Options

Trying doing GPO / Join Computer to domain

TontonsamTontonsam Member Posts: 90 ■■□□□□□□□□
in Server 70-290
Hi, I have two problems.
1. In VM, I create an AD and create an OU named IT in AD users and computers. When I try to create an user in the IT OU, the password "password" cannot take place as it does not meet password complexity. So, I said in myself maybe it is possible to make this policy available for other users but not for this user in IT OU. So, I right click in the OU/ properties, create a new GPO, edit and change disable the password complexity. But whenever I try to recreate the user, the same message "password complexity requirements" appears even if I block inheritance in the GPO in the OU. I try many things without success. I know if I do it in the Default Domain GPO, it will work but for all users. What can I do if I want that all others users password complexity apply but for this OU it will not apply?

2. The computer I will join to the domain for this users, I want it will appear in the IT OU. So I create the computer in the OU. But there's a section if you want to check "This is a managed computer" and to provide GUID. It says you'll find it in the BIOS but I don't see it in the Bios. Can you explain where i ll find it?
MCP 70-270 / 70-290
· Share on FacebookShare on Twitter

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    1. AD password policies are set at the domain level, and can only be set at the domain level (this is changed in 200icon_cool.gif. Any password policy you apply at other levels only applies to local accounts on those machines.

    2. The GUID is generated by Windows so it won't be in the BIOS. Where are seeing that you need to get something out of the BIOS?

    edit: Nevermind, I see the box you're referring to. I'm not sure why it's referring you to the BIOS though. Maybe there are some that generate it for you. I've never seen it in the BIOS before though.

    edit 2: I don't think you need to use a managed computer anyway. It looks like that is used for RIS.
    If you are prestaging the computer account for later installation via RIS, mark the This Is a Managed Computer check box and type in the computer's unique ID (GUID/UUID), referred to as its globally unique identifier or its universally unique identifier. This extra security measure prevents unauthorized RIS client installations because only computers with matching GUIDs are allowed to be installed via RIS when you follow this procedure. You can find the GUID or UUID in the computer's BIOS or by using a third-party software utility

    http://www.informit.com/articles/article.aspx?p=707903&seqNum=2
    · Share on FacebookShare on Twitter
  • Options
    TontonsamTontonsam Member Posts: 90 ■■□□□□□□□□
    Thanks for clarifying for the first question.
    I think that it was for being able to manage a computer in AD. Cause I have a computer that is joined to the domain. When I right click to the computer name in AD and clic manage, it says the network path cannot be found. Can't figure out what is happening. For some other machines, it says that the computer cannot be managed cause the network is unreachable. Do you want to connect anyway. When I choose yes, the computer managment console appears but when I clic on disk management, says RPC server is not available. Can't figure out both situations. I want to be able to verify disk management on other computers, run fragmentation, view devices manager, ect... very useful in network environment.
    MCP 70-270 / 70-290
    · Share on FacebookShare on Twitter
  • Options
    undomielundomiel Member Posts: 2,818
    Just finished working with a very similar situation. Make sure your DNS information for the computer is correct. Make sure RPC is running on the computer. Also make sure the admin share is available. Of course make sure you're able to communicate properly between the computers.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Make sure the XP firewall is turned off.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    TontonsamTontonsam Member Posts: 90 ■■□□□□□□□□
    I try again but it doesn't work. Both firewall are off. The DNS is good cause i can ping the remote computer by its hostname. and the RPC service is started on both PC and server. Some computers give error message "Network path not found", some others give the network is unreachable, do you want to connect. You connect but cannot access to disk managment, device manager or other settings....
    MCP 70-270 / 70-290
    · Share on FacebookShare on Twitter
  • Options
    bjaxxbjaxx Member Posts: 217
    Tontonsam wrote:
    I try again but it doesn't work. Both firewall are off. The DNS is good cause i can ping the remote computer by its hostname. and the RPC service is started on both PC and server. Some computers give error message "Network path not found", some others give the network is unreachable, do you want to connect. You connect but cannot access to disk managment, device manager or other settings....

    From the domain controller if you haven't installed the windows support tools, get them and run a dcdiag

    http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c1033.mspx?mfr=true

    Also a netdiag:
    http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7a-9806-0b54e1c00a771033.mspx?mfr=true

    Let us know the test results from both of these.

    I believe just by looking at it its a dns issue myself.

    From what I know, RPC is usually related to DNS.
    "You have to hate to lose more than you love to win"
    · Share on FacebookShare on Twitter
Sign In or Register to comment.