Archive directory user rights?

Hi all: I recently migrated our GW2014 SP1 server over to new hardware. The migration went smooth and our domain and postoffice seem happy. My users are reporting an 8201 error when starting up their client and I have traced it to a user rights issue with our archive folder on the server. I have given full rights to everyone as a temp measure, but I want to get the proper rights set up. BTW, the archive directory is on an NSS volume.
So, what are the proper user rights to the archive directory? Thanks much, Chris.

Hi Chris,
They need Read, Write, File Scan, Create, Erase, Modify, Delete - all except Access Control and Supervisor.
Hope that helps.
Cheers,

Similar Messages

  • FTPAdapter - logical directory name - file not moved to archive directory

    I created a simple ftp service to read the file from remote inbound directory and archive it to an "archive" directory using logical directories. I supplied the input and archive directories. The process reads the file from the input directory, but doesnt move it to archive directory. In the opmn logs i see the following message
    File Adapter::Outbound> Since file could not be copied to specified archive directory, file : CUST__20081113002951.xml is being copied to a default archive directory :/apps/oracle/product/10.1.3.1/OracleAS_1/j2ee/home/fileftp/defaultArchive/
    I checked the a) directory permission - this is the ftp users home directory , so it has all the bits set rwxrxrx- I even tried rwxrwxrwx, but same issue
    b) there is enough space on the box
    c) I can manually move the files around as the same user.
    Secondly, the files under the default archive directories are being created as root. Not sure why. Our server is running as "oracle" user.
    We are on 10.1.3.4
    any idea how to troubleshoot this ?
    Edited by: user9514124 on Nov 13, 2008 5:27 PM

    Just a thought. You are trying to archive to an FTP user's home directory. I assume that you want to archive remotely (on the source server)? If so you need to specify UseRemoteArchive="true" in the WSDL file for the adapter. If you forget that the adapter archives locallly on the SOA Suite server and perhaps there the directories are indeed missing or have the wrong rights?
    If you are using remote archiving and it doesn't work, have you tried to login with an FTP client and upload a file to the archive folder with FTP (as the FTP adapter user)? That is what the FTP adapter will do.
    If you are using local archiving, check all the parent directories and make sure that they are fine as well as the target directory. Also look into the file ownership issue, the files should not be created as root if everything really runs as oracle! Perhaps someone has accidentally started something as root?
    Good luck!

  • Archive directory on overload

    Hi,
    I've configured a Sender File Adapter.
    It archives messages and adds a timestamp.
    Files are succesfully put on the integration engine and archived.
    However the files are not moved from the input directory, but are only copied
    So the files stay in the input directory. They are not processed again into the integration engine, BUT the archiving doesnt stop. It just keeps archiving the same file again and again.
    Because of the timestamp this means that we have a new file each time.
    This causes an overload on the archive share (file of 2 kb produced 16 gigabyte on archive)
    Is this a setting of the adapter that i have to change or does it mean that the pi-user who does the moving and archiving does not have sufficient rights on the directory?
    Thx
    Robert

    Hi
    In usual case if you give processing mode as Archive the files will be moved from source to Archive directory.
    And also are you getting any error in the Channel?
    But in your case if this is not happening then please check the User ID which you are using in the file channel if it has the access to
    delete the file once its processed.to check this login with that ID  to the FTP and check if you are able to delete.
    If nothing works , i think you can have a batch job to clear the source folder.
    Regards,
    Srinivas

  • How to create "folders" in Active Directory Users and Computers?

    Hello Community
        In Windows Server 2008R2 when you go to Active Directory Users and Computer
    you will see icons of folders such as:
        -  Builtin has a folder icon
        - Computers has a folder icon
        - ForeignSecurityPrinicpals has a folder icon
        - Domain Controller as a folder icon
        - Managed Service Accounts has a folder icon
        - Users has a folder icon
        All of the above folders are visually identical.
        If you right click and select “File” –  “New”
     on any of the selections the icon
    will not look like the folder icon they have their own icons which look different
    from the "Folder" icon.
        I would like to create a “Folder” that looks just visually exactly like the ones
    mentioned above, how can I create those types of Folders in Active Directory User
    and Computers?
        Note: I would like to put users in the folders.
        Thank you
        Shabeaut

    Hi,
    you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
    The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
    Refer: Delegating Administration by Using OU Objects
    http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx   
    and the sub-articles:
    Administration of Default Containers and OUs
    http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
    Delegating Administration of Account and Resource OUs
    http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
    Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Report on Active Directory User Attributes in SCCM 2012

    I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query:
    SELECT v_FullCollectionMembership.ResourceID,
    v_R_User.Windows_NT_Domain0,
    v_R_User.Distinguished_Name0,
    v_R_User.Full_User_Name0,
    v_R_User.Mail0,
    v_R_User.User_Name0
    FROM v_FullCollectionMembership, v_R_User
    WHERE v_FullCollectionMembership.ResourceID = v_R_User.ResourceID
    AND v_FullCollectionMembership.CollectionID = 'SMS00002'
    If possible I need to add:
    Last logon timestamp
    User account status (enabled or disabled)
    I have added "lastLogon" and "lastLogonTimestamp" as additional attributesunder Active Directory User Discovery. This discovery method is enabled and I have run a full discovery about a month ago, and again today. I read in
    another thread that these attributes should appear in the table v_R_User, however they have not. Is v_R_User the right place to look for this or is there another view or table I can query?
    Once I have the above sorted out, how can I find the user account status in SCCM? I have done reports in the past directly from AD and used the 'useraccountcontrol' attribute and I noticed there is a column named 'User_Account_Control0' in v_R_User, however
    the values do not match those found in Active Directory.
    Thanks.

    Have you checked the attribute from the Active Directory in decimal format? Check that and compare it to the value ConfigMgr has stored in its 'User_Account_Control0'...
    User Account Control tells you multiple things of the account, for example does the account have "Smart card login required" -option checked from the account properties.
    The tricky part here is to actually get the report show you what you really want, because "useraccountcontrol" -attribute is a numeric value, you have to calculate what decimal combination means what in readable text.
    More info on the attribute can be found from here
    http://support.microsoft.com/kb/305144 and from there you can also find the values for different settings. For example:
    account is enabled = 512
    account is disabled = 514
    account is enabled with smart card = 262656

  • Extended user rights and 500 users limits on a PDF Form

    Hello,
    I read that there's 500 users limits for using extended user rights on Acrobat Pro 9.
    Here's my situation:
    - I built an application PDF form with extended user rights for Adobe Reader users to save the form. And I'm going to be hosting it on the web for users to download the PDF form to their local hard drive.
    - The form will have a button to submit to a web page with a script for processing FDF, XFDF, XML, or HTP form export.
    My question is:
    1. Would it be violating the 500 users limits if more than 500 users download the form and save the PDF after filling out fields, but not submit the data back to the server?
    2. What would happen if more than 500 responses are received through above method? Would new visitors still be able to save the PDF form for their archive purpose after downloading it from our web site?
    Thanks.

    Can Adobe's licensing department define "extract"?  I know there is a lot of confusion here and I'm trying to understand.
    Here is our scenario:  We have developed an Adobe fillable form which we will be sending to 1000 customers.  Customers can open the form (in Reader v9.5 and greater) and fill out the form, validate it and then print it.  The customers are not sending the PDF files back to us and the PDF data is not being collected so there is no data we can extract from Adobe files (we are not that advanced yet).  Customers will just print the information, then fax or send back to us by U.S. Mail. 
    When we receive the completed information (via fax/mail, not PDF), we read information off our form.  Does Adobe consider reading our information “extracting” with our eyes?  I’m not sure how they can consider that extracting?  I would think Adobe owns the mechanism (aka PDF file) for validating our content, but they wouldn’t own the content on our form if we want to physically read it, right?
    Adobe needs to clarify this more clearly and I’ve ready their interpretation of the Policy, but it doesn’t address this scenario.  http://www.adobe.com/products/eulas/pdfs/Reader_Extension_Policy_A10-5-31-2011.pdf
    George, I don't think you are an Adobe Employee.  I see you are a MVP, but you are not officiall speaking for Adobe are you?
    ---Thanks.

  • File Adapter - Error creating archive directory adapter file

    Hello,
    I've a interfase File to RFC. In sender CC i have Archive Directory.
    It occurs the follow error:
    Error creating archive directory adapter file
    The archive directory exists.
    any idea?
    thanks very much

    Hi Silvia,
    Check whether the user you are using for FTPing is having proper authorizations.
    Also, verify whether you have the archive directory in place.
    Regards,
    Neetesh

  • BPEL Archive directory {0} not found

    Hello,
    I have created deploy.xml,to deploy bpel processes on SOA server which is on unix based machine.
    xml is like
    <?xml version="1.0" encoding="windows-1252" ?>
    - <project default="Install" xmlns:oracle="antlib:oracle" basedir=".">
    <property name="process.dir" value="${basedir}" />
    <property name="package.dir" value="${basedir}/Package" />
    <echo>$(basedir) $(process.dir) $(package.dir)</echo>
    - <!-- Accounts Payable WorkFlow Version
    -->
    <property name="FlowVersion" value="1.0" />
    <property environment="env" />
    - <!-- First override from build.properties in process.dir, if available
    -->
    - <!-- Set bpel.home from developer prompt's environment variable BPEL_HOME
    -->
    - <condition property="bpel.home" value="${env.BPEL_HOME}">
    <available file="${env.BPEL_HOME}/utilities/ant-orabpel.xml" />
    </condition>
    <xmlproperty file="${process.dir}/bpel/bpel.xml" />
    <property name="process.name" value="${BPELSuitcase.BPELProcess(id)}" />
    - <!-- If bpel.home is not yet using env.BPEL_HOME, set it for JDev
    -->
    - <!--      <property name"bpel.home" value="/apps/soa/product/10.1.3.1/OracleAS_1/bpel">
    -->
    <property name="bpel.home" value="C:/product/10.1.3.1/OracleAS_1/bpel" />
    <property name="bpel.home" value="${oracle.home}/integration/bpel" />
    <property file="${bpel.home}/utilities/ant-orabpel.properties" />
    <property name="bpel.home" value="${bpel.home}" />
    - <!-- import custom ant tasks for the BPEL PM
    -->
    <import file="${bpel.home}/utilities/ant-orabpel.xml" />
    - <!-- Use deployment related default properties
    -->
    - <!--
    This Task is Used to Unjar the jar file & replace the Token value,but needs to identify
    required or not. & if required from where it is get called.
    -->
    - <!-- Define the deployer URL
    -->
    <echo>Deployer URI : deployer:oc4j:opmn://${j2ee.hostname}:${opmn.requestport}/${oc4jinstancename}</echo>
    <property name="deployer.url" value="deployer:oc4j:opmn://${j2ee.hostname}:${opmn.requestport}/${oc4jinstancename}" />
    <echo>------------------------------------------------------------------- | ${env.BPEL_HOME} | Deploying to Server deployer:oc4j:opmn://${j2ee.hostname}/${oc4jinstancename} -------------------------------------------------------------------</echo>
    <property name="process" value="process1" />
    - <target name="FixURLLocations">
    <echo>------------------------------------------------------------------- | Updating Web Service Location Information | JAR file to update: ${p.jarfile} | Web Service Location base: http://${http.hostname}:${http.port} -------------------------------------------------------------------</echo>
    <delete dir="${package.dir}/temp" verbose="no" quiet="yes" failonerror="no" />
    <mkdir dir="${package.dir}/temp" />
    <mkdir dir="${package.dir}/Save" />
    <copy file="${p.jarfile}" todir="${package.dir}/Save" />
    <unjar src="${p.jarfile}" dest="${package.dir}/temp" overwrite="yes" />
    <!-- Code to replace some hardcoded values -->
    <delete file="${p.jarfile}" verbose="no" quiet="yes" failonerror="no" />
    <jar destfile="${p.jarfile}" basedir="${package.dir}/temp" update="yes" />
    <delete dir="${package.dir}/temp" verbose="no" quiet="yes" failonerror="no" />
    </target>
    <target name="Test">
    <echo>---------------------------------------------------------------- | Deploying process GWT_SP_L1WipBPELProcess ----------------------------------------------------------------</echo>
    <antcall target="FixURLLocations">
    <param name="p.jarfile" value="${package.dir}/Test.jar" />
    </antcall>
    <deployProcess user="${admin.user}" password="${admin.password}" domain="${domain}" process="${process.name}" rev="${rev}" dir="${package.dir}/output" hostname="${http.hostname}" httpport="${http.port}" verbose="${verbose}" isSSL="${isSSL}" trustStore="${trustStore}" trustPassword="${trustPassword}" />
    </target>
    <target name="Install" depends="bpel, apps_webservice">
    <tstamp />
    <echo>--------------------------------------------------------- | Deployed all process ---------------------------------------------------------</echo>
    </target>
    <target name="apps_webservice" depends="Test">
    <tstamp />
    <echo>--------------------------------------------------------- | Webserivces and application Installation completed directory "{0}" ---------------------------------------------------------</echo>
    </target>
    <target name="bpel" depends="">
    <tstamp />
    <echo>--------------------------------------------------------- | BPEL Process Installation completed ---------------------------------------------------------</echo>
    </target>
    </project>
    but when I try to run this xml using Ant It,unjar file files replaces code ,make jar again and on deploying it gives following error
    BPEL Archive directory {0} not found.
    Could you please tell me why this error is coming and how i can resolve it?

    Hello,
    Could any one help regarding this.
    Please suggest why d<deployprocess> is failing and giving BPEL Archive directory {0} not found.
    Could
    <copy file="${p.jarfile}" todir="C:\product\10.1.3.1\OracleAS_1\bpel\domains\default\deploy" />
    replace <deployprocess>
    Thanks & Regards,
    Jignya

  • Archive directory is full

    Hello Experts,
    I'm very new into SAP.
    Plz tell me how to look that the archive directory is full at the database level and what command to use to bring the system up again as it hanged when the redo logs are not deleted from the system.
    Thanks in advance.

    Hi,
    As suggested by other SDN members, offline redologs needs to be backed-up & then deleted to make space for new logs.
    You can check disk utilization with following command:
    df -g | grep oraarc
    If above command shows that it is more than 90% full, move your archive logs to another folder (e.g. /oracle/<SID>/arc_backup). Since this is faster option to make your system available. Backup on tape takes comparatively longer time.
    Once space becomes available in /oracle/<SID>/oraarc directory, systems automatically comes out of hung state & users can continue their work. You need not stop or start your database.
    Regards,
    -Pankaj Kapote

  • Hide all except one object in Active Directory Users and Computers.

    Hello,
    I have a question.. I need to allow to one group of "administrators" creating users in one OU and adding computers to the domain, nothing else. I allowed them to log on DC using the GPO "Allow log on locally", because I don't want to give
    them administrator rights, I allowed them to do these operations on one OU through delegation wizard and now I need to make all OUs, groups etc. invisible to them except this OU. What is the best way how to achieve this? Thank you...
    d.

    I would disable the ability to allow them to login. I suggest to create a Computers OU that you can delegate to the "admins" to add computers, and don't use the default Computers container.
    I assume the admins are using Windows 7 or newer. You can customize an RSAT installation to just provide the ADAC.
    Description of Remote Server Administration Tools for Windows 7:
    http://support.microsoft.com/default.aspx/kb/958830
    Remote Server Administration Tools for Windows 7:
    http://technet.microsoft.com/en-us/library/ee449475(WS.10).aspx
    Remote Server Administration Tools for Windows 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
    Customizing - Installing Remote Server Administration Tools (RSAT) for Windows 7
    http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm
    Or if you want to chop it down and control it further, create a custom ADUC with just that OU you've delegated. I've done this in the past and worked fine for my customer:
    Delegate an Organizational Unit (OU) in Active Directory Users and Computers (ADUC), then create a custom MMC or customized RSAT
    http://blogs.msmvps.com/acefekay/2014/09/04/delegate-an-organizational-unit-ou-in-active-directory-users-and-computers-aduc-then-create-a-custom-mmc-or-customized-rsat/
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • Exchange 2010 - #554 5.2.0 The Active Directory user wasn't found

    We have migrated form Exchange 2003 to Exchange 2010 a year ago with no issues. All Exchange legacy servers uninstalled with no issues. We had an issue today were emails sent to mail-enabled public folder was returning NDRs. This happened on two or three
    and then trickled down thorugh several public folders. This client has several public folders and uses them for business processes. There have been 100s of incidents now. 
    Symtoms:
    E-mail messages that been sent to mail-enabled public folder in Exchange Server 2010 environment rejected with the following NDR:
    #554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn't found. ObjectNotFoundException: The Active Directory user wasn't found. ##
    We are getting the following Event log messages on Hub transport servers.
    Log Name:      Application
    Source:        MSExchange Store Driver
    Date:          5/29/2014 2:45:53 PM
    Event ID:      1020
    Task Category: MSExchangeStoreDriver
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      xxxxxx
    Description:
    The store driver couldn't deliver the public folder replication message "Backfill Request (xxxxxxx)" because the following error occurred: The Active Directory user wasn't found..
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSExchange Store Driver" />
        <EventID Qualifiers="49156">1020</EventID>
        <Level>2</Level>
        <Task>1</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2014-05-29T18:45:53.000000000Z" />
        <EventRecordID>168407</EventRecordID>
        <Channel>Application</Channel>
        <Computer>xxxxxx</Computer>
        <Security />
      </System>
      <EventData>
        <Data>"Backfill Request (xxxxxxx)"</Data>
        <Data>The Active Directory user wasn't found.</Data>
      </EventData>
    </Event>
    Actions:
    We have executed the following steps.
    1. Start the ADSI Edit MMC Snap-in. Click Start, then Run, and type adsiedit.msc, and then click OK.
    2.       Connect & Expand the Configuration Container [YourServer.DNSDomainName.com], and then expand CN=Configuration,DC=DNSDomainName,DC=com.
    3.       Expand CN=Services, and then CN=Microsoft Exchange, and then expand CN=YourOrganizationName.
    4.       You will see an empty Administrative Group. Expand the  CN=YourAdministrativeGroupName.
    5.       Expand CN=Servers.
    6.       Verify there are no server objects listed under the  CN=Servers container.
    7.       Right click on the empty CN=Servers container and choose Delete.
    8.       Verify the modification, and try to send again the E-mail to the mail-enabled public folder.
    To no avail the issue still exists.
    We have not rebooted the servers and plan to in the early morning.
    We have dismounted/mounted public folder DBs
     Does anyone have any other suggestions?
    Danny Kennedy, MCSE, MCITP

    I have already uninstalled legacy servers a year ago.
    This was the solution:
    I moved the public folder hierarchy to exchange 2010 using ADSIEdit.
                                      If you don't know adsiedit tool that much check this
    http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c03067450-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&sp4ts.oid=1840527&ac.admitted=1401455429281.876444892.492883150
    Danny Kennedy, MCSE, MCITP

  • Unable to access server files shares with Active Directory Users

    Quick breakdown of my issue.
    I have setup a Yosemite file server running the latest version of Yosemite and Server.
    File sharing in Server.app is enabled and shares have been created
    The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
    The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
    For example: Administrator (me) I can login and access all file shares without issue.
    Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
    John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares  at all (even though I have granted him permission) He just gets an "Access Denied" message.
    I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
    We have unbound the server from AD and added in back again and still not able to resolve.
    If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
    All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
    Thanks in advance!

    I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

  • Lion: All Open Directory users obliterated

    After a rough migration from SLS, I've been running Lion Server successfully for a couple of weeks now.  However, this morning I saw that the file sharing services were down.  When I brought the server up on the monitor, the Finder was frozen solid.  I had to do a hard restart, and once it came up, all the Open Directory users are gone.  Only local users remain.  When I attempt to open the LDAP directory in Workgroup Manager it throws up a -14006 error.
    I'm going to attempt to rebuild the machine from a backup last night, but I'm wondering if anyone has any (quicker) advice.
    I'm tempted to just try and copy /var/db/openldap from the backup image over to the server, but I'm afraid it'll simply explode.  Is there a better alternative?  I don't have a current backup archive of *just* the open directory stuff...

    Restoring from a backup image "fixed" it of course, but I'm still curious how to restore the open directory database from a mirrored partition (i.e. without the use of an explicite restore from an open directory backup)

  • Archived directory getting filled regularly : causing issues to Prod system

    Hi Team,
    In my EP system , the archive directory is getting occupied regularly and hence causing space crunch.
    As of now , we are manually deleting those archived logs on a weekly basis.
    I checked the log configuratiuon and found that the severity is Error
    So , I need your valuable inputs  to resolve this issue
    Thanks in Advance
    Regards
    Sandeep

    Thanks all and apologies for late reply
    Hi Sujith ,
    I am not taking abt  ora/<sid>/saparch
    My issue is with  usr/sap/<SID>/JCOO/j2ee/cluster/server*/log/archive
    Hi Steven,
    yeah ,, whatever you  said migbe right
    If I mark Archiveoldfiles option to OFF  what happens ?
    I might be wrong (correct me)
    -->Is that just stops removing the old files from log directory to move to archive dir .
    --> If that is the case, then my log dir will  suffer with space crunch .. right ?
    Regards
    Sandy

  • Can not open Active Directory Users and Computers

    Problem Reported:
    Out of the blue this has started happening:
    When I go to "Active Directory Users and Computers" I get this message.
    "MMC cannot open the file C:\WINDOWS\system32\dsa.msc.
    This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.
    Additional information:
    This is a server that has been in use for 2+ years with active directory users that can and do login everyday.
    As far as I know the system has no backup.
    dsa.msc IS located in the system32 folder
    I am using the administrator account.
    OS:
    Microsoft Windows Server 2003 R2
    Standard x64 Edition
    Service Pack 2
    Please help with detail. Thank you.

    Have you tried to uninstall ADUC administrative tool and re-install it again? If no, please give a try. 
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

Maybe you are looking for