NT user accounts created in DRA cannot log in to the NT domain. (NETIQKB53743)

  • 7753743
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.x

symptom
NT user accounts created in DRA cannot log in to the NT domain.

symptom
Error: "The system could not log you on.  Make sure your user name and domain are correct."  when new NT users attempt to log on.

cause
The user accounts were created with an Account Type of Domain local instead of the default Global, or the Account Type was changed to Domain local.

fix
To allow NT users to log in to computers in the NT domain, create NT user accounts using the default Account Type of Global.  If the account was incorrectly created as a Domain Local account, change the Account Type on the Account Tab of the User Properties window to Global.

note

Domain Local user accounts in Windows NT were designed to be used only in certain situations.

When a user account originates on a network not running Windows NT, the account should be created (in NT) as a domain local account.  Domain local user accounts enable users from LAN Manager, IBM LAN Server, or NetWare environments to participate in Windows NT Server domains. Because they are intended to be used only in the domains in which they were originally created, however, domain local user accounts are not allowed to log on locally to any computer in the NT domain.

See http://www.microsoft.com/technet/archive/winntas/maintain/acctgrps.mspx for more information about NT user accounts.



Additional Information

Formerly known as NETIQKB53743