+ Post New Thread
Results 1 to 11 of 11
Windows Thread, Logon Scripts And Fully Qualified Domain Names in Technical; We have a number of logon/logoff scripts which were working fine until a number of circumstances combined. I have ironed ...
  1. #1

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Logon Scripts And Fully Qualified Domain Names

    We have a number of logon/logoff scripts which were working fine until a number of circumstances combined. I have ironed out most of the wrinkles [I think] but I am now left with the problem that the logon scripts do not run because they are not addressed in Active Directirory by their Fully Qualified Domain Names.

    In AD/User Configuration/Scripts/Logon we have:

    %LOGONSERVER%\NETLOGON\Scripts\logonaudit.vbe

    We have %LOGONSERVER% because there is more than one server to authenticate logons. I have tried:

    %LOGONSERVER%.domain.local\NETLOGON\Scripts\logona udit.vbe

    in the [desparate] hope that it would work, but it appears that it will not. Is there any way to allow these scripts to run from within Active Directory using Fully Qualified Domain Names [Any Syntax?] I could specify one of the servers only:

    ServerName.domain.local\NETLOGON\Scripts\logonaudi t.vbe

    but I would like to avoid this if at all possible. Any ideas?

    And no I can't go back to not using FQDN as we are now in a Consortium of three schools and our networks are linked. The servers have the same names at the NETBios level. That is why we are required now to use FQDN.

  2. #2
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    46

    Re: Logon Scripts And Fully Qualified Domain Names

    Our Domain is Called Gravesend,

    and within there we have 2 logon servers, but the logon scripts run to either \\Gravesend\netlogon or Gravesend.local\Netlogon

    There is also SYSVOL folder there where we keep our mandatory profiles.

    This folder syncronises over the 2 servers and automatically connects to the server with the least load

    Gaz

  3. #3

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Re: Logon Scripts And Fully Qualified Domain Names

    Thanks for that. I will give it a try. :-)

    Dave.

  4. #4

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Re: Logon Scripts And Fully Qualified Domain Names

    I have now made the changes, but it looks as if [some] of the policy is not being applied. For example I have changed the Connection/Proxy Settings from:

    ISAServerName: Port 8080

    To:

    ISAServerName.Domain.Local: Port 8080

    This [and other AD settings] is not [are not] being set at the client stations. If I can get these settings to stick I think I can resolve a hatfull of problems here. Any ideas?

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Logon Scripts And Fully Qualified Domain Names

    Run DCDiag, Netdiag, GPMC modelling & Results. Also check the event log on the client for errors. If you still can't find a problem, enable user event debugging and check the IE branding logs..

  6. #6

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Re: Logon Scripts And Fully Qualified Domain Names

    Quote Originally Posted by Geoff
    Run DCDiag, Netdiag, GPMC modelling & Results. Also check the event log on the client for errors. If you still can't find a problem, enable user event debugging and check the IE branding logs..
    OK. Will do, but your post leads me to believe that you have the impression that all of the problems are involved with Internet Explorer. In fact the proxy change not being applied is just one example. Others are not adding network printers, running logon/logoff scripts [which is where this post began], enforcing hash rules(?),…

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Logon Scripts And Fully Qualified Domain Names

    The above diagnostic steps apply equally to the other problems.

  8. #8

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Logon Scripts And Fully Qualified Domain Names

    Have you tried using the domain\share path, in the form:

    domain.local\netlogon\script
    ?
    Because this accesses the domain through the sysvol , you don't need the actual server name. It will just connect to any domain controller in the domain.
    Hope this helps

  9. #9
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    908
    Thank Post
    92
    Thanked 118 Times in 95 Posts
    Rep Power
    46

    Re: Logon Scripts And Fully Qualified Domain Names

    Quote Originally Posted by BKGarry
    Our Domain is Called Gravesend,

    and within there we have 2 logon servers, but the logon scripts run to either \\Gravesend\netlogon or Gravesend.local\Netlogon

    There is also SYSVOL folder there where we keep our mandatory profiles.

    This folder syncronises over the 2 servers and automatically connects to the server with the least load

    Gaz

    Have you tried using the domain\share path, in the form:

    domain.local\netlogon\script
    ?
    Because this accesses the domain through the sysvol , you don't need the actual server name. It will just connect to any domain controller in the domain.
    Hope this helps
    I love it when people read the whole post

  10. #10

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Re: Logon Scripts And Fully Qualified Domain Names

    Still having the issues. I have found this entry in the station Events and Errors Message Centre:

    "Windows XP-based systems that use Gigabit Ethernet devices may not be able to join an Active Directory domain, which aborts the Group Policy"

    These stations DO have Gigabit capable network cards [Broadcom] but they are connecting at 100 Mb. Could this still apply?

    I have found this KB article: 938115

    Quoting from the article:

    "RESOLUTION
    To resolve this problem, update the Enterasys switch to run the latest version of the firmware."

    and:

    "WORKAROUND
    To work around this problem, edit the 802.1X settings, and then do not save the changes. "

    I don't know how to try either one of these. Can anyone help?

  11. #11

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Re: Logon Scripts And Fully Qualified Domain Names

    Despite the content of the Events and Errors Message Centre it appears that the KB article referred to earlier relates only to wireless networking [and we are not connecting wirelessly at Gigabit speeds]

    I think I may have found a workaround for the printing problem now though. Here it is:

    Logon as a user for whom printing is a problem on these stations. Allow the spool service to crash. Remain logged on. Logon to another domain enabled station. Right click MyComputer. Select Manage. Select Connect to another computer and pickup the computer where the non-admin user has just logged on. Select Services and applications on the remote computer. Find the spool service and select Start or Restart the service. Logoff the non-admin user restart the computer and logon as the same user. Test printing. Hey presto, it works. Now all I have to do is repeat this very long winded process at another 30 odd machines. Oh joy!

SHARE:
+ Post New Thread

Similar Threads

  1. Mac Logon Scripts
    By atfnet in forum Mac
    Replies: 2
    Last Post: 12th September 2007, 06:23 PM
  2. Careless Domain Names..
    By Gatt in forum Jokes/Interweb Things
    Replies: 16
    Last Post: 10th April 2007, 12:51 PM
  3. What do you use for your logon scripts.
    By Kyle in forum How do you do....it?
    Replies: 17
    Last Post: 13th October 2006, 07:54 AM
  4. God Dam Logon Scripts
    By british-wave in forum How do you do....it?
    Replies: 14
    Last Post: 15th February 2006, 02:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •