Active Directory

Additional Account Info, including on Vista and higher

Posted on Updated on

 

The classic scenario, based on V1

Active Directory Users and Computers (ADUC) is a console to manage “real” Active Directory content, i.e. users, computers and the like. Starting from the Windows Server 2003 version of this console (which can also be run on Windows XP for example) you can “install” an add-on named Additional Account Info to this console, which can be effectively used if your Active Directory (AD) infrastructure runs WS03 or higher. Browse to a user object, double-click it (or right-click it and select Properties) and select the Additional Account Info tab. This tab is only available if you browse to the object, so it doesn’t work when you search for an object and then double-click it (or right-click it and select Properties). The add-on is part of the Account Lockout and Management Tools, which can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=18465. There is only 1 version (“1”, released in 2003), it’s in English and the package is named ALTools.exe (850 KB). The package contains a DLL that implements the add-on: AcctInfo.dll. Read the rest of this entry »

Group policy error (LDAP Bind fails)

Posted on Updated on

On some systems (in my cases Remote Desktop Session Hosts (RDSHs)) the following error appears in the System event log:

Event ID: 1006

Description: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Source: GroupPolicy

Level: Error

User: USER_ACCOUNT

Computer: YOUR_SYSTEM

Logged: DATE_AND_TIME

Task Category: None

Keywords:

OpCode: (1) Read the rest of this entry »

RSoP and gpresult result in an access denied error

Posted on Updated on

If you try to run Resultant Set of Policy (RSoP) or gpresult and receives an access denied error, then don’t panic. If you get results for the user part, this means RSoP and gpresult seem to work correctly and you’re probably not an administrator, what explains why you don’t get machine results. If you don’t get any result though, this has probably nothing to do with permissions and then there is a chance this issue is caused by a DLL that’s not registered correctly (anymore) and/or a badly compiled MOF file (meaning RSoP and gpresult don’t work the way they should). First of all, here is a screenshot of the error in RSoP on a WS03 machine for the latter case (corrupt RSoP/gpresult):


Read the rest of this entry »