What problem are you having?
Cause: When a user is manually moved to a new parent container without having their group membership updated to reflect the change, Active Directory's security model is broken. Although the user will be able to access directory objects underneath the new container, the user will lose access to all other containers in the directory, even if the user has been granted permissions on the containers. This behavior is deliberate and consistent with Active Directory's authentication procedures. Solution: If the user is manually moved to a new container, the user's parent object changes. The user's group membership is not automatically updated to reflect its new location in the directory, however: the user retains the previous parent object. In this case, when Active Directory checks to determine whether the user has access permissions to its parent object, it will fail because the user object is no longer a member of its parent object. In Active Directory, a user is also an object that exists within the directory's security framework. Each user object has permissions associated with it that determine its level of access to other objects within the directory. When a user logs on to Delegated Administration Console, Active Directory verifies that the user object has permissions to its parent organization. It then determines whether the user has permissions to access its parent object. If the user has access permissions, Active Directory continues its permissions verification to determine the user's explicit permissions. If the user does not have access permissions to its parent object, Active Directory cannot determine any information about the user object. Consequently, Active Directory cannot verify the user's permissions and the user will be unable to log on to Delegated Administration Console. |
Debugging information is not available Cause: The debug function is not enabled by default. Solution: You must turn on debugging through Delegated Administration Console.
When debug is turned on, Delegated Administration Console will create XML files that track all requests and responses and place those files in the specified debug folder. Notes
|
I cannot provision File Transfer Protocol (FTP) sites Cause: This can occur if the FTP service was not installed and running on the Internet Information Services (IIS) server prior to registering its resources with Resource Manager. It is not possible to add additional services to an IIS server, such as FTP, after its resources have been registered. Solution: Restore the version of the IIS metabase that was backed up prior to attempting to add the FTP service. You will still be unable to install the FTP service or provision FTP sites on the server. For more information about restoring the IIS metabase, see article Q302573, "HOW TO: Backup and Restore IIS" in the Microsoft Knowledge Base. |
MPF audit database information is not available to users other than domain administrators Cause: By default, only domain administrators have access to the MPF audit database. Solution: You must grant read-access permissions to the group to whom you want to grant access to the MPF audit database:
|