xoxmodav
1. структура сети:
2 домена в одной физической сети. настроены доверительные отношения - отношения работают.
DNS и DHCP сервер на оба домена в новом домене.
2. я потихоньку перегоняю из старого (win2k advanced) в новый (win2k3 enterprise) домен компы.
3. в новом домене создал 2 дополнительных OU: 1. users-users 2. users-comps
для первой своя политика, для второй своя. в перовом объекте "computer configuration disabled", во втором "user configuration disabled"
в первый контейнер я создаю пользователей, во второй - компы пользователей.
(для админов и серверов имеется свои OU)
4. в политике разрешено использовать драйвера принтеров использующие режим ядра, но принтера которвые висят на 2k3 enterprise, а именно xerox docuprint n24 (древний такой, у которого последние дрова под nt4.0) и Xerox Phaser 3150 PCL 6 не устанавливаются выдавая ошибки: "На данном компьютере существует политика, препятствующая поключения к этой очереди печати. обратитесь к админу.
"
5. ipconfig -all клиента
Код:
Настройка протокола IP для Windows
Имя компьютера . . . . . . . . . : oper07
Основной DNS-суффикс . . . . . . : trb.uz
Тип узла. . . . . . . . . . . . . : неизвестный
IP-маршрутизация включена . . . . : нет
WINS-прокси включен . . . . . . . : нет
Порядок просмотра суффиксов DNS . : trb.uz
Подключение по локальной сети - Ethernet адаптер:
DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp
Физический адрес. . . . . . . . . : 00-40-CA-8E-2B-6F
Dhcp включен. . . . . . . . . . . : да
Автонастройка включена . . . . . : да
IP-адрес . . . . . . . . . . . . : 192.168.0.122
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . : 192.168.0.22
DHCP-сервер . . . . . . . . . . . : 192.168.0.14
DNS-серверы . . . . . . . . . . . : 192.168.0.14
192.168.0.65
Аренда получена . . . . . . . . . : 28 февраля 2007 г. 12:36:40
Аренда истекает . . . . . . . . . : 7 марта 2007 г. 12:36:40
ipconfig -all сервера
Код:
Настройка протокола IP для Windows
Имя компьютера . . . . . . . . . : it
Основной DNS-суффикс . . . . . . : trb.uz
Тип узла. . . . . . . . . . . . . : неизвестный
IP-маршрутизация включена . . . . : нет
WINS-прокси включен . . . . . . . : нет
Порядок просмотра суффиксов DNS . : trb.uz
Local Area Connection - Ethernet адаптер:
DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : BCM5703 Gigabit Ethernet
Физический адрес. . . . . . . . . : 00-0B-CD-CF-A6-0A
DHCP включен. . . . . . . . . . . : нет
IP-адрес . . . . . . . . . . . . : 192.168.0.14
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . : 192.168.0.22
DNS-серверы . . . . . . . . . . . : 192.168.0.14
192.168.0.65
dcdiag /v сервера
Код:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine it, is a DC.
* Connecting to directory service on server it.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\IT
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... IT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\IT
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... IT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=trb,DC=uz
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=trb,DC=uz
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=trb,DC=uz
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=trb,DC=uz
(Configuration,Version 2)
* Security Permissions Check for
DC=trb,DC=uz
(Domain,Version 2)
......................... IT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... IT passed test NetLogons
Starting test: Advertising
The DC IT is advertising itself as a DC and having a DS.
The DC IT is advertising as an LDAP server
The DC IT is advertising as having a writeable directory
The DC IT is advertising as a Key Distribution Center
The DC IT is advertising as a time server
The DS IT is advertising as a GC.
......................... IT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Domain Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role PDC Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Rid Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
Role Infrastructure Update Owner = CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
......................... IT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1603 to 1073741823
* it.trb.uz is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1167
......................... IT passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/it.trb.uz/trb.uz
* SPN found :LDAP/it.trb.uz
* SPN found :LDAP/IT
* SPN found :LDAP/it.trb.uz/TRB
* SPN found :LDAP/19c5421b-b908-43f0-a9fe-d993e6a002d7._msdcs.trb.uz
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/19c5421b-b908-43f0-a9fe-d993e6a002d7/trb.uz
* SPN found :HOST/it.trb.uz/trb.uz
* SPN found :HOST/it.trb.uz
* SPN found :HOST/IT
* SPN found :HOST/it.trb.uz/TRB
* SPN found :GC/it.trb.uz/trb.uz
......................... IT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... IT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
IT is in domain DC=trb,DC=uz
Checking for CN=IT,OU=Domain Controllers,DC=trb,DC=uz in domain DC=trb,DC=uz on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz in domain CN=Configuration,DC=trb,DC=uz on 1 servers
Object is up-to-date on all servers.
......................... IT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... IT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... IT passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... IT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... IT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=IT,OU=Domain Controllers,DC=trb,DC=uz and backlink on
CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
are correct.
The system object reference (frsComputerReferenceBL)
CN=IT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=trb,DC=uz
and backlink on CN=IT,OU=Domain Controllers,DC=trb,DC=uz are correct.
The system object reference (serverReferenceBL)
CN=IT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=trb,DC=uz
and backlink on
CN=NTDS Settings,CN=IT,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=trb,DC=uz
are correct.
......................... IT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : trb
Starting test: CrossRefValidation
......................... trb passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... trb passed test CheckSDRefDom
Running enterprise tests on : trb.uz
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... trb.uz passed test Intersite
Starting test: FsmoCheck
GC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
PDC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
Time Server Name: \\it.trb.uz
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\it.trb.uz
Locator Flags: 0xe00003fd
KDC Name: \\it.trb.uz
Locator Flags: 0xe00003fd
......................... trb.uz passed test FsmoCheck
