.474
Val: 23 1.2.840.113556.1.4.1339
Val: 23 1.2.840.113556.1.4.1340
Val: 23 1.2.840.113556.1.4.1413
Val: 23 2.16.840.1.113730.3.4.9
Val: 24 2.16.840.1.113730.3.4.10
Val: 23 1.2.840.113556.1.4.1504
Val: 23 1.2.840.113556.1.4.1852
Val: 22 1.2.840.113556.1.4.802
Attr: supportedLDAPVersion
Val: 1 3
Val: 1 2
Attr: supportedLDAPPolicies
Val: 14 MaxPoolThreads
Val: 15 MaxDatagramRecv
Val: 16 MaxReceiveBuffer
Val: 15 InitRecvTimeout
Val: 14 MaxConnections
Val: 15 MaxConnIdleTime
Val: 11 MaxPageSize
Val: 16 MaxQueryDuration
Val: 16 MaxTempTableSize
Val: 16 MaxResultSetSize
Val: 22 MaxNotificationPerConn
Val: 11 MaxValRange
Attr: highestCommittedUSN
Val: 5 58349
Attr: supportedSASLMechanisms
Val: 6 GSSAPI
Val: 10 GSS-SPNEGO
Val: 8 EXTERNAL
Val: 10 DIGEST-MD5
Attr: dnsHostName
Val: 9 it.trb.uz
Attr: ldapServiceName
Val: 17 trb.uz:it$@TRB.UZ
Attr: serverName
Val: 82 CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=trb,DC=uz
Attr: supportedCapabilities
Val: 22 1.2.840.113556.1.4.800
Val: 23 1.2.840.113556.1.4.1670
Val: 23 1.2.840.113556.1.4.1791
Attr: isSynchronized
Val: 4 TRUE
Attr: isGlobalCatalogReady
Val: 4 TRUE
Attr: domainFunctionality
Val: 1 0
Attr: forestFunctionality
Val: 1 0
Attr: domainControllerFunctionality
Val: 1 2

Registered Service Principal Names:
ldap/it.trb.uz/ForestDnsZones.trb.uz
ldap/it.trb.uz/DomainDnsZones.trb.uz
DNS/it.trb.uz
GC/it.trb.uz/trb.uz
HOST/it.trb.uz/TRB
HOST/IT
HOST/it.trb.uz
HOST/it.trb.uz/trb.uz
E3514235-4B06-11D1-AB04-00C04FC2DCD2/19c5421b-b908-43f0-a9fe-d993e6a002d
7/trb.uz
ldap/19c5421b-b908-43f0-a9fe-d993e6a002d7._msdcs.trb.uz
ldap/it.trb.uz/TRB
ldap/IT
ldap/it.trb.uz
ldap/it.trb.uz/trb.uz
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/it.trb.uz


Routing table test . . . . . . . . : Passed
Active Routes :
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.22 192.168.0.14 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.14 192.168.0.14 20
192.168.0.14 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.14 192.168.0.14 20
224.0.0.0 240.0.0.0 192.168.0.14 192.168.0.14 20
255.255.255.255 255.255.255.255 192.168.0.14 192.168.0.14 1
No persistent route entries.


Netstat information test . . . . . : Passed

Interface Statistics

Received Sent
Unicast Packets 53457643 43972708
Non-unicast packets 132852 2501
Discards 0 0
Errors 0 0
Unknown protocols 3908 458284

Interface index = 1
Description = MS TCP Loopback interface
Type = 24
MTU = 1520
Speed = 10000000
Physical Address = 00-00-00-00-00-00
Administrative Status = 1
Operational Status = 1
Last Changed = 1681343779
Output Queue Length = 0


Interface index = 65539
Description = BCM5703 Gigabit Ethernet
Type = 6
MTU = 1500
Speed = 100000000
Physical Address = 00-0B-CD-CF-A6-0A
Administrative Status = 1
Operational Status = 1
Last Changed = 1681343842
Output Queue Length = 0



