I have a Widows 2k3 Standard (x32, SP2) terminal server that is having some issues when it comes to adding IDs to any ACL (share, NTFS, group, policy, etc...). Any ID I try to add to the ACL is not found (yes, they do exist). When you go into Component Services and click on Active Directory Users and Computers you get greeted with the pop up: Active Directory Data from MYDOMAIN.NET is not available from the domain controller domainserver.net because: An invalid directory pathname was passed Try again later, or choose another domain controller by selecting Connect to Domain Controller on the Domain context menu. If you click Ok and try to do a search, you immediately get error: Find in the Directory The Directory Service is currently unavailable If I try to access any of the other DCs or other domains I get the same error. This is a 5k+ windows server environment, so the DCs are fine. This is the only server I am aware of that is having the issue. I currently see no issues in the logs. I have tried removing the server from the domain and removing the account. Readding it had no impact. There's really no GPOs to speak of on this box. - NSLookup responds normally - Windows Firewall is off - portqry of the DC on 389 and 3268 responds with no issues - nltests were all successful -dcdiag didn't show much. Only oddities were: Starting test: Services RPCLOCATOR Service is stopped on [MYDCServer] TrkWks Service is stopped on [MYDCServer] TrkSvr Service is stopped on [MYDCServer] Though I checked the other 5 DCs in this domain and they are all set the same. There are 2k+ servers in this domain and as far as I know this is the only one having this unique issue. As a workaround I am able to remotely manage the shares/groups and add IDs with no issue, just not from the box itself. Any thoughts/suggestions?

Hi, Please clarify whether you can remotely manage on the same 2003 terminal server. First, please check whether the following support article helps. "An invalid directory pathname was passed" error message when you use Active Directory Users and Computers to view user properties in Windows Server 2003 http://support.microsoft.com/kb/842632 As the article mentioned that the error can occur if the user is a member of a group that has a forward slash character (/) in the group name, please check it on your side. You can rename the group on DC and then test the results. If the article is not for your current situation, please provide us more detailed information. For further troubleshooting, please help gather the following files from both one DC and terminal server for troubleshooting. MPSReport ------------------- Please generate a MPS Directory Service report on the computer that is reporting the error. The MPS report is utilized to gather detailed information regarding a system's current configuration. The data collected will assist me with problem isolation. To do this: a. Download Microsoft Product Support Reports tool from the following link, according to your system architecture. http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en b. Right click on downloaded mpsreports_x86.exe or mpsreports_x64.exe, and choose Run as Administrator. c. Agree the License Agreement, and choose This Computer. d. Select General, Internet and Networking, Business Networks, Server Components, and click Next. e. After finishing collecting logs, please choose Save the result to save it to a .CAB file, and send the CAB file to the workspace. Note: Sometimes the CAB file may fail to be generated on your machine. This is usually caused by the interference from some third-party application such as certain antivirus program. If it still cannot be generated after another attempt, then please manually zip all the output files in the following folder and send the .zip file to the workspace. "%systemroot%\MPSReports\DirSvc\Logs Upload these file to the following workspace. ------------------------------------------------------------ You can upload the information files to the following link. (Please choose "Send Files to Microsoft") Workspace URL: (https://sftus.one.microsoft.com/choosetransfer.aspx?key=5b7131e6-d930-422c-9def-e589756a6702) Password: iUDw@KHcE2zz- Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding. Thanks. NinaThis posting is provided "AS IS" with no warranties, and confers no rights.

Sorry for the delay, I got wrapped up in other business an just had time to get back to this issue. The article you listed is not relevent. That is for 2k3 systems with SP1. The patch will not install on servers with SP2. Not sure how much more detailed I can get without being redundant..... If you try to add a user to any ACL, whether it be Share, NTFS, Group, etc... from the server in question, it tells you it cannot find the user/group. The message displayed is: Name not Found An object named "Domain\User" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection. Now, I know the object exists. i can looking it up from my PC and other servers and I can even add it to the server in question through remote management. If I click on Location on that screen, under Entire direcoty, none of the domains have pictures next to them (found that odd). If You go into Component Services and click on Active Directory Users and Computers and click on the Domain Name, you get the pop up: Active Directory Data from MYDOMAIN.NET is not available from the domain controller domainserver.net because: An invalid directory pathname was passed Try again later, or choose another domain controller by selecting Connect to Domain Controller on the Domain context menu. The domain icon then turns into a folder with a yellow ! on it. Another oddity I have found when looking over this compared to other servers is in the right panel under the Type column, next to the Domain name is 'domainDNS' instead of just 'Domain'. The description does populate properly. Not sure if that is relevant. I can change to any DC in the environment and all have the same result. From there if I right click the domain and go to find I get Find in the Directory The Directory Service is currently unavailable. As I said before, there are a few thousand servers connected to this domain. This is the only server that appears to be having this issue. All IDs currently in the ACLs on this server show up normally (no SIDs). From the problem server, I can remote manage to other servers, connection is fine. I have MPS reports from this box that i can upload. I cannot get them from the DC as those are handled by a different group and I do not have the required access. Though there are 5 DCs for this domain and all other servers on the domain (that i am aware of) are not having this specific issue. The problem seems to be with this server.

MPS reports have been uploaded to the address above.