Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
After you add the Windows XP Professional based computer to the domain or workgroup, you should verify that the move is successful. To do so, restart the computer. After you press CTRL+ALT+DEL, the Log On to Windows dialog box appears. Use the arrow to the right of the Log on to text box to review the Log on to list. If you have joined a domain, the list will include the logon domain and any of its trusted domains. Reviewing the list is the first step toward confirming that you have successfully added the computer account to the logon domain.
To test workgroup membership, log on to the local computer by using a valid user name and password. Typically, you can access all local computer resources and view other workgroup computers in My Network Places. A failure to access other workgroup computers might indicate problems with addressing or name resolution or a failure to connect to an intervening computer.
You can test the validity of a user account by logging on to the trusted or logon domain. If you can log on by using the logon credentials at the domain controller, you ve been granted access to a user account at the selected domain. If a message indicates that you ve connected by using credentials stored in the cache, that means that the domain controller could not be contacted during the account authentication process. It is important to verify that the physical connection (network adapter and cables) and logical connection (transport protocol configuration) permit access to the domain controller.
You can use Nltest.exe, a command-line tool included with Windows Support Tools on the Windows XP Professional operating system CD, to test the logical connection between a Windows XP Professional based computer and a domain controller. By using Nltest.exe, you can determine if a domain controller can authenticate a user account. Nltest.exe also establishes which domain controller performs the authentication and provides a list of trusted domains. For more information about Nltest.exe, click Tools in Windows XP Professional Help and Support Center, and then click Windows Support Tools.
The logical connection between the Windows XP Professional based computer and the domain controller is known as a secure channel. A secure channel acts to authenticate computer accounts on computers running Windows XP Professional, Windows Server 2003, Windows 2000, and Windows NT. A secure channel also authenticates user accounts when a remote user connects to a network resource. The user account exists in a trusted domain. This process is called pass-through authentication. A secure channel must exist for account authentication to be performed. Nltest.exe can test secure channels and reset them at the discretion of the user.
The following examples show a Windows XP Professional computer, Client1, that is a member of the Windows NT 4.0 domain Main_dom. The account User1, in this instance, has been created within the domain.
To identify the domain controllers in the Main_dom domain, at the command prompt, type:
nltest /dclist:Main_dom
Your output shows this information:
List of DCs in Domain Main_dom
\\NET1 (PDC)
The command completed successfully
To determine if the domain controller Net1 can authenticate the user account User1, at the command prompt, type:
nltest /whowill:Main_dom User1
Your output shows this information:
[20:58:55] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC939)
[20:58:55] Response 0: S:\\NET1 D:Main_dom A:User1 (Act found)
The command completed successfully
In this example, S: indicates the domain controller that authenticates the account, D: indicates the domain of which the account is a member, and A: indicates the account name.
To determine if the workstation Client1 has a secure connection with a domain controller within the Main_Dom domain, enter:
nltest /server:Client1 /sc_query:Main_Dom
Your output shows this information:
Flags: 0
Connection Status = 0 0x0 NERR_Success
Trusted DC Name \\NET1
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
When computer and user account authentication is completed, make sure all logon scripts perform as expected. Make sure that network shares, batch files, and tools are configured as indicated by the logon script.