LinkBack URL
About LinkBacksHi guys,
Have just had to re-instate a PC onto one of our domains since it appears to have lost it's account.
It's fine now but I was wondering if anyone could tell me how this happens?
Thanks,
Akira.
Hi guys,
Have just had to re-instate a PC onto one of our domains since it appears to have lost it's account.
It's fine now but I was wondering if anyone could tell me how this happens?
Thanks,
Akira.
Lost its account?, what did the AD say about the machine?. Was it still listed or not?.
I've never had a machine leave the domain unless someone has specifically removed it, so wouldn't imagine why that would happen without user intervention.
TiG
I'm only a technician and I'm not really supposed to quiz the networks folks
Hence, my posting here
When a member of staff tried to log onto the staff domain, the message they got was - domain not available, along with some other stuff about account not being valid etc.
I was just wondering how this kind of thing happens? It had been re-imaged recently and was fine for 6 weeks but then all of a sudden this happens and we get a
Thanks TiG.
Afraid I can't help with the cause, but I have seen it happen before.
system AD accounts are connected to the PCs MAC address. Check that there isn't a problem with the cable or card.
*Ahem* Not strictly speaking true; I've swapped NICs in domain connected machines frequently without any issues (that's how I hooked up 4 XP MCE 2005 machines to our domain...).
As far as the problem goes, hate to ask, but does the user have local admin privs? If so, I suspect PEBKAC...
Could it have been a DNS issue? I'm not an AD expert by any stretch of the imagination but my understanding is that the DNS is queried to return the nearest AD domain controller and then that DC is used for authentication. If the initial query to DNS fails to return a DC (for any reason) then the computer and user will not be able to authenticate with the domain you are trying to log on to.
you have removed the system from the domain, changed a NIC and then re connected the system to the domain with the same system name and not had any problems?
No, but I've changed NIC in loads of machines without having to re-join the machine to the domain. Why would I bother removing the machine from the domain before changing the NIC?Originally Posted by jay_oasis
Also I frequently use docking stations in our other offices with my laptop (different docking station = different MAC address) and I don't have any problems logging into the domain from wherever I happen to be.
Exactly; although the docking stations that we use for the Latitudes actually do ethernet passthrough, so their mac address remains the same wherever they are. Desktops, I've swapped loads of NICs and it's never been a problem, although I've never removed them from the domain first. Why would I? Indeed, the XP MCE boxen that I've joined to our domain rather depend on NOT being removed.
Lol, it was a general staff user that was trying to logon. I tried a number of accounts but none would authenticate.
Thanks for all of the responses guys - interesting stuff :-)
The computer account SID isn't connected to the MAC address.
It sounds like its not picking up DHCP correctly.
If you have changed the NIC and operate a reserved DHCP system , this would probably shine some light on things.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Thanks for that Moby - the PC didn't have the NIC replaced but it was allocated a new IP address. And you're right - at the moment we do have a reserved DHCP system which seems to kinda negate the 'D' in DHCP.
Last edited by Akira; 18-06-2007 at 02:06 PM.
Ive seen this on several occasions... computer accounts "vanish" from the domain, and end up having to remove and re-add the affected computer.... i rekon its down to AD replication, check the server thats hosting the Infrastructure master role... maybe change it to a different server if youve got a couple of DCs (you should have lol)
one reason it was being caused in my infrastructure is that for some bizzare reason windoze firewall had enabled itself on a DC and was blocking certain LDAP requests.. which meant the replication went pearshaped and stuff just vanished from AD..
I did think that it might also be something to do with the windows SID, but im told a unique domain-SID is generated when the computer is joined.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote