| Author | Messages | |
caseyb@xxxx.yyy
 | | 01/18/2006 5:46 AM |
| Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| bdesmond
Posts:346
| | 01/18/2006 6:03 AM |
| Brenda-
I see the k12 email address (I run AD for Chicago Public Schools), first
question I have to ask is do you have any lockdown software on these computers?
DeepFreeze, Fortress, or similar? This will screw with and hose up computer password
sync.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
12:42 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| Gil
Posts:69
| | 01/18/2006 6:14 AM |
| When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| caseyb@xxxx.yyy
| | 01/18/2006 7:28 AM |
| No, there is not any lockdown type of software
on these machines.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 11:02 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Brenda-
I
see the k12 email address (I run AD for Chicago Public Schools), first question
I have to ask is do you have any lockdown software on these computers?
DeepFreeze, Fortress, or similar? This will screw with and hose up computer
password sync.
Thanks,Brian
Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda
CaseySent: Wednesday, January
18, 2006 12:42 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to
do.
Has
anyone else had this experience and how have you fixed
it?
Thanks,
Brenda | | | |
| caseyb@xxxx.yyy
| | 01/18/2006 7:35 AM |
| Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| garyphold@xxxx.yyy
| | 01/18/2006 8:06 AM |
| Brenda,
FWIW: It happens to me when I clone a workstation then try to join
that workstation to the domain in order to change the computer name. AD
sees 2 machines with the same name, gives me a notification and lets the 2nd one
in. Then when the original machine with that name logs in next time, it
isn't seen on the network. Then I have to do the same thing you did - with
the original machine. Then all is well again. Don't know
if that will help, but it might narrow down the problem
some.
Gary
Gary
Polvinale
Denton
ATD
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006
2:24 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| CrawfordS
Posts:39
| | 01/18/2006 8:15 AM |
| I don™t have any suggestions for why
its happening or how to prevent it, but I do have a tip for speeding up the
rejoin process. I™ve never had a problem ignoring the reboot prompt
after you remove it from the domain. So basically, I just add it to a
workgroup, ignore the reboot prompt, add to the domain, then reboot. This
saves you a reboot which is really what makes this so time consuming. Also,
Dan Holme suggested just changing the name of the domain from its DNS name to
its NetBIOS name. For example, if the domain box shows MICROSOFT, change it to
Microsoft.com or vice-versa. This seems to trigger a domain rejoin without
having to join the workgroup.
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
11:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| nshariff
Posts:0
| | 01/18/2006 8:30 AM |
| Hi Gary,
Try looking at this article from MS regarding
'Resetting computer accounts in Windows 2000 and Windows
XP'.
http://support.microsoft.com/kb/216393/EN-US/
Also, you join the computer to the domain and then
change its name?
Do you reset the SIDs of the cloned workstation
using GhostWalker or Sysprep?
-Nav
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
GarypholdSent: Wednesday, January 18, 2006 3:04 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Brenda,
FWIW: It happens to me when I clone a workstation then try to join
that workstation to the domain in order to change the computer name. AD
sees 2 machines with the same name, gives me a notification and lets the 2nd one
in. Then when the original machine with that name logs in next time, it
isn't seen on the network. Then I have to do the same thing you did - with
the original machine. Then all is well again. Don't know
if that will help, but it might narrow down the problem
some.
Gary
Gary
Polvinale
Denton
ATD
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006
2:24 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| bdesmond
Posts:346
| | 01/18/2006 8:39 AM |
| Gary-
Are you implying you don™t sysprep your images?
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Brenda,
FWIW: It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name. AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in. Then when the original machine
with that name logs in next time, it isn't seen on the network. Then I
have to do the same thing you did - with the original machine.
Then all is well again. Don't know if that will help, but it
might narrow down the problem some.
Gary
Gary Polvinale
Denton ATD
-----Original Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD computer
accounts being removed
Yes,
their computer account in AD is actually gone.
Thanks,
Brenda
Brenda
Casey
Network Manager
Billings
Public Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?
-g
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| Gil
Posts:69
| | 01/18/2006 9:26 AM |
| You might enable auditing on the appropriate OU to find out
who is doing the deleting. You need to enable AD auditing in the Domain
Controllers group policy, and then add auditing entries on the security
descriptor of the appropriate OU, e.g CN=Computers to track creation and
deletion of Computer objects.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 12:24 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| dougf@xxxx.yyy
| | 01/18/2006 9:36 AM |
| We have seen the same thing in our
organization, and I am investigating whether our technician that does the
images for our desktop deployments has been using the wrong version of
Sysprep. I read on the MS site that there are versions of Sysprep for
different OS levels (or service packs). Just a thought.
-;)
Doug Ferguson
Windows Systems Administrator
Hynix Semiconductor Manufacturing America,
Inc.
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
9:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| adwulf
Posts:34
| | 01/18/2006 10:03 AM |
| On 1/18/06, Crawford, Scott wrote:
> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa. This
> seems to trigger a domain rejoin without having to join the workgroup.
>
> snip
On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?
I'm aware of a way of creating a computer account using the NET
command, but this has to be done from the server, and ideally, I'm
hoping there's a way of joining from the NT4/2kpro/XP workstations.
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| hcoleman
Posts:26
| | 01/18/2006 10:16 AM |
| Look at netdom.exe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 3:03 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD computer accounts being removed
On 1/18/06, Crawford, Scott wrote:
> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa.
> This seems to trigger a domain rejoin without having to join the
workgroup.
>
> snip
On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?
I'm aware of a way of creating a computer account using the NET command,
but this has to be done from the server, and ideally, I'm hoping there's
a way of joining from the NT4/2kpro/XP workstations.
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| dougf@xxxx.yyy
| | 01/18/2006 10:21 AM |
| I would use NETDOM JOIN. Type NETDOM JOIN /? To see the syntax.
-;)
Doug Ferguson
Windows Systems Administrator
Hynix Semiconductor Manufacturing America, Inc.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 2:03 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD computer accounts being removed
On 1/18/06, Crawford, Scott wrote:
> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa.
This
> seems to trigger a domain rejoin without having to join the workgroup.
>
> snip
On a side-note - is there a command line utility which will allow a
workstation to be renamed/joined to a domain?
I'm aware of a way of creating a computer account using the NET
command, but this has to be done from the server, and ideally, I'm
hoping there's a way of joining from the NT4/2kpro/XP workstations.
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| aaron_visser@xxxx.yyy
| | 01/18/2006 10:49 AM |
| Gary, Brian,
I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image. After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep?
And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brian Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Gary-
Are you implying you don™t sysprep your images?
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Brenda,
FWIW: It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name. AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in. Then when the original machine
with that name logs in next time, it isn't seen on the network. Then I
have to do the same thing you did - with the original machine.
Then all is well again. Don't know if that will help, but it
might narrow down the problem some.
Gary
Gary Polvinale
Denton ATD
-----Original Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Yes,
their computer account in AD is actually gone.
Thanks,
Brenda
Brenda
Casey
Network Manager
Billings
Public Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?
-g
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| adwulf
Posts:34
| | 01/18/2006 11:15 AM |
| On 1/18/06, Aaron Visser wrote:
snip
> I have had to actually ghost computers in order to rejoin the
> domain because I do not have any local accounts active on my computers in
> the school, makes it a little safer J but with that comes more work L
>
Surely it's not possible to delete the administrator account?
You might be able to disable it, but IIRC, you can reset the password
and unlock/re-enable to account using the infamous bootdisk at:
http://home.eunet.no/~pnordahl/ntpasswd/
Shouldn't need to re-image.
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| adwulf
Posts:34
| | 01/18/2006 11:20 AM |
| On 1/18/06, Doug Ferguson wrote:
> I would use NETDOM JOIN. Type NETDOM JOIN /? To see the syntax.
>
Thanks, I'll look in to that. Would save me lots of time talking
engineers through the process of joining a domain when they turn up to
install new PCs.
I'm also somewhat unhappy with reading out account passwords over the
phone to engineers I've never met. Netdom and psexec ought to take
care of this for me ;-)
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| garyphold@xxxx.yyy
| | 01/19/2006 1:02 AM |
| Thanks
for the link Nav.
I use
Symantec (PowerQuest) V2i Desktop (DriveImage). Haven't used Ghost
(Ghostwalker) or Sysprep. Been wanting to experiment with Sysprep but
haven't had the time. I was thinking about that this morning though.
Is there a big learning curve with Sysprep?
I use
V2i for cloning, because I'm already using that for backups of all the
workstations and all the servers. Hard drive backups instead of
tape. Without sysprep, I'm stuck being able to only clone like
machines.
I
really need to learn to use Sysprep. Too many fires burning right
now.
Gary
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Navroz ShariffSent: Wednesday, January 18, 2006
3:29 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] AD computer accounts being removed
Hi Gary,
Try looking at this article from MS regarding
'Resetting computer accounts in Windows 2000 and Windows
XP'.
http://support.microsoft.com/kb/216393/EN-US/
Also, you join the computer to the domain and then
change its name?
Do you reset the SIDs of the cloned workstation
using GhostWalker or Sysprep?
-Nav
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
GarypholdSent: Wednesday, January 18, 2006 3:04 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Brenda,
FWIW: It happens to me when I clone a workstation then try to join
that workstation to the domain in order to change the computer name. AD
sees 2 machines with the same name, gives me a notification and lets the 2nd one
in. Then when the original machine with that name logs in next time, it
isn't seen on the network. Then I have to do the same thing you did - with
the original machine. Then all is well again. Don't know
if that will help, but it might narrow down the problem
some.
Gary
Gary
Polvinale
Denton
ATD
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda CaseySent: Wednesday, January 18, 2006
2:24 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] AD computer accounts being removed
Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a domain account). To remedy this, the computer has
to be disjoined from the domain, join a workgroup, then join the domain
again. As I am sure you all are aware, this is not only time consuming,
but very inappropriate to have to do.
Has anyone else had this experience
and how have you fixed it?
Thanks,
Brenda | | | |
| bdesmond
Posts:346
| | 01/19/2006 1:05 AM |
| Sysprep also removes other information which identifies the computer. For
example, I once had the pleasure of repairing a network where they had used
NewSID to do this and also had bound NetBEUI to every NIC in the LAN. I had 500
computers all claiming the same NetBEUI name. Sysprep takes care of things like
this. Highly recommended over any other tool.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
7:27 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.
Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem
Duplicate SIDs aren't an issue in a
Domain-based environment since domain accounts have SID's based on the Domain
SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not
Disk Duplicate Installed Versions of Windows NT", in a Workgroup
environment security is based on local account SIDs. Thus, if two computers
have users with the same SID, the Workgroup will not be able to distinguish
between the users. All resources, including files and Registry keys, that one
user has access to, the other will as well.
Aaron
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brian
Desmond
Sent: Wednesday, January 18, 2006
3:50 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
NO NO NO NO NO BAD BAD BAD
You have to use sysprep. You™re getting duplicate SIDs here “
bad.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Aaron Visser
Sent: Wednesday, January 18, 2006
5:44 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Gary, Brian,
I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image. After I have imaged a computer I log on
and change the Computer Name reboot and then join the domain with the new
computer name, should I be using Sysprep?
And Brenda I have experienced your problem
but I have never noticed the accounts actually being out of AD, anyways most
times for me a simple reboot works although I have had to actually ghost
computers in order to rejoin the domain because I do not have any local
accounts active on my computers in the school, makes it a little safer J but with that comes more
work L
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brian
Desmond
Sent: Wednesday, January 18, 2006
12:38 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Gary-
Are you implying you don™t sysprep your images?
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD
computer accounts being removed
Brenda,
FWIW: It happens to me when I clone
a workstation then try to join that workstation to the domain in order to
change the computer name. AD sees 2 machines with the same name, gives me
a notification and lets the 2nd one in. Then when the original machine
with that name logs in next time, it isn't seen on the network. Then I
have to do the same thing you did - with the original machine.
Then all is well again. Don't know if that will help, but it
might narrow down the problem some.
Gary
Gary Polvinale
Denton ATD
-----Original Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
2:24 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD computer
accounts being removed
Yes,
their computer account in AD is actually gone.
Thanks,
Brenda
Brenda
Casey
Network Manager
Billings
Public Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose their
account", do you mean the computer object in AD disappears? Or something
else?
-g
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brenda Casey
Sent: Wednesday, January 18, 2006
10:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] AD computer
accounts being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a workgroup,
then join the domain again. As I am sure you all are aware, this is not
only time consuming, but very inappropriate to have to do.
Has
anyone else had this experience and how have you fixed it?
Thanks,
Brenda | | | |
| garyphold@xxxx.yyy
| | 01/19/2006 1:07 AM |
| Not
implying - I don't. I've been unable to find time to experiment.
Yeah, I know - if I used that, I'd have much more time. Can Sysprep be
much trouble to learn to use? I guess I have writer's block when it comes
to that. Irrational fear of Sysprep.
Gary
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brian DesmondSent: Wednesday, January 18, 2006
3:38 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] AD computer accounts being removed
Gary-
Are
you implying you don™t sysprep your images?
Thanks,Brian
Desmond
brian@xxxxxxxxxxxxxxxx
c -
312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of GarypholdSent: Wednesday, January 18, 2006 3:04
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Brenda,
FWIW: It happens
to me when I clone a workstation then try to join that workstation to the domain
in order to change the computer name. AD sees 2 machines with the same
name, gives me a notification and lets the 2nd one in. Then when the
original machine with that name logs in next time, it isn't seen on the
network. Then I have to do the same thing you did - with the original
machine. Then all is well again. Don't know if that will
help, but it might narrow down the problem
some.
Gary
Gary
Polvinale
Denton
ATD
-----Original
Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda
CaseySent: Wednesday, January
18, 2006 2:24 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
Yes,
their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda
CaseyNetwork
Manager
Billings
Public Schools
caseyb@xxxxxxxxxxxxxxxxxx
406-247-3792
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Gil
KirkpatrickSent: Wednesday,
January 18, 2006 11:14 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD computer
accounts being removed
When you say "lose
their account", do you mean the computer object in AD disappears? Or something
else?
-g
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Brenda
CaseySent: Wednesday, January
18, 2006 10:42 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] AD computer accounts
being removed
Occasionally
computers will lose their account in Active Directory for no apparent
reason. Sometimes it is a computer that has just joined the domain, while
other times the machine has been a member of the domain for 2 years. The
computer can only be logged on by a local account (not a domain account).
To remedy this, the computer has to be disjoined from the domain, join a
workgroup, then join the domain again. As I am sure you all are aware,
this is not only time consuming, but very inappropriate to have to
do.
Has
anyone else had this experience and how have you fixed
it?
Thanks,
Brenda | | | |
|
|