IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / General Q&A Forum / Yeah, that's what I was suspecting.
Post #308,896
by Andrew Grygus
Picture of Andrew Grygus
5/19/09 12:36:31 AM
Reply
New Yeah, that's what I was suspecting.
That could still be a problem though - the lady I talk to there says her login gives her access to EVERYTHING! I suspect, though, the managed services company may not have given her access to AD. I'm sure she hasn't a clue what AD is.

I don't know why they're so reluctant to talk to the managed services folks - I suspect they get a real big bill every time they do.
Post #308,897
by Silverlock
5/19/09 7:57:53 AM
Reply
New When I used to do this...
I had to remember to remove the old computer name from the AD server >before< registering the new name. If I didn't do that, I had to redo the pc by telling it it was in a workgroup instead of AD, going in to AD users and computers and removing the old name, register the new name, and then tell the pc it was part of AD. Many reboots required for this.
Post #308,905
by Andrew Grygus
Picture of Andrew Grygus
5/19/09 10:15:12 AM
Reply
New If I knew the old name . . .
. . I suppose I could use it - or delete it.

Fortunately I found a script that is supposed to tell me all the machines that haven't been used for some time, so I suppose I could just delete all the inactive ones.
Post #308,950
by scoenye
5/20/09 12:22:28 AM
Reply
New If installed from scratch, the name change doesn't matter
Running through the whole setup procedure will produce a different machine security ID compared to the old box. AD wouldn't recognize it as the old machine if the name has been changed as well. OTOH, if some type of imaging was used, then it may be getting confused if the SID wasn't changed.

What I don't know is what will happen if there are duplicated SID's in play and you try to remove one from the domain (i.e. the duplicates may start to show problems as well.)
Post #308,978
by Andrew Grygus
Picture of Andrew Grygus
5/20/09 1:18:16 PM
Reply
New No imaging - and one of the problem machines . . .
. . was formatted and installed from scratch with a new motherboard.
Post #308,999
by scoenye
5/20/09 11:27:06 PM
Reply
New More than one? Check the DC logs + the everything user
As to the rights of the user with "everything", you can find out via the AD Users & Computers MMC snap-in if she's a domain admin (and if not, who is). If that snap-in can't be found, any LDAP browser can be used against the DC to obtain the same information, but you do have to authenticate.
     Active Directory - looking for a hint. - (Andrew Grygus) - (9) - May 18, 2009, 08:15:42 PM EDT
         I'm afraid you'll need the server logs - (scoenye) - (1) - May 18, 2009, 09:25:23 PM EDT
             Take this advice first then its a road trip. - (folkert) - May 18, 2009, 09:35:45 PM EDT
         machine name has changed - (boxley) - (6) - May 18, 2009, 11:09:35 PM EDT
             Yeah, that's what I was suspecting. - (Andrew Grygus) - (5) - May 19, 2009, 12:36:31 AM EDT
                 When I used to do this... - (Silverlock) - (1) - May 19, 2009, 07:57:53 AM EDT
                     If I knew the old name . . . - (Andrew Grygus) - May 19, 2009, 10:15:12 AM EDT
                 If installed from scratch, the name change doesn't matter - (scoenye) - (2) - May 20, 2009, 12:22:28 AM EDT
                     No imaging - and one of the problem machines . . . - (Andrew Grygus) - (1) - May 20, 2009, 01:18:16 PM EDT
                         More than one? Check the DC logs + the everything user - (scoenye) - May 20, 2009, 11:27:06 PM EDT

Good thing it smells like Kung Pao Tofu instead of like Greg's ears.
243 ms