Active Connections

Proto Local Address Foreign Address State
TCP it:domain it.trb.uz:63576 LISTEN
ING
TCP it:kerberos it.trb.uz:59644 LISTEN
ING
TCP it:epmap it.trb.uz:22633 LISTEN
ING
TCP it:ldap it.trb.uz:45106 LISTEN
ING
TCP it:microsoft-ds it.trb.uz:43214 LISTEN
ING
TCP it:kpasswd it.trb.uz:12465 LISTEN
ING
TCP it:593 it.trb.uz:6269 LISTEN
ING
TCP it:ldaps it.trb.uz:10321 LISTEN
ING
TCP it:1025 it.trb.uz:2208 LISTEN
ING
TCP it:1026 it.trb.uz:20718 LISTEN
ING
TCP it:1028 it.trb.uz:47305 LISTEN
ING
TCP it:1043 it.trb.uz:63643 LISTEN
ING
TCP it:1045 it.trb.uz:12487 LISTEN
ING
TCP it:1048 it.trb.uz:49222 LISTEN
ING
TCP it:1081 it.trb.uz:51249 LISTEN
ING
TCP it:3268 it.trb.uz:35001 LISTEN
ING
TCP it:3269 it.trb.uz:63617 LISTEN
ING
TCP it:ldap it.trb.uz:1036 ESTABL
ISHED
TCP it:ldap it.trb.uz:1039 ESTABL
ISHED
TCP it:ldap it.trb.uz:1040 ESTABL
ISHED
TCP it:ldap it.trb.uz:1052 ESTABL
ISHED
TCP it:1036 it.trb.uz:ldap ESTABL
ISHED
TCP it:1039 it.trb.uz:ldap ESTABL
ISHED
TCP it:1040 it.trb.uz:ldap ESTABL
ISHED
TCP it:1052 it.trb.uz:ldap ESTABL
ISHED
TCP it:1114 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:1115 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:1116 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:1117 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:4926 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:4927 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:4928 it.trb.uz:microsoft-ds TIME_W
AIT
TCP it:epmap TEST:1039 ESTABL
ISHED
TCP it:netbios-ssn it.trb.uz:33002 LISTEN
ING
TCP it:netbios-ssn TEST:1082 ESTABL
ISHED
TCP it:ldap it.trb.uz:1099 TIME_W
AIT
TCP it:ldap it.trb.uz:1100 TIME_W
AIT
TCP it:ldap it.trb.uz:1101 ESTABL
ISHED
TCP it:ldap it.trb.uz:1105 TIME_W
AIT
TCP it:ldap it.trb.uz:1255 TIME_W
AIT
TCP it:ldap it.trb.uz:1256 TIME_W
AIT
TCP it:ldap it.trb.uz:1257 ESTABL
ISHED
TCP it:ldap it.trb.uz:1258 TIME_W
AIT
TCP it:ldap it.trb.uz:4707 ESTABL
ISHED
TCP it:ldap it.trb.uz:4992 TIME_W
AIT
TCP it:ldap it.trb.uz:4993 TIME_W
AIT
TCP it:ldap it.trb.uz:4995 TIME_W
AIT
TCP it:1025 it.trb.uz:1103 ESTABL
ISHED
TCP it:1025 it.trb.uz:1104 ESTABL
ISHED
TCP it:1025 it.trb.uz:1227 ESTABL
ISHED
TCP it:1025 TEST:1040 ESTABL
ISHED
TCP it:1094 it.trb.uz:epmap TIME_W
AIT
TCP it:1095 it.trb.uz:1025 TIME_W
AIT
TCP it:1096 it.trb.uz:1025 TIME_W
AIT
TCP it:1097 it.trb.uz:netbios-ssn TIME_W
AIT
TCP it:1101 it.trb.uz:ldap ESTABL
ISHED
TCP it:1103 it.trb.uz:1025 ESTABL
ISHED
TCP it:1104 it.trb.uz:1025 ESTABL
ISHED
TCP it:1106 it.trb.uz:epmap TIME_W
AIT
TCP it:1107 it.trb.uz:1025 TIME_W
AIT
TCP it:1108 it.trb.uz:1025 TIME_W
AIT
TCP it:1112 it.trb.uz:epmap TIME_W
AIT
TCP it:1113 it.trb.uz:1025 TIME_W
AIT
TCP it:1227 it.trb.uz:1025 ESTABL
ISHED
TCP it:1250 it.trb.uz:epmap TIME_W
AIT
TCP it:1251 it.trb.uz:1025 TIME_W
AIT
TCP it:1252 it.trb.uz:1025 TIME_W
AIT
TCP it:1253 it.trb.uz:netbios-ssn TIME_W
AIT
TCP it:1257 it.trb.uz:ldap ESTABL
ISHED
TCP it:1259 it.trb.uz:epmap TIME_W
AIT
TCP it:1260 it.trb.uz:1025 TIME_W
AIT
TCP it:1261 it.trb.uz:1025 TIME_W
AIT
TCP it:4707 it.trb.uz:ldap ESTABL
ISHED
TCP it:4924 it.trb.uz:epmap TIME_W
AIT
TCP it:4925 it.trb.uz:1025 TIME_W
AIT
TCP it:4987 it.trb.uz:epmap TIME_W
AIT
TCP it:4988 it.trb.uz:1025 TIME_W
AIT
TCP it:4989 it.trb.uz:1025 TIME_W
AIT
TCP it:4990 it.trb.uz:netbios-ssn TIME_W
AIT
TCP it:4996 it.trb.uz:epmap TIME_W
AIT
TCP it:4997 it.trb.uz:1025 TIME_W
AIT
TCP it:4998 it.trb.uz:1025 TIME_W
AIT
TCP it:5001 it.trb.uz:37037 LISTEN
ING
UDP it:epmap *:*
UDP it:microsoft-ds *:*
UDP it:isakmp *:*
UDP it:1030 *:*
UDP it:1031 *:*
UDP it:1035 *:*
UDP it:1038 *:*
UDP it:1041 *:*
UDP it:1042 *:*
UDP it:1044 *:*
UDP it:1046 *:*
UDP it:1049 *:*
UDP it:1051 *:*
UDP it:1084 *:*
UDP it:1115 *:*
UDP it:1124 *:*
UDP it:1254 *:*
UDP it:1667 *:*
UDP it:2541 *:*
UDP it:2967 *:*
UDP it:4500 *:*
UDP it:38293 *:*
UDP it:domain *:*
UDP it:ntp *:*
UDP it:1037 *:*
UDP it:domain *:*
UDP it:bootps *:*
UDP it:bootpc *:*
UDP it:kerberos *:*
UDP it:ntp *:*
UDP it:netbios-ns *:*
UDP it:netbios-dgm *:*
UDP it:389 *:*
UDP it:kpasswd *:*
UDP it:2535 *:*

