Domain – Windows Server 2008 R2 hangs when Editing folder permissions

active-directorydomainpermissionswindows-server-2008-r2

Background:

  • The server in question is a member of a domain.
  • This is a brand new server, freshly installed.
  • I can log into this server using any domain user (which tells me that on some level it is accessing the DC and Active Directory).
  • There are no local users (other than Administrator) on this server.
  • NET USERS /domain returns all the users in the Active Directory.
  • UAC is off (for now since I wasn't sure if this was the root of the problem).
  • The following problem occurs whether I am logged in as the Local admin OR as the domain admin.

Problem:

All I want to do is change the permissions of a folder (and all sub items) to include one of my domain groups (the same problem occurs even if I just try to include a single user, or apply the permissions to a single file).

We have another server connected to the DC which is working perfectly. Changing file / folder permissions is generally a very simple task:

  1. Right Click Folder (or file), and select Properties.
  2. Under Security tab click Edit to change permissions.
  3. Click Add to add the user or group.

And this is where my problem starts. The "From this location" field correctly displays my domain.

However, no matter what I type into the "enter object names to select" field, after clicking OK or Check Names a "Selection Progress" dialog box pops up with the content: "Objects Found: 0" and a Stop button. There is an icon indicating that the system is searching for more objects, but I can leave it for hours and it will not find anything. If I click Stop, nothing happens. Eventually, I have to force close.

Likewise, if I decide to click Locations the system will hang, and the "Select Users, Computers, Service Accounts, or Groups" dialog becomes unresponsive. The worst part is that out of the many times I have clicked on locations, one of them finally brought up the location dialog after around 30 minutes (so it's working on some level, but it's unbelievably slow). Of course, I clicked the little plus symbol next to the domain and it hung there indefinitely.

I am really at a loss here. This behavior seems related to Active Directory and my domain controller, but it doesn't make much sense since I can log in as domain user and validate within seconds.

Best Answer

Try clicking the "Locations..." button and selecting "Entire Directory". If it starts working, then you have an LDAP issue. Selecting "Entire Directory" forces the Select dialog to use a GC port to execute the query. Selecting a specific domain will cause it to use an LDAP port.

Related Topic