+ Post New Thread
Results 1 to 10 of 10
Network and Classroom Management Thread, Win7 clients dropping off domain / AD in Technical; over the past week we've had 5 machines that seem to just disappear off the domain. When we try to ...
  1. #1
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,074
    Thank Post
    151
    Thanked 100 Times in 80 Posts
    Rep Power
    33

    Win7 clients dropping off domain / AD

    over the past week we've had 5 machines that seem to just disappear off the domain.
    When we try to log on we get "there is no account in the security database to authenticate the trust with this machine" (or something similar)

    When we look in AD the computer account has gone ??

    the only way to get them working again is to re-join them to the domain...

    Any ideas why this is happening?

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    How many DCs do you have in the domain? And how many admin accounts, capable of deleting Computer Objects?

  3. #3

    Join Date
    Mar 2013
    Location
    Northampton
    Posts
    102
    Thank Post
    16
    Thanked 32 Times in 22 Posts
    Rep Power
    9
    We have something similar except the computer account is still in AD. We've not found a resolution as yet. We just add them to a workgroup and then back to the domain. We are thinking it may be related to how they were imaged/sysprepped.

  4. #4
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,074
    Thank Post
    151
    Thanked 100 Times in 80 Posts
    Rep Power
    33
    Quote Originally Posted by Michael View Post
    How many DCs do you have in the domain? And how many admin accounts, capable of deleting Computer Objects?
    3 DC's and probably half a dozen accounts that could delete machines but only 2 of us that have access to any of them

  5. #5
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,074
    Thank Post
    151
    Thanked 100 Times in 80 Posts
    Rep Power
    33
    Quote Originally Posted by madurham View Post
    We have something similar except the computer account is still in AD. We've not found a resolution as yet. We just add them to a workgroup and then back to the domain. We are thinking it may be related to how they were imaged/sysprepped.
    Yeh, our machine accounts are actually being removed from AD. so we have to join the machines to a workgroup and then re-join them to the domain..

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Quote Originally Posted by madurham View Post
    We have something similar except the computer account is still in AD. We've not found a resolution as yet. We just add them to a workgroup and then back to the domain. We are thinking it may be related to how they were imaged/sysprepped.
    This is a trust issue and can be resolved with a GPP regedit:

    Trust.png

    The key path should read:

    Code:
    SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

  7. Thanks to Michael from:

    madurham (23rd October 2013)

  8. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Quote Originally Posted by jamin100 View Post
    3 DC's and probably half a dozen accounts that could delete machines but only 2 of us that have access to any of them
    And replication's working OK? Other than an account being compromised in some form, I can't see what else it could be.

  9. #8
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,074
    Thank Post
    151
    Thanked 100 Times in 80 Posts
    Rep Power
    33
    Quote Originally Posted by Michael View Post
    And replication's working OK? Other than an account being compromised in some form, I can't see what else it could be.
    yup, replication seems fine. The accounts are removed from AD on all 3 DC's. NETLOGON is replicated fine too...

  10. #9
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,074
    Thank Post
    151
    Thanked 100 Times in 80 Posts
    Rep Power
    33
    Just an update on this. When joining machines to the domain we always use just the NETBIOS domain name so for example DOMAIN. Now we are having to join them with the FQDN which is domain.school.sch.uk... Could this be possible cause / clue?

  11. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Ever since Server 2008 this is the 'norm' with Windows Server favouring the FQDN with regards to anything. You can still add machines via NETBIOS, providing everything's setup correctly, but it wouldn't explain why 5 Computer Objects have vanished.

SHARE:
+ Post New Thread

Similar Threads

  1. Remote Desktop 7 client - either default domain or log off on disconnect
    By localzuk in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 20th November 2013, 09:50 AM
  2. Windows 7 clients dropping off the domain
    By slugshead in forum Windows 7
    Replies: 29
    Last Post: 27th March 2013, 12:20 PM
  3. randomly falling off domain
    By browolf in forum Wireless Networks
    Replies: 8
    Last Post: 23rd October 2008, 07:24 PM
  4. PC's dropping off the domain?
    By TechSupp in forum Network and Classroom Management
    Replies: 7
    Last Post: 21st February 2008, 11:46 AM
  5. PCs dropping off the network
    By SpuffMonkey in forum Windows
    Replies: 11
    Last Post: 2nd March 2006, 10:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •