Accessing domain controller from local user account.

[Pants]

I'm just messing with my SBS 2008 lab set-up.

I tried navigating to the domain controller through the master browser using a local user account, and when I type the domain administrator credentials I get "access denied". Is it not possible to access a domain account from a local user account?

 

[CompConfig]

You must use the credentials that are on the server.
Server, user name@server domain name.suffix. followed by the password.

 

[CarrobesIT]

Generally for SBS, the form is domain\username.

RobC.

 

[nlinecomputers]

Also administrator is usually setup by default to NOT allow access to shares. You need to create a regular user.

 

[YeOldeStonecat]

I'm not clear in what you're trying to accomplish.

When you say "trying to access through the master browser"...what exactly do you mean by that? Are you sitting at a workstation, logged in with a local user account on that workstation, and are you drilling through network places? Or doing the start....open/run...\\servername? (unc path).

If so...you'll get a challenge for authentication, simply enter domain\administrator, and the password. Such as...if you created an active directory named "pants.local"...just type in pants\administrator and whatever the admin password is.

Or if the domain also has an abbreviated netbios name, such as PTS (short name for pants.local)...type in pts\administrator

You can access full drives via hidden admin shares...if your server is named "pantlegs"....you can browse the C drive or E drive by typing in
\\pantlegs\c$ or \\pantlegs\e$
Stuff like this makes getting stuff easy when whipping around setting up workstations.

There is no local user on domain controllers, only member servers.
And once you take a workstation and join it to a domain, there is no more reason to log into that workstation as a local user, unless you've removed it from the domain...or your going back to the old local file to find something you missed in copying over profile settings.

 

[Pants]

Sorry. It doesn't say "access denied". It says Logon failure: unknown user name or bad password

But I can see what I was doing wrong now. For the domain administrator logon name I've got a first and last name that must be typed in as the logon name, but I guess it requires typing the first/last name back to back, like: FirstnameLastname

The logon name for the domain admin is set up with a space between the first and last name so I got confused.

@stonecat. I'm on a laptop (Windows 7 Pro) that is joined to the domain, but have logged into the local administrator account on the laptop. On the laptop I go to Network Places where you can see networked devices discovered by the laptop.

I was just setting up some shares for the domain users. Then, I can't remember why exactly, but I just logged into the local account on the laptop and tried access the domain controller via Network places. I'm just jumping around to different accounts seeing what can be done and what is visible after network shares are made available.

Gonna play with sharing a bit more, and I will have gotten the basics down for: User/Computer accounts, DNS, DHCP, Group Policy, security groups, file server, permissions, and roaming profiles and folder redirection....ie All the domain controller basics. As I said, I got into this stuff a while back in my lab, so I'm just reviewing before I finally jump into Exchange and start chipping away at that monster. I keep remembering what you said. As I navigate through the settings of all these things there is just so much, that the only practical way to get good, is by letting your real experience "grow". By the end of the year (if not sooner) I'll be confident in troubleshooting some relatively simple domain/Exchange structures in real environments. Not sure about the IIS Web stuff, but if I get into any of that stuff it'll probably be next year. Got a lot on my plate as it is, especially still trying to get a feel for communicating with customers.

 

[YeOldeStonecat]

Join laptop to domain. Learn how to log in with domain account...and how those steps differ from logging in with a local user account.

 

[nlinecomputers]

No it is not a first name last name.

Every user on an AD will have a user name. You also have setup for human convenience the First and Last name in the AD.

example. On my domain, which is named nlineSBS the user is nathanw because my name is Nathan Williams

So if I am not logging in to my workstation using AD but need to attach via a mapped drive I have to login as

nlineSBS\nathanw

when I map drive letter.


Have you setup a user other than admin on the server?

 

[nlinecomputers]

Join laptop to domain. Learn how to log in with domain account...and how those steps differ from logging in with a local user account.

This.

What you are doing Pants is not the proper way if you want a true AD server. You are setting up an AD server and then using workgroup methods to attach to it. What is the point? Other than learning a bad pizza tech method of networking. The exception being when you need to temporarily attach to an AD share from a computer you don't want connected all the time. LIke a clients PC that you need to move files to.

 

[YeOldeStonecat]

Pants...I'll write up a bit tomorrow...or Monday, if you want to do some remote session or something.
Heading into Rhode Island for the evening with my wifey.
Tomorrow is semi short on time if her and I go to a "blessing of the bikes" in New London CT. My Shovel is taken apart...got much restoration going on, gotta decide if I want to take her on HER bike...a Sportster. And deal with the razzin' from my buds that I'm riding a girls Harley..LOL. (even though the wifes Sporty is pretty beefed up).

 

[Pants]

I don't think anybody understands what I'm doing.

Yes I have set up more than just the default admin account on the domain controller. Aside from the Admin account, I have set up 4 user accounts on the domain controller. And they can all log in to the domain just fine.

The laptop is already joined to the domain. BUT, I logged onto the laptop using the local (laptop) administrator account...ie ComputerName\username. I then looked in Network Places and saw the domain controller...ie "TestBusinserver"....double clicked on it, and I got prompted for a username/password. I then typed the domain controller's admin user name which I happened to name "Jack Ripper" and I included the space. (On the domain controller, the Admin's profile under "properties" lists the logon name as Jack Ripper (BOTH first name and last name with the space included). When I double click on the Testbusinserver I was typing the logon name as it's listed in the Admin's properties profile, but it wouldn't accept the name as is. I had to type it without the space and it let me in.

Why I logged into the local admin account on the laptop was just for experimental purposes. I am aware that the domain controller is for domain user accounts.

 

[Pants]

What The exception being when you need to temporarily attach to an AD share from a computer you don't want connected all the time. LIke a clients PC that you need to move files to.

Good point here.

So it looks like my experimental curiosity was not a waste of time.

 

[nlinecomputers]

I don't think anybody understands what I'm doing.

Yes I have set up more than just the default admin account on the domain controller. Aside from the Admin account, I have set up 4 user accounts on the domain controller. And they can all log in to the domain just fine.

The laptop is already joined to the domain. BUT, I logged onto the laptop using the local (laptop) administrator account...ie ComputerName\username. I then looked in Network Places and saw the domain controller...ie "TestBusinserver"....double clicked on it, and I got prompted for a username/password. I then typed the domain controller's admin user name which I happened to name "Jack Ripper" and I included the space. (On the domain controller, the Admin's profile under "properties" lists the logon name as Jack Ripper (BOTH first name and last name with the space included). When I double click on the Testbusinserver I was typing the logon name as it's listed in the Admin's properties profile, but it wouldn't accept the name as is. I had to type it without the space and it let me in.

Why I logged into the local admin account on the laptop was just for experimental purposes. I am aware that the domain controller is for domain user accounts.

Unless you really have changed the administrator name on the server it is NOT Jack Ripper. It is administrator. You can't have a space in a login name.

Based on what you have said your proper login would be domainname\administrator. Note that your domain name is not the same as the server name.

If you have setup this laptop as a member of the domain then when you use it in your local mode you should login to the share the same way as you login when you are using it as a domain workstation.

DomainName\username

Password

 

[Pants]

I must have changed the name to Jack Ripper when I installed SBS. Authenticating to the share as "Administrator" doesn't work. AD Users and Computers lists the Jack Ripper account description as "administering this server and sharing, bla bla bla". There is no "Administrator" user account listed in AD Users and Computers.

Thanks for clarifying that.

 

[nlinecomputers]

Then what does it list as the user name. You can't have a space in a username. Don't confuse the username with the Display Name. Display name is just a description it has nothing to do with your login.

 

[Pants]

Oops. OK, I think I need glasses or I need to be sitting closer to the screen. Yes the display name is Jack Ripper. Under username/properties on the Account tab it lists "JackRipper" as the user name, with no space. No wonder wasn't getting it right. Thanks!