IP Statistics

Packets Received = 272а128
Received Header Errors = 0
Received Address Errors = 2а785
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 269а948
Output Requests = 186а099
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 2
Reassembly Successful = 1
Reassembly Failures = 0
Datagrams successfully fragmented = 1
Datagrams failing fragmentation = 0
Fragments Created = 2
Forwarding = 2
Default TTL = 128
Reassembly timeout = 60

TCP Statistics

Active Opens = 1а408
Passive Opens = 1а916
Failed Connection Attempts = 24
Reset Connections = 86
Current Connections = 23
Received Segments = 172а692
Segment Sent = 165а378
Segment Retransmitted = 79
Retransmission Timeout Algorithm = vanj
Minimum Retransmission Timeout = 300
Maximum Retransmission Timeout = 120а000
Maximum Number of Connections = -1


UDP Statistics

Datagrams Received = 93а181
No Ports = 3а056
Receive Errors = 0
Datagrams Sent = 18а399


ICMP Statistics

Received Sent
Messages 2а579 2а579
Errors 0 0
Destination Unreachable 610 610
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenchs 0 0
Redirects 3 3
Echos 1а019 1а019
Echo Replies 947 947
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0


Bindings test. . . . . . . . . . . : Passed
Component Name : NDIS Usermode I/O Protocol
Bind Name: Ndisuio
Binding Paths:
Owner of the binding path : NDIS Usermode I/O Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: NDIS Usermode I/O Protocol
Lower Component: BCM5703 Gigabit Ethernet


Component Name : Point to Point Protocol Over Ethernet
Bind Name: RasPppoe
Binding Paths:
Owner of the binding path : Point to Point Protocol Over Ethernet
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Point to Point Protocol Over Ethernet
Lower Component: BCM5703 Gigabit Ethernet


Component Name : Point to Point Tunneling Protocol
Bind Name: mspptp
Binding Paths:

Component Name : Layer 2 Tunneling Protocol
Bind Name: msl2tp
Binding Paths:

Component Name : Remote Access NDIS WAN Driver
Bind Name: NdisWan
Binding Paths:
Owner of the binding path : Remote Access NDIS WAN Driver
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiscowan
Upper Component: Remote Access NDIS WAN Driver
Lower Component: Direct Parallel

Owner of the binding path : Remote Access NDIS WAN Driver
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswan
Upper Component: Remote Access NDIS WAN Driver
Lower Component: WAN Miniport (PPPOE)

Owner of the binding path : Remote Access NDIS WAN Driver
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswan
Upper Component: Remote Access NDIS WAN Driver
Lower Component: WAN Miniport (PPTP)

Owner of the binding path : Remote Access NDIS WAN Driver
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiscowan
Upper Component: Remote Access NDIS WAN Driver
Lower Component: WAN Miniport (L2TP)

Owner of the binding path : Remote Access NDIS WAN Driver
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanasync
Upper Component: Remote Access NDIS WAN Driver
Lower Component: RAS Async Adapter


Component Name : Message-oriented TCP/IP Protocol (SMB session)
Bind Name: NetbiosSmb
Binding Paths:

Component Name : WINS Client(TCP/IP) Protocol
Bind Name: NetBT
Binding Paths:
Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: BCM5703 Gigabit Ethernet

Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)


Component Name : Internet Protocol (TCP/IP)
Bind Name: Tcpip
Binding Paths:
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: BCM5703 Gigabit Ethernet

Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)


Component Name : Client for Microsoft Networks
Bind Name: LanmanWorkstation
Binding Paths:
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: Client for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)

Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: BCM5703 Gigabit Ethernet

Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)


Component Name : WebClient
Bind Name: WebClient
Binding Paths:

Component Name : DHCP Server
Bind Name: DHCPServer
Binding Paths:

Component Name : Wireless Configuration
Bind Name: wzcsvc
Binding Paths:

Component Name : Network Load Balancing
Bind Name: Wlbs
Binding Paths:
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: BCM5703 Gigabit Ethernet


Component Name : Steelhead
Bind Name: RemoteAccess
Binding Paths:

Component Name : Dial-Up Server
Bind Name: msrassrv
Binding Paths:

Component Name : Remote Access Connection Manager
Bind Name: RasMan
Binding Paths:

Component Name : Dial-Up Client
Bind Name: msrascli
Binding Paths:

Component Name : File and Printer Sharing for Microsoft Networks
Bind Name: LanmanServer
Binding Paths:
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)

Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: BCM5703 Gigabit Ethernet

Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)


Component Name : NetBIOS Interface
Bind Name: NetBIOS
Binding Paths:
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: BCM5703 Gigabit Ethernet

Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)


Component Name : Generic Packet Classifier
Bind Name: Gpc
Binding Paths:

Component Name : Application Layer Gateway
Bind Name: ALG
Binding Paths:

Component Name : WAN Miniport (IP)
Bind Name: NdisWanIp
Binding Paths:

Component Name : Direct Parallel
Bind Name: {8917DB20-FE55-4D4A-A59F-C05B12B8EC23}
Binding Paths:

Component Name : WAN Miniport (PPPOE)
Bind Name: {3BB89DC8-F4A9-4E47-9341-CD309E55C0DE}
Binding Paths:

Component Name : WAN Miniport (PPTP)
Bind Name: {29C5E114-D3BE-4AE4-96D5-94BA46CEC47E}
Binding Paths:

Component Name : WAN Miniport (L2TP)
Bind Name: {8B0B9F7B-46D9-458B-ABA3-72F3B91BF9D6}
Binding Paths:

Component Name : RAS Async Adapter
Bind Name: {825C3C23-A83B-4072-8BDA-38AB93496943}
Binding Paths:

Component Name : BCM5703 Gigabit Ethernet
Bind Name: {C7C4EBFB-728B-4FA8-81DA-F99E86DF3DDA}
Binding Paths:

WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully


два домена:
1. trustbank.com.uz
2. trb.uz
во втором пока пользователей нет, но на него я хочу всех перекинуть. DHCP сервер поднят на втором, поэтому в настройках есть ссылка на старый (trustbank.com.uz)DNS сервер.
при поднятии active directory абсолютно никаких ошибок не было, все чинно-гладко прошло - как всегда до этого делал...

Опиши структуру своей сети, посмотри "Журнал событий" на сервере и рабочей станции на предмет наличия в нём ошибок, выложи их номера и описание.

Вносил в групповые политики изменения после поднятия домена?

Ты, возможно, в противоречии между "дефолтными" политиками, и созданными тобой.
Я бы посоветовал тебе сделать :
Блок наследование на созданное ОЮ. Создать еще группу в ОЮ, включить в нее товего юзверя-тест, и сделать фольтр, что б ы политика работала только на эту дополнительную группу.

xoxmodav
структура сети, была такая:
1. AD+DNS+DHCP win2000 advanced. все на одном железе. работало нормально. сервер грохнулся, и до сих пор работает резервный контроллер домена на обычной раб.станции.
2.привезли новый сервер, но решили поставить 2003enterprise.
создали новый AD, дабы упорядочить учетки и создать с чистого листа. поднял AD - новый лес. DNS - primary zone. пока привязок к старому домену нету.
3. перенес DHCP, со старого на новый. но старый DNS оставил, и соот-но ссылка в опциях DHCP на старый DNS оставил (не забываем - стоит на новом)
4. теперь балуюсь с политиками: создал новую политику, применил ее к домену, вместо политики по умолчанию. проверил, все работает. решил сделать политику для админов отдельно, которая практически ничего не запрещает. создал новую ОУ, создал новую политику и привязал ее к созданной ОУ (для админов). в политики, все стоит разрешено, а не "не определено" прверяю - не работает.
5. думаю ладно, пусть будет пока для пользователей, удаляю ОУ, убираю линк политики.
6. беру комп, загоняю в домен, "gpresult:объект политики не найден" причем когда проверял политики, все работало! вобщем как-то странно, то применяются, то - нет. незнаю даже после чего так происходит. может я че-то меняю....


Ошибки:
1. на сервере одна: DHCP сервер не нашел папку для авторизации сервера.
2.на клиенте
Источник: Userenv
Код ID: 1058
Пользователь: NT AUTHORITY\SYSTEM
Описание: Windows не удалось получить доступ к файлу GPT.INI для объекта групповой политики cn={F881758F-ADBA-4FE7-AD39-EB33E513DA2D},cn=policies,cn=system,DC=trb,DC=uz. Этот файл должен находиться в <\\trb.uz\sysvol\trb.uz\Policies\{F881758F-ADBA-4FE7-AD39-EB33E513DA2D}\gpt.ini>. (Не найден сетевой путь. ). Обработка групповой политики прекращена.

Источник: Userenv
Код ID: 1030
Пользователь: NT AUTHORITY\SYSTEM
Описание: Не удалось запросить данный список объектов групповой политики. Сообщение, описывающее причину, уже было помещено в журнал обработчиком политики.


Igor533
фильтр стоит, противоречий нет. потому что явно указана плитика созданная мною. где посмотреть наследование? в свойствах не наешл

rivera А как ты запретил юзерам снимать птичку использовать Проксик.
Прописать прокси где, я нашел в групповых политиках, а вот сделать недоступным отключение - немогу?
:)

alex2808
конфиг.пользователя - админ.шаблоны - конфиг.винды - интернет эксплорер: disable changing proxy settings

To Rivera!
GPO- такая зараза, что много неявно документированных триков. Например:
1. Если ты делаешь GPO которая отфильтрована, то есть не для "Аудентикейтед юзерс" то она должна быть линкована в точке, под которой все ее обьекты. Иными словами, если ты хочешь, что бы политика работала только на одну группу, то она (политика) должна быть линкована в точку дерева под которой и обьект группы и ВСЕ пользовательские обьекты , которые входят в эту группу.
2. Политики действуют так:
1-я -Локальная на машине
2-я Сайтовая
3-я Доменовая
4-я ОЮшная
если на одном уровне АД есть несколько политик, то они действуют в порядке "снизу в верх" как они видны в окне "GPO properties"

Igor533
немного непонял ответ 1: т.е. если мне надо поставить фильтр по группам, то мне надо группу засунуть в отдельную ОЮ?
если можно, 2примера по данному утверждению: 1. когда все правильно - политика применится 2.когда неправильно - политика неприменится.

2. если на машине по локальной политики стоит "не применять доменную политику" значит все: доменная политика бессильна? при установке, я вообще локальную политику не трогаю, сразу загоняю в домен, может ее конфигурировать надо?

3. где посареть на сайтовую политику?

To Rivera!
1. если ты хочешь фильтровать политику, то она должна входить в дерево выше точки в которой находятся обекты, на которые она будет действовать.
Например у тебя есть под доменом ОЮ-Тест в нем есть ОЮ-Тест1.
В том же ОЮ_Тест есть еще ОЮ-Тест2 в котором, в свою очередь есть Группа-12,
в которую входят юзвери из ОЮ-Тест1 и ОЮ-Тест2 , и ты хочешь, что бы политика действовала на пользователей , которые в Группе-12.
Тогда тебе надо линковать вход политики в дерево в точку ОЮ_Тест а не в ОЮ-Тест2,
если политика не выше обьектов, то она не действует ( за исключением Аудентикайтед Юзерс)
2. Как это ты умудрился в Локал Полиси отменить Доменовую? Что-то новое, поделись,ПЛЗ?
Ты можешь в Актив Директори отменять наследование по ОЮшкам, а вот на локальной тачке--хм, такого, не слышал.
3. Посатреть на нее можмо, если ты САМ создал сайты в своем дереве, да еще САМ сделал политику в какой-то сайт, а если нет - то и посатреть нельзя, так как смотреть неначто

Igor533
насчет запрета доменной - эт я образно выразился, такого пункта нет!

насчет сайта - я думал, что сайты создаются автоматом, когда создается домен.

Из втоего примера насчет политик: если я залинкую политику в ОЮ_Тест, для того что-бы применить к группе Группа-12, которая входит в ОЮ_Тест2, то получится, что политика автоматом применится и ко второй ОЮ_Тест1. вот источник 7 абзац сверху (http://www.oszone.net/4434/)

и еще вопрос: компьютеры надо переносить в ОЮ к пльзователям, что-б например, куда бы пользователь не заходил, не мог использовать диспетчер задач (скажем политика применена только к ОЮ_контейнеру, где пользователи)?

Подскажите пожалуйста что в GPMC означают восклицательный знак в синем кружке напротив организационной единицы и красная галочка напротив Group Policy Results?

http://img88.imageshack.us/img88/9489/gpmcsx7.th.jpg (http://img88.imageshack.us/my.php?image=gpmcsx7.jpg)