IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / General Q&A Forum / Active Directory - looking for a hint.
Post #308,881
by Andrew Grygus
Picture of Andrew Grygus
5/18/09 8:15:42 PM
Reply
New Active Directory - looking for a hint.
I have a client with full Active Directory set up by a managed services firm. They have a pile of identical HP mini-desktop computers.

I recently had to reinstall Windows XP on one of these desktops. Problem is, when a person logs on to the domain through AD on that machine, the user's profile and desktop are not loaded down (though it is on any other machine).

Any hints where I should be looking to fix this, because getting access to their server requires a special trip to downtown LA so I want to get it fixed in one visit.
Post #308,884
by scoenye
5/18/09 9:25:23 PM
Reply
New I'm afraid you'll need the server logs
It's pretty much the only place where you may find a clue. My suggestion would be for them to remove the PC from the domain, reboot, reattach it to the domain and try again before you go downtown. If they tried to change the PC's name at the same time as adding it to the domain, then the registration has a tendency to get screwed up. It 'll show in the AD tree, but user logins on such a PC can experience weirdness.
Post #308,886
by folkert
Picture of folkert
5/18/09 9:35:45 PM
Reply
New Take this advice first then its a road trip.
Changing machine names tends to play nasty tricks with AD. Its doesn;t handle Aliases well which is what happens to the "old name" pointing to the "new name" sometimes it gets done the other way depending on multiple machine/server setup and peering setup for AD. The Old Name pointing at the New name is the way it shoudl be.


BTW, this goes back to the wonderful days of AD not being AD but just NT domains. They tried to copy the NDS way of doing aliases... or... umm something references... in any case, NDS always handled it beautifully.
Post #308,895
by boxley
5/18/09 11:09:35 PM
Reply
New machine name has changed
only way is to re-register it with the AD
I recently ran into that when I ported my xp parallels image from my mini to my macbook, wouldnt register properly without an AD admin doing his blessings.
thanx,
bill
Post #308,896
by Andrew Grygus
Picture of Andrew Grygus
5/19/09 12:36:31 AM
Reply
New Yeah, that's what I was suspecting.
That could still be a problem though - the lady I talk to there says her login gives her access to EVERYTHING! I suspect, though, the managed services company may not have given her access to AD. I'm sure she hasn't a clue what AD is.

I don't know why they're so reluctant to talk to the managed services folks - I suspect they get a real big bill every time they do.
Post #308,897
by Silverlock
5/19/09 7:57:53 AM
Reply
New When I used to do this...
I had to remember to remove the old computer name from the AD server >before< registering the new name. If I didn't do that, I had to redo the pc by telling it it was in a workgroup instead of AD, going in to AD users and computers and removing the old name, register the new name, and then tell the pc it was part of AD. Many reboots required for this.
Post #308,905
by Andrew Grygus
Picture of Andrew Grygus
5/19/09 10:15:12 AM
Reply
New If I knew the old name . . .
. . I suppose I could use it - or delete it.

Fortunately I found a script that is supposed to tell me all the machines that haven't been used for some time, so I suppose I could just delete all the inactive ones.
Post #308,950
by scoenye
5/20/09 12:22:28 AM
Reply
New If installed from scratch, the name change doesn't matter
Running through the whole setup procedure will produce a different machine security ID compared to the old box. AD wouldn't recognize it as the old machine if the name has been changed as well. OTOH, if some type of imaging was used, then it may be getting confused if the SID wasn't changed.

What I don't know is what will happen if there are duplicated SID's in play and you try to remove one from the domain (i.e. the duplicates may start to show problems as well.)
Post #308,978
by Andrew Grygus
Picture of Andrew Grygus
5/20/09 1:18:16 PM
Reply
New No imaging - and one of the problem machines . . .
. . was formatted and installed from scratch with a new motherboard.
Post #308,999
by scoenye
5/20/09 11:27:06 PM
Reply
New More than one? Check the DC logs + the everything user
As to the rights of the user with "everything", you can find out via the AD Users & Computers MMC snap-in if she's a domain admin (and if not, who is). If that snap-in can't be found, any LDAP browser can be used against the DC to obtain the same information, but you do have to authenticate.
     Active Directory - looking for a hint. - (Andrew Grygus) - (9) - May 18, 2009, 08:15:42 PM EDT
         I'm afraid you'll need the server logs - (scoenye) - (1) - May 18, 2009, 09:25:23 PM EDT
             Take this advice first then its a road trip. - (folkert) - May 18, 2009, 09:35:45 PM EDT
         machine name has changed - (boxley) - (6) - May 18, 2009, 11:09:35 PM EDT
             Yeah, that's what I was suspecting. - (Andrew Grygus) - (5) - May 19, 2009, 12:36:31 AM EDT
                 When I used to do this... - (Silverlock) - (1) - May 19, 2009, 07:57:53 AM EDT
                     If I knew the old name . . . - (Andrew Grygus) - May 19, 2009, 10:15:12 AM EDT
                 If installed from scratch, the name change doesn't matter - (scoenye) - (2) - May 20, 2009, 12:22:28 AM EDT
                     No imaging - and one of the problem machines . . . - (Andrew Grygus) - (1) - May 20, 2009, 01:18:16 PM EDT
                         More than one? Check the DC logs + the everything user - (scoenye) - May 20, 2009, 11:27:06 PM EDT

A taste of the local Surf n'Quaff.
119 